Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-38301 (GCVE-0-2025-38301)
Vulnerability from cvelistv5 – Published: 2025-07-10 07:42 – Updated: 2025-07-28 04:18
VLAI?
EPSS
Title
nvmem: zynqmp_nvmem: unbreak driver after cleanup
Summary
In the Linux kernel, the following vulnerability has been resolved:
nvmem: zynqmp_nvmem: unbreak driver after cleanup
Commit 29be47fcd6a0 ("nvmem: zynqmp_nvmem: zynqmp_nvmem_probe cleanup")
changed the driver to expect the device pointer to be passed as the
"context", but in nvmem the context parameter comes from nvmem_config.priv
which is never set - Leading to null pointer exceptions when the device is
accessed.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
29be47fcd6a06ea2e79eeeca6e69ad1e23254a69 , < c8bb1bcea877446f86922a8fd1661b8c07d90e5c
(git)
Affected: 29be47fcd6a06ea2e79eeeca6e69ad1e23254a69 , < 3728101f56ef54425a11027a3ddc2c3941d60b71 (git) Affected: 29be47fcd6a06ea2e79eeeca6e69ad1e23254a69 , < fe8abdd175d7b547ae1a612757e7902bcd62e9cf (git) |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/nvmem/zynqmp_nvmem.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c8bb1bcea877446f86922a8fd1661b8c07d90e5c",
"status": "affected",
"version": "29be47fcd6a06ea2e79eeeca6e69ad1e23254a69",
"versionType": "git"
},
{
"lessThan": "3728101f56ef54425a11027a3ddc2c3941d60b71",
"status": "affected",
"version": "29be47fcd6a06ea2e79eeeca6e69ad1e23254a69",
"versionType": "git"
},
{
"lessThan": "fe8abdd175d7b547ae1a612757e7902bcd62e9cf",
"status": "affected",
"version": "29be47fcd6a06ea2e79eeeca6e69ad1e23254a69",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/nvmem/zynqmp_nvmem.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.9"
},
{
"lessThan": "6.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.15.*",
"status": "unaffected",
"version": "6.15.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.16",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.34",
"versionStartIncluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.15.3",
"versionStartIncluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.16",
"versionStartIncluding": "6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmem: zynqmp_nvmem: unbreak driver after cleanup\n\nCommit 29be47fcd6a0 (\"nvmem: zynqmp_nvmem: zynqmp_nvmem_probe cleanup\")\nchanged the driver to expect the device pointer to be passed as the\n\"context\", but in nvmem the context parameter comes from nvmem_config.priv\nwhich is never set - Leading to null pointer exceptions when the device is\naccessed."
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T04:18:00.922Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c8bb1bcea877446f86922a8fd1661b8c07d90e5c"
},
{
"url": "https://git.kernel.org/stable/c/3728101f56ef54425a11027a3ddc2c3941d60b71"
},
{
"url": "https://git.kernel.org/stable/c/fe8abdd175d7b547ae1a612757e7902bcd62e9cf"
}
],
"title": "nvmem: zynqmp_nvmem: unbreak driver after cleanup",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-38301",
"datePublished": "2025-07-10T07:42:13.455Z",
"dateReserved": "2025-04-16T04:51:24.002Z",
"dateUpdated": "2025-07-28T04:18:00.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-38301\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-07-10T08:15:28.860\",\"lastModified\":\"2025-11-19T20:13:48.250\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnvmem: zynqmp_nvmem: unbreak driver after cleanup\\n\\nCommit 29be47fcd6a0 (\\\"nvmem: zynqmp_nvmem: zynqmp_nvmem_probe cleanup\\\")\\nchanged the driver to expect the device pointer to be passed as the\\n\\\"context\\\", but in nvmem the context parameter comes from nvmem_config.priv\\nwhich is never set - Leading to null pointer exceptions when the device is\\naccessed.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nvmem: zynqmp_nvmem: unbreak driver after cleanup El commit 29be47fcd6a0 (\\\"nvmem: zynqmp_nvmem: zynqmp_nvmem_probe cleanup\\\") cambi\u00f3 el controlador para esperar que el puntero del dispositivo se pase como \\\"contexto\\\", pero en nvmem el par\u00e1metro de contexto proviene de nvmem_config.priv que nunca se establece, lo que genera excepciones de puntero nulo cuando se accede al dispositivo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.9\",\"versionEndExcluding\":\"6.12.34\",\"matchCriteriaId\":\"A373E395-B1B2-445B-8784-2A89BF879AD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.13\",\"versionEndExcluding\":\"6.15.3\",\"matchCriteriaId\":\"0541C761-BD5E-4C1A-8432-83B375D7EB92\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/3728101f56ef54425a11027a3ddc2c3941d60b71\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/c8bb1bcea877446f86922a8fd1661b8c07d90e5c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/fe8abdd175d7b547ae1a612757e7902bcd62e9cf\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
}
}
SUSE-SU-2025:21074-1
Vulnerability from csaf_suse - Published: 2025-11-25 07:34 - Updated: 2025-11-25 07:34Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise Server 16.0 and SUSE Linux Micro 6.2 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863).
- CVE-2024-57891: sched_ext: Fix invalid irq restore in scx_ops_bypass() (bsc#1235953).
- CVE-2024-57951: hrtimers: Handle CPU state correctly on hotplug (bsc#1237108).
- CVE-2024-57952: Revert "libfs: fix infinite directory reads for offset dir" (bsc#1237131).
- CVE-2024-58090: sched/core: Prevent rescheduling when interrupts are disabled (bsc#1240324).
- CVE-2025-22034: mm/rmap: avoid -EBUSY from make_device_exclusive() (bsc#1241435).
- CVE-2025-22077: Revert "smb: client: fix TCP timers deadlock after rmmod" (bsc#1241403).
- CVE-2025-23141: KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses (bsc#1242782).
- CVE-2025-37821: sched/eevdf: Fix se->slice being set to U64_MAX and resulting (bsc#1242864).
- CVE-2025-37849: KVM: arm64: Tear down vGIC on failed vCPU creation (bsc#1243000).
- CVE-2025-37856: btrfs: harden block_group::bg_list against list_del() races (bsc#1243068).
- CVE-2025-37861: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue (bsc#1243055).
- CVE-2025-37864: net: dsa: clean up FDB, MDB, VLAN entries on unbind (bsc#1242965).
- CVE-2025-38006: net: mctp: Do not access ifa_index when missing (bsc#1244930).
- CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939).
- CVE-2025-38019: mlxsw: spectrum_router: Fix use-after-free when deleting GRE net devices (bsc#1245000).
- CVE-2025-38034: btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref (bsc#1244792).
- CVE-2025-38038: cpufreq: amd-pstate: Remove unnecessary driver_lock in set_boost (bsc#1244812).
- CVE-2025-38058: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock (bsc#1245151).
- CVE-2025-38062: kABI: restore layout of struct msi_desc (bsc#1245216).
- CVE-2025-38075: scsi: target: iscsi: Fix timeout on deleted connection (bsc#1244734).
- CVE-2025-38101: ring-buffer: Fix buffer locking in ring_buffer_subbuf_order_set() (bsc#1245659).
- CVE-2025-38103: HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() (bsc#1245663).
- CVE-2025-38106: io_uring/sqpoll: do not put task_struct on tctx setup failure (bsc#1245664).
- CVE-2025-38117: hci_dev centralize extra lock (bsc#1245695).
- CVE-2025-38119: scsi: core: ufs: Fix a hang in the error handler (bsc#1245700).
- CVE-2025-38125: net: stmmac: make sure that ptp_rate is not 0 before configuring EST (bsc#1245710).
- CVE-2025-38146: net: openvswitch: Fix the dead loop of MPLS parse (bsc#1245767).
- CVE-2025-38160: clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() (bsc#1245780).
- CVE-2025-38168: perf: arm-ni: Unregister PMUs on probe failure (bsc#1245763).
- CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970).
- CVE-2025-38182: ublk: santizize the arguments from userspace when adding a device (bsc#1245937).
- CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956).
- CVE-2025-38185: atm: atmtcp: Free invalid length skb in atmtcp_c_send() (bsc#1246012).
- CVE-2025-38190: atm: Revert atm_account_tx() if copy_from_iter_full() fails (bsc#1245973).
- CVE-2025-38201: netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX (bsc#1245977).
- CVE-2025-38205: drm/amd/display: Avoid divide by zero by initializing dummy pitch to 1 (bsc#1246005).
- CVE-2025-38208: smb: client: add NULL check in automount_fullpath (bsc#1245815).
- CVE-2025-38216: iommu/vt-d: Restore context entry setup order for aliased devices (bsc#1245963).
- CVE-2025-38220: ext4: only dirty folios when data journaling regular files (bsc#1245966).
- CVE-2025-38222: ext4: inline: fix len overflow in ext4_prepare_inline_data (bsc#1245976).
- CVE-2025-38242: mm: userfaultfd: fix race of userfaultfd_move and swap cache (bsc#1246176).
- CVE-2025-38244: smb: client: fix potential deadlock when reconnecting channels (bsc#1246183).
- CVE-2025-38245: atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister() (bsc#1246193).
- CVE-2025-38251: atm: clip: prevent NULL deref in clip_push() (bsc#1246181).
- CVE-2025-38256: io_uring/rsrc: fix folio unpinning (bsc#1246188).
- CVE-2025-38258: mm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter->memcg_path on write (bsc#1246185).
- CVE-2025-38263: bcache: fix NULL pointer in cache_set_flush() (bsc#1246248).
- CVE-2025-38267: ring-buffer: Do not trigger WARN_ON() due to a commit_overrun (bsc#1246245).
- CVE-2025-38270: net: drv: netdevsim: do not napi_complete() from netpoll (bsc#1246252).
- CVE-2025-38272: net: dsa: b53: do not enable EEE on bcm63xx (bsc#1246268).
- CVE-2025-38301: nvmem: zynqmp_nvmem: unbreak driver after cleanup (bsc#1246351).
- CVE-2025-38306: fs/fhandle.c: fix a race in call of has_locked_children() (bsc#1246366).
- CVE-2025-38311: iavf: get rid of the crit lock (bsc#1246376).
- CVE-2025-38318: perf: arm-ni: Fix missing platform_set_drvdata() (bsc#1246444).
- CVE-2025-38322: perf/x86/intel: Fix crash in icl_update_topdown_event() (bsc#1246447).
- CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473).
- CVE-2025-38337: jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() (bsc#1246253).
- CVE-2025-38341: eth: fbnic: avoid double free when failing to DMA-map FW msg (bsc#1246260).
- CVE-2025-38349: eventpoll: do not decrement ep refcount while still holding the ep mutex (bsc#1246777).
- CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781).
- CVE-2025-38351: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush (bsc#1246782).
- CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911).
- CVE-2025-38359: s390/mm: Fix in_atomic() handling in do_secure_storage_access() (bsc#1247076).
- CVE-2025-38360: drm/amd/display: Add more checks for DSC / HUBP ONO guarantees (bsc#1247078).
- CVE-2025-38365: btrfs: fix a race between renames and directory logging (bsc#1247023).
- CVE-2025-38374: optee: ffa: fix sleep in atomic context (bsc#1247024).
- CVE-2025-38382: btrfs: fix iteration of extrefs during log replay (bsc#1247031).
- CVE-2025-38383: mm/vmalloc: fix data race in show_numa_info() (bsc#1247250).
- CVE-2025-38392: idpf: convert control queue mutex to a spinlock (bsc#1247169).
- CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (bsc#1247156).
- CVE-2025-38399: scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() (bsc#1247097).
- CVE-2025-38402: idpf: return 0 size for RSS key if not supported (bsc#1247262).
- CVE-2025-38408: genirq/irq_sim: Initialize work context pointers properly (bsc#1247126).
- CVE-2025-38418: remoteproc: core: Release rproc->clean_table after rproc_attach() fails (bsc#1247137).
- CVE-2025-38419: remoteproc: core: Cleanup acquired resources when
rproc_handle_resources() fails in rproc_attach() (bsc#1247136).
- CVE-2025-38426: drm/amdgpu: Add basic validation for RAS header (bsc#1247252).
- CVE-2025-38439: bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT (bsc#1247155).
- CVE-2025-38440: net/mlx5e: Fix race between DIM disable and net_dim() (bsc#1247290).
- CVE-2025-38441: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() (bsc#1247167).
- CVE-2025-38444: raid10: cleanup memleak at raid10_make_request (bsc#1247162).
- CVE-2025-38445: md/raid1: Fix stack memory use after return in raid1_reshape (bsc#1247229).
- CVE-2025-38451: md/md-bitmap: fix GPF in bitmap_get_stats() (bsc#1247102).
- CVE-2025-38453: kABI: io_uring: msg_ring ensure io_kiocb freeing is deferred (bsc#1247234).
- CVE-2025-38456: ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() (bsc#1247099).
- CVE-2025-38457: net/sched: Abort __tc_modify_qdisc if parent class does not exist (bsc#1247098).
- CVE-2025-38458: atm: clip: Fix NULL pointer dereference in vcc_sendmsg() (bsc#1247116).
- CVE-2025-38459: atm: clip: Fix infinite recursive call of clip_push() (bsc#1247119).
- CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143).
- CVE-2025-38463: tcp: Correct signedness in skb remaining space calculation (bsc#1247113).
- CVE-2025-38464: tipc: Fix use-after-free in tipc_conn_close() (bsc#1247112).
- CVE-2025-38470: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime (bsc#1247288).
- CVE-2025-38472: netfilter: nf_conntrack: fix crash due to removal of uninitialised entry (bsc#1247313).
- CVE-2025-38475: smc: Fix various oops due to inet_sock type confusion (bsc#1247308).
- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239).
- CVE-2025-38490: net: libwx: remove duplicate page_pool_put_full_page() (bsc#1247243).
- CVE-2025-38491: mptcp: make fallback action and fallback decision atomic (bsc#1247280).
- CVE-2025-38493: tracing/osnoise: Fix crash in timerlat_dump_stack() (bsc#1247283).
- CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347).
- CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976).
- CVE-2025-38500: xfrm: interface: fix use-after-free after changing collect_md xfrm interface (bsc#1248088).
- CVE-2025-38508: x86/sev: Use TSC_FACTOR for Secure TSC frequency calculation (bsc#1248190).
- CVE-2025-38514: rxrpc: Fix oops due to non-existence of prealloc backlog struct (bsc#1248202).
- CVE-2025-38524: rxrpc: Fix recv-recv race of completed call (bsc#1248194).
- CVE-2025-38526: ice: add NULL check in eswitch lag check (bsc#1248192).
- CVE-2025-38527: smb: client: fix use-after-free in cifs_oplock_break (bsc#1248199).
- CVE-2025-38533: net: libwx: fix the using of Rx buffer DMA (bsc#1248200).
- CVE-2025-38539: tracing: Add down_write(trace_event_sem) when adding trace event (bsc#1248211).
- CVE-2025-38544: rxrpc: Fix bug due to prealloc collision (bsc#1248225).
- CVE-2025-38545: net: ethernet: ti: am65-cpsw-nuss: Fix skb size by accounting for skb_shared_info (bsc#1248224).
- CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223).
- CVE-2025-38549: efivarfs: Fix memory leak of efivarfs_fs_info in fs_context error paths (bsc#1248235).
- CVE-2025-38554: mm: fix a UAF when vma->mm is freed after vma->vm_refcnt got dropped (bsc#1248299).
- CVE-2025-38556: HID: core: Harden s32ton() against conversion to 0 bits (bsc#1248296).
- CVE-2025-38560: x86/sev: Evict cache lines during SNP memory validation (bsc#1248312).
- CVE-2025-38566: sunrpc: fix handling of server side tls alerts (bsc#1248374).
- CVE-2025-38571: sunrpc: fix client side handling of tls alerts (bsc#1248401).
- CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248399).
- CVE-2025-38574: pptp: ensure minimal skb length in pptp_xmit() (bsc#1248365).
- CVE-2025-38584: padata: Fix pd UAF once and for all (bsc1248343).
- CVE-2025-38588: ipv6: prevent infinite loop in rt6_nlmsg_size() (bsc#1248368).
- CVE-2025-38593: kABI workaround for bluetooth discovery_state change (bsc#1248357).
- CVE-2025-38597: drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port (bsc#1248378).
- CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338).
- CVE-2025-38614: eventpoll: Fix semi-unbounded recursion (bsc#1248392).
- CVE-2025-38616: tls: handle data disappearing from under the TLS ULP (bsc#1248512).
- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511).
- CVE-2025-38622: net: drop UFO packets in udp_rcv_segment() (bsc#1248619).
- CVE-2025-38623: PCI: pnv_php: Fix surprise plug detection and recovery (bsc#1248610).
- CVE-2025-38628: vdpa/mlx5: Fix release of uninitialized resources on error path (bsc#1248616).
- CVE-2025-38639: netfilter: xt_nfacct: do not assume acct name is null-terminated (bsc#1248674).
- CVE-2025-38640: bpf: Disable migration in nf_hook_run_bpf() (bsc#1248622).
- CVE-2025-38643: wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() (bsc#1248681).
- CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248748).
- CVE-2025-38659: gfs2: No more self recovery (bsc#1248639).
- CVE-2025-38660: [ceph] parse_longname(): strrchr() expects NUL-terminated string (bsc#1248634).
- CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628).
- CVE-2025-38676: iommu/amd: Avoid stack buffer overflow from kernel cmdline (bsc#1248775).
- CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249126).
- CVE-2025-38684: net/sched: ets: use old 'nbands' while purging unused classes (bsc#1249156).
- CVE-2025-38686: userfaultfd: fix a crash in UFFDIO_MOVE when PMD is a migration entry (bsc#1249160).
- CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (bsc#1249182).
- CVE-2025-38701: ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr (bsc#1249258).
- CVE-2025-38709: loop: Avoid updating block size under exclusive owner (bsc#1249199).
- CVE-2025-38710: gfs2: Validate i_depth for exhash directories (bsc#1249201).
- CVE-2025-38730: io_uring/net: commit partial buffers on retry (bsc#1249172).
- CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324).
- CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320).
- CVE-2025-39677: net/sched: Fix backlog accounting in qdisc_dequeue_internal (bsc#1249300).
- CVE-2025-39681: x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper (bsc#1249303).
- CVE-2025-39682: tls: fix handling of zero-length records on the rx_list (bsc#1249284).
- CVE-2025-39683: tracing: Limit access to parser->buffer when trace_get_user failed (bsc#1249286).
- CVE-2025-39691: fs/buffer: fix use-after-free when call bh_read() helper (bsc#1249374).
- CVE-2025-39698: io_uring/futex: ensure io_futex_wait() cleans up properly on failure (bsc#1249322).
- CVE-2025-39703: net, hsr: reject HSR frame if skb can't hold tag (bsc#1249315).
- CVE-2025-39723: kABI: netfs: handle new netfs_io_stream flag (bsc#1249314).
- CVE-2025-39744: rcu: Fix rcu_read_unlock() deadloop due to IRQ work (bsc#1249494).
- CVE-2025-39749: rcu: Protect ->defer_qs_iw_pending from data race (bsc#1249533).
- CVE-2025-39754: mm/smaps: fix race between smaps_hugetlb_range and migration (bsc#1249524).
- CVE-2025-39766: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit (bsc#1249510).
- CVE-2025-39770: net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM (bsc#1249508).
- CVE-2025-39773: net: bridge: fix soft lockup in br_multicast_query_expired() (bsc#1249504).
- CVE-2025-39775: mm/mremap: fix WARN with uffd that has remap events disabled (bsc#1249500).
- CVE-2025-39782: jbd2: prevent softlockup in jbd2_log_do_checkpoint() (bsc#1249526).
- CVE-2025-39791: dm: dm-crypt: Do not partially accept write BIOs with zoned targets (bsc#1249550).
- CVE-2025-39792: dm: Always split write BIOs to zoned device limits (bsc#1249618).
- CVE-2025-39797: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI (bsc#1249608).
- CVE-2025-39813: ftrace: Also allocate and copy hash for reading of filter files (bsc#1250032).
- CVE-2025-39816: io_uring/kbuf: always use READ_ONCE() to read ring provided buffer lengths (bsc#1249906).
- CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002).
- CVE-2025-39825: smb: client: fix race with concurrent opens in rename(2) (bsc#1250179).
- CVE-2025-39828: kABI workaround for struct atmdev_ops extension (bsc#1250205).
- CVE-2025-39830: net/mlx5: HWS, Fix memory leak in hws_pool_buddy_init error path (bsc#1249974).
- CVE-2025-39838: cifs: prevent NULL pointer dereference in UTF16 conversion (bsc#1250365).
- CVE-2025-39842: ocfs2: prevent release journal inode after journal shutdown (bsc#1250267).
- CVE-2025-39847: ppp: fix memory leak in pad_compress_skb (bsc#1250292).
- CVE-2025-39850: vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects (bsc#1250276).
- CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296).
- CVE-2025-39852: net/tcp: Fix socket memory leak in TCP-AO failure handling for IPv6 (bsc#1250258).
- CVE-2025-39853: i40e: Fix potential invalid access when MAC list is empty (bsc#1250275).
- CVE-2025-39854: ice: fix NULL access of tx->in_use in ice_ll_ts_intr (bsc#1250297).
- CVE-2025-39857: net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync() (bsc#1250251).
- CVE-2025-39865: tee: fix NULL pointer dereference in tee_shm_put (bsc#1250294).
- CVE-2025-39875: igb: Fix NULL pointer dereference in ethtool loopback test (bsc#1250398).
- CVE-2025-39885: ocfs2: fix recursive semaphore deadlock in fiemap call (bsc#1250407).
- CVE-2025-39898: e1000e: fix heap overflow in e1000_set_eeprom (bsc#1250742).
- CVE-2025-39900: net_sched: gen_estimator: fix est_timer() vs CONFIG_PREEMPT_RT=y (bsc#1250758).
- CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702).
- CVE-2025-39922: ixgbe: fix incorrect map used in eee linkmode (bsc#1250722).
- CVE-2025-39926: genetlink: fix genl_bind() invoking bind() after -EPERM (bsc#1250737).
- CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230).
- CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114).
- CVE-2025-40300: x86/vmscape: Warn when STIBP is disabled with SMT (bsc#1247483).
- CVE-2026-38264: nvme-tcp: sanitize request list handling (bsc#1246387).
The following non-security bugs were fixed:
- ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids() (git-fixes).
- ACPI/processor_idle: Add FFH state handling (jsc#PED-13815).
- ACPI/processor_idle: Export acpi_processor_ffh_play_dead() (jsc#PED-13815).
- ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path (stable-fixes).
- ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered (stable-fixes).
- ACPI: EC: Add device to acpi_ec_no_wakeup[] qurik list (stable-fixes).
- ACPI: LPSS: Remove AudioDSP related ID (git-fixes).
- ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message (git-fixes).
- ACPI: RISC-V: Fix FFH_CPPC_CSR error handling (git-fixes).
- ACPI: Return -ENODEV from acpi_parse_spcr() when SPCR support is disabled (stable-fixes).
- ACPI: Suppress misleading SPCR console message when SPCR table is absent (stable-fixes).
- ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT (git-fixes).
- ACPI: battery: Add synchronization between interface updates (git-fixes).
- ACPI: debug: fix signedness issues in read/write helpers (git-fixes).
- ACPI: pfr_update: Fix the driver update version check (git-fixes).
- ACPI: processor: Rescan "dead" SMT siblings during initialization (jsc#PED-13815).
- ACPI: processor: fix acpi_object initialization (stable-fixes).
- ACPI: processor: idle: Fix memory leak when register cpuidle device failed (git-fixes).
- ACPI: processor: perflib: Fix initial _PPC limit application (git-fixes).
- ACPI: processor: perflib: Move problematic pr->performance check (git-fixes).
- ACPI: property: Fix buffer properties extraction for subnodes (git-fixes).
- ACPICA: Fix largest possible resource descriptor index (git-fixes).
- ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported (stable-fixes).
- ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (stable-fixes).
- ALSA: hda/ca0132: Fix missing error handling in ca0132_alt_select_out() (git-fixes).
- ALSA: hda/cs35l56: Workaround bad dev-index on Lenovo Yoga Book 9i GenX (stable-fixes).
- ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model (stable-fixes).
- ALSA: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx (stable-fixes).
- ALSA: hda/realtek - Add mute LED support for HP Victus 15-fa0xxx (stable-fixes).
- ALSA: hda/realtek - Fix mute LED for HP Victus 16-d1xxx (MB 8A26) (stable-fixes).
- ALSA: hda/realtek - Fix mute LED for HP Victus 16-r0xxx (stable-fixes).
- ALSA: hda/realtek - Fix mute LED for HP Victus 16-r1xxx (stable-fixes).
- ALSA: hda/realtek - Fix mute LED for HP Victus 16-s0xxx (stable-fixes).
- ALSA: hda/realtek: Add ALC295 Dell TAS2781 I2C fixup (git-fixes).
- ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks (stable-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG Strix G712LWS (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS NUC using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6 (stable-fixes).
- ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again (git-fixes).
- ALSA: hda/realtek: Fix headset mic for TongFang X6[AF]R5xxY (stable-fixes).
- ALSA: hda/realtek: Fix headset mic on ASUS Zenbook 14 (git-fixes).
- ALSA: hda/realtek: Fix headset mic on HONOR BRB-X (stable-fixes).
- ALSA: hda/realtek: Fix mute LED mask on HP OMEN 16 laptop (git-fixes).
- ALSA: hda/realtek: Fix mute led for HP Laptop 15-dw4xx (stable-fixes).
- ALSA: hda/realtek: add LG gram 16Z90R-A to alc269 fixup table (stable-fixes).
- ALSA: hda: Disable jack polling at shutdown (stable-fixes).
- ALSA: hda: Handle the jack polling always via a work (stable-fixes).
- ALSA: hda: intel-dsp-config: Prevent SEGFAULT if ACPI_HANDLE() is NULL (git-fixes).
- ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 (stable-fixes).
- ALSA: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe() (git-fixes).
- ALSA: lx_core: use int type to store negative error codes (git-fixes).
- ALSA: pcm: Disable bottom softirqs as part of spin_lock_irq() on PREEMPT_RT (git-fixes).
- ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop (stable-fixes).
- ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() (git-fixes).
- ALSA: timer: fix ida_free call while not allocated (git-fixes).
- ALSA: usb-audio: Add DSD support for Comtrue USB Audio device (stable-fixes).
- ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 (stable-fixes).
- ALSA: usb-audio: Add mute TLV for playback volumes on more devices (stable-fixes).
- ALSA: usb-audio: Add mute TLV for playback volumes on some devices (stable-fixes).
- ALSA: usb-audio: Allow Focusrite devices to use low samplerates (git-fixes).
- ALSA: usb-audio: Avoid multiple assignments in mixer_quirks (stable-fixes).
- ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros (stable-fixes).
- ALSA: usb-audio: Convert comma to semicolon (git-fixes).
- ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks (stable-fixes).
- ALSA: usb-audio: Fix block comments in mixer_quirks (stable-fixes).
- ALSA: usb-audio: Fix build with CONFIG_INPUT=n (git-fixes).
- ALSA: usb-audio: Fix code alignment in mixer_quirks (stable-fixes).
- ALSA: usb-audio: Fix size validation in convert_chmap_v3() (git-fixes).
- ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks (stable-fixes).
- ALSA: usb-audio: Simplify NULL comparison in mixer_quirks (stable-fixes).
- ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation (git-fixes).
- ALSA: usb-audio: Validate UAC3 cluster segment descriptors (git-fixes).
- ALSA: usb-audio: Validate UAC3 power domain descriptors, too (git-fixes).
- ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free (git-fixes).
- ALSA: usb-audio: move mixer_quirks' min_mute into common quirk (stable-fixes).
- ASoC: Intel: avs: Fix uninitialized pointer error in probe() (stable-fixes).
- ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping (git-fixes).
- ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (git-fixes).
- ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (git-fixes).
- ASoC: Intel: catpt: Expose correct bit depth to userspace (git-fixes).
- ASoC: Intel: fix SND_SOC_SOF dependencies (stable-fixes).
- ASoC: Intel: sof_sdw: Prevent jump to NULL add_sidecar callback (git-fixes).
- ASoC: SOF: Intel: Read the LLP via the associated Link DMA channel (git-fixes).
- ASoC: SOF: Intel: hda-pcm: Place the constraint on period time instead of buffer time (git-fixes).
- ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message (git-fixes).
- ASoC: SOF: amd: acp-loader: Use GFP_KERNEL for DMA allocations in resume context (git-fixes).
- ASoC: SOF: ipc3-topology: Fix multi-core and static pipelines tear down (git-fixes).
- ASoC: SOF: ipc4-topology: Account for different ChainDMA host buffer size (git-fixes).
- ASoC: SOF: ipc4-topology: Correct the minimum host DMA buffer size (git-fixes).
- ASoC: SOF: topology: Parse the dapm_widget_tokens in case of DSPless mode (stable-fixes).
- ASoC: amd: acp: Adjust pdm gain value (stable-fixes).
- ASoC: amd: yc: Add DMI entries to support HP 15-fb1xxx (stable-fixes).
- ASoC: amd: yc: Add DMI quirk for HP Laptop 17 cp-2033dx (stable-fixes).
- ASoC: amd: yc: add DMI quirk for ASUS M6501RM (stable-fixes).
- ASoC: codecs: rt5640: Retry DEVICE_ID verification (stable-fixes).
- ASoC: codecs: tx-macro: correct tx_macro_component_drv name (stable-fixes).
- ASoC: codecs: wcd9375: Fix double free of regulator supplies (git-fixes).
- ASoC: codecs: wcd937x: Drop unused buck_supply (git-fixes).
- ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() (stable-fixes).
- ASoC: fsl_sai: replace regmap_write with regmap_update_bits (git-fixes).
- ASoC: fsl_xcvr: get channel status data when PHY is not exists (git-fixes).
- ASoC: hdac_hdmi: Rate limit logging on connection and disconnection (stable-fixes).
- ASoC: imx-hdmi: remove cpu_pdev related code (git-fixes).
- ASoC: mediatek: mt8365-dai-i2s: pass correct size to mt8365_dai_set_priv (git-fixes).
- ASoC: mediatek: use reserved memory or enable buffer pre-allocation (git-fixes).
- ASoC: ops: dynamically allocate struct snd_ctl_elem_value (git-fixes).
- ASoC: qcom: audioreach: Fix lpaif_type configuration for the I2S interface (git-fixes).
- ASoC: qcom: audioreach: fix potential null pointer dereference (git-fixes).
- ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed (git-fixes).
- ASoC: qcom: q6apm-lpass-dais: Fix missing set_fmt DAI op for I2S (git-fixes).
- ASoC: qcom: use drvdata instead of component to keep id (stable-fixes).
- ASoC: rt5682s: Adjust SAR ADC button mode to fix noise issue (stable-fixes).
- ASoC: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask() (git-fixes).
- ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed (stable-fixes).
- ASoC: tas2781: Fix the wrong step for TLV on tas2781 (git-fixes).
- ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() (git-fixes).
- ASoC: wm8940: Correct PLL rate rounding (git-fixes).
- ASoC: wm8940: Correct typo in control name (git-fixes).
- ASoC: wm8974: Correct PLL rate rounding (git-fixes).
- Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (git-fixes).
- Bluetooth: ISO: Fix possible UAF on iso_conn_free (git-fixes).
- Bluetooth: ISO: do not leak skb in ISO_CONT RX (git-fixes).
- Bluetooth: ISO: free rx_skb if not consumed (git-fixes).
- Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO (git-fixes).
- Bluetooth: MGMT: Fix possible UAFs (git-fixes).
- Bluetooth: btmtk: Fix wait_on_bit_timeout interruption during shutdown (git-fixes).
- Bluetooth: btusb: Add USB ID 2001:332a for D-Link AX9U rev. A1 (stable-fixes).
- Bluetooth: btusb: Add USB ID 3625:010b for TP-LINK Archer TX10UB Nano (stable-fixes).
- Bluetooth: btusb: Add new VID/PID 0489/e14e for MT7925 (stable-fixes).
- Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync() (git-fixes).
- Bluetooth: hci_core: Fix using {cis,bis}_capable for current settings (git-fixes).
- Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced (git-fixes).
- Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync (git-fixes).
- Bluetooth: hci_event: Mark connection as closed during suspend disconnect (git-fixes).
- Bluetooth: hci_event: Mask data status from LE ext adv reports (git-fixes).
- Bluetooth: hci_event: Treat UNKNOWN_CONN_ID on disconnect as success (git-fixes).
- Bluetooth: hci_event: fix MTU for BN == 0 in CIS Established (git-fixes).
- Bluetooth: hci_sock: Reset cookie to zero in hci_sock_free_cookie() (stable-fixes).
- Bluetooth: hci_sync: Avoid adding default advertising on startup (stable-fixes).
- Bluetooth: hci_sync: Fix hci_resume_advertising_sync (git-fixes).
- Bluetooth: hci_sync: Fix scan state after PA Sync has been established (git-fixes).
- Bluetooth: hci_sync: Fix using random address for BIG/PA advertisements (git-fixes).
- Bluetooth: hci_sync: Prevent unintended PA sync when SID is 0xFF (git-fixes).
- Bluetooth: hci_sync: fix set_local_name race condition (git-fixes).
- Bluetooth: vhci: Prevent use-after-free by removing debugfs files early (git-fixes).
- CONFIG & no reference -> OK temporarily, must be resolved eventually
- Disable CET before shutdown by tboot (bsc#1247950).
- Docs/ABI: Fix sysfs-kernel-address_bits path (git-fixes).
- Documentation/x86: Document new attack vector controls (git-fixes).
- Documentation: ACPI: Fix parent device references (git-fixes).
- Documentation: KVM: Fix unexpected unindent warning (git-fixes).
- Documentation: KVM: Fix unexpected unindent warnings (git-fixes).
- Documentation: usb: gadget: Wrap remaining usage snippets in literal code block (git-fixes).
- Drop ath12k patch that was reverted in the upstream (git-fixes)
- EDAC/{i10nm,skx,skx_common}: Support UV systems (bsc#1234693).
- Enable CONFIG_CMA_SYSFS This is a generally useful feature for anyone
using CMA or investigating CMA issues, with a small and simple code base
and no runtime overhead.
- Enable MT7925 WiFi drivers for openSUSE Leap 16.0 (bsc#1247325)
- Enable SMC_LO (a.k.a SMC-D) (jsc#PED-13256).
- Fix bogus i915 patch backport (bsc#1238972) It's been already cherry-picked in 6.12 kernel itself.
- Fix dma_unmap_sg() nents value (git-fixes)
- HID: amd_sfh: Add sync across amd sfh work functions (git-fixes).
- HID: apple: avoid setting up battery timer for devices without battery (git-fixes).
- HID: apple: validate feature-report field count to prevent NULL pointer dereference (git-fixes).
- HID: asus: add support for missing PX series fn keys (stable-fixes).
- HID: asus: fix UAF via HID_CLAIMED_INPUT validation (git-fixes).
- HID: core: do not bypass hid_hw_raw_request (stable-fixes).
- HID: core: ensure the allocated report buffer can contain the reserved report ID (stable-fixes).
- HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() (stable-fixes).
- HID: hidraw: tighten ioctl command parsing (git-fixes).
- HID: input: rename hidinput_set_battery_charge_status() (stable-fixes).
- HID: input: report battery status changes immediately (git-fixes).
- HID: intel-ish-ipc: Remove redundant ready check after timeout function (git-fixes).
- HID: logitech: Add ids for G PRO 2 LIGHTSPEED (stable-fixes).
- HID: magicmouse: avoid setting up battery timer when not needed (git-fixes).
- HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() (git-fixes).
- HID: quirks: add support for Legion Go dual dinput modes (stable-fixes).
- HID: wacom: Add a new Art Pen 2 (stable-fixes).
- IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions (git-fixes)
- IB/sa: Fix sa_local_svc_timeout_ms read race (git-fixes)
- Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table (stable-fixes).
- Input: iqs7222 - avoid enabling unused interrupts (stable-fixes).
- Input: psxpad-spi - add a check for the return value of spi_setup() (git-fixes).
- Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak (git-fixes).
- KEYS: X.509: Fix Basic Constraints CA flag parsing (git-fixes).
- KEYS: trusted_tpm1: Compare HMAC values in constant time (git-fixes).
- KVM: Allow CPU to reschedule while setting per-page memory attributes (git-fixes).
- KVM: Bail from the dirty ring reset flow if a signal is pending (git-fixes).
- KVM: Bound the number of dirty ring entries in a single reset at INT_MAX (git-fixes).
- KVM: Conditionally reschedule when resetting the dirty ring (git-fixes).
- KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199).
- KVM: SVM: Disable interception of SPEC_CTRL iff the MSR exists for the guest (git-fixes).
- KVM: SVM: Fix SNP AP destroy race with VMRUN (git-fixes).
- KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight (git-fixes).
- KVM: TDX: Add new TDVMCALL status code for unsupported subfuncs (jsc#PED-13302).
- KVM: TDX: Do not report base TDVMCALLs (git-fixes).
- KVM: TDX: Exit to userspace for GetTdVmCallInfo (jsc#PED-13302).
- KVM: TDX: Exit to userspace for SetupEventNotifyInterrupt (jsc#PED-13302).
- KVM: TDX: Handle TDG.VP.VMCALL<GetQuote> (jsc#PED-13302).
- KVM: TDX: Report supported optional TDVMCALLs in TDX capabilities (jsc#PED-13302).
- KVM: TDX: Use kvm_arch_vcpu.host_debugctl to restore the host's DEBUGCTL (git-fixes).
- KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest (git-fixes).
- KVM: VMX: Ensure unused kvm_tdx_capabilities fields are zeroed out (jsc#PED-13302).
- KVM: arm64: Adjust range correctly during host stage-2 faults (git-fixes).
- KVM: arm64: Do not free hyp pages with pKVM on GICv2 (git-fixes).
- KVM: arm64: Fix error path in init_hyp_mode() (git-fixes).
- KVM: arm64: Mark freed S2 MMUs as invalid (git-fixes).
- KVM: arm64: vgic: fix incorrect spinlock API usage (git-fixes).
- KVM: s390: Fix access to unavailable adapter indicator pages during postcopy (git-fixes bsc#1250124).
- KVM: s390: Fix incorrect usage of mmu_notifier_register() (git-fixes bsc#1250123).
- KVM: x86/mmu: Locally cache whether a PFN is host MMIO when making a SPTE (git-fixes).
- KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table (git-fixes).
- KVM: x86: Avoid calling kvm_is_mmio_pfn() when kvm_x86_ops.get_mt_mask is NULL (git-fixes).
- KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap (git-fixes).
- KVM: x86: Drop pending_smi vs. INIT_RECEIVED check when setting MP_STATE (git-fixes).
- KVM: x86: Reject KVM_SET_TSC_KHZ vCPU ioctl for TSC protected guest (git-fixes).
- KVM: x86: avoid underflow when scaling TSC frequency (git-fixes).
- Limit patch filenames to 100 characters (bsc#1249604).
- Move upstreamed SPI patch into sorted section
- NFS: Fix a race when updating an existing write (git-fixes).
- NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (git-fixes).
- NFS: Fix the setting of capabilities when automounting a new filesystem (git-fixes).
- NFS: Fix wakeup of __nfs_lookup_revalidate() in unblock_revalidate() (git-fixes).
- NFS: Fixup allocation flags for nfsiod's __GFP_NORETRY (git-fixes).
- NFS: nfs_invalidate_folio() must observe the offset and size arguments (git-fixes).
- NFSD: Define a proc_layoutcommit for the FlexFiles layout type (git-fixes).
- NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() (git-fixes).
- NFSD: detect mismatch of file handle and delegation stateid in OPEN op (git-fixes).
- NFSv4.1: fix backchannel max_resp_sz verification check (git-fixes).
- NFSv4.2: another fix for listxattr (git-fixes).
- NFSv4/flexfiles: Fix layout merge mirror check (git-fixes).
- NFSv4: Clear NFS_CAP_OPEN_XOR and NFS_CAP_DELEGTIME if not supported (git-fixes).
- NFSv4: Clear the NFS_CAP_FS_LOCATIONS flag if it is not set (git-fixes).
- NFSv4: Clear the NFS_CAP_XATTR flag if not supported by the server (git-fixes).
- NFSv4: Do not clear capabilities that won't be reset (git-fixes).
- Octeontx2-af: Skip overlap check for SPI field (git-fixes).
- PCI/ACPI: Fix pci_acpi_preserve_config() memory leak (git-fixes).
- PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (git-fixes).
- PCI/AER: Fix missing uevent on recovery when a reset is requested (git-fixes).
- PCI/ERR: Fix uevent on failure to recover (git-fixes).
- PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV (git-fixes).
- PCI/MSI: Export pci_msix_prepare_desc() for dynamic MSI-X allocations (bsc#1245457).
- PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge (git-fixes).
- PCI/pwrctrl: Fix device leak at registration (git-fixes).
- PCI/sysfs: Ensure devices are powered for config reads (git-fixes).
- PCI: Extend isolated function probing to LoongArch (git-fixes).
- PCI: Rename PCIE_RESET_CONFIG_DEVICE_WAIT_MS to PCIE_RESET_CONFIG_WAIT_MS (git-fixes).
- PCI: Support Immediate Readiness on devices without PM capabilities (git-fixes).
- PCI: dw-rockchip: Replace PERST# sleep time with proper macro (git-fixes).
- PCI: dw-rockchip: Wait PCIE_RESET_CONFIG_WAIT_MS after link-up IRQ (git-fixes).
- PCI: dwc: Ensure that dw_pcie_wait_for_link() waits 100 ms after link up (stable-fixes).
- PCI: endpoint: Fix configfs group list head handling (git-fixes).
- PCI: endpoint: Fix configfs group removal on driver teardown (git-fixes).
- PCI: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem attribute (git-fixes).
- PCI: endpoint: pci-epf-vntb: Return -ENOENT if pci_epc_get_next_free_bar() fails (git-fixes).
- PCI: hv: Allow dynamic MSI-X vector allocation (bsc#1245457).
- PCI: imx6: Add IMX8MM_EP and IMX8MP_EP fixed 256-byte BAR 4 in epc_features (git-fixes).
- PCI: imx6: Add IMX8MQ_EP third 64-bit BAR in epc_features (git-fixes).
- PCI: imx6: Add i.MX8Q PCIe Endpoint (EP) support (git-fixes).
- PCI: imx6: Delay link start until configfs 'start' written (git-fixes).
- PCI: imx6: Remove apps_reset toggling from imx_pcie_{assert/deassert}_core_reset (git-fixes).
- PCI: j721e: Fix incorrect error message in probe() (git-fixes).
- PCI: j721e: Fix programming sequence of "strap" settings (git-fixes).
- PCI: keystone: Use devm_request_irq() to free "ks-pcie-error-irq" on exit (git-fixes).
- PCI: pnv_php: Clean up allocated IRQs on unplug (bsc#1215199).
- PCI: pnv_php: Work around switches with broken presence detection (bsc#1215199).
- PCI: qcom: Wait PCIE_RESET_CONFIG_WAIT_MS after link-up IRQ (git-fixes).
- PCI: rcar-gen4: Add missing 1ms delay after PWR reset assertion (git-fixes).
- PCI: rcar-gen4: Assure reset occurs before DBI access (git-fixes).
- PCI: rcar-gen4: Fix PHY initialization (git-fixes).
- PCI: rcar-gen4: Fix inverted break condition in PHY initialization (git-fixes).
- PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock (git-fixes).
- PCI: rcar-host: Drop PMSR spinlock (git-fixes).
- PCI: rockchip-host: Fix "Unexpected Completion" log message (git-fixes).
- PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining (git-fixes).
- PCI: rockchip: Use standard PCIe definitions (git-fixes).
- PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq() (git-fixes).
- PCI: tegra194: Fix duplicate PLL disable in pex_ep_event_pex_rst_assert() (git-fixes).
- PCI: tegra194: Handle errors in BPMP response (git-fixes).
- PCI: tegra194: Reset BARs when running in PCIe endpoint mode (git-fixes).
- PCI: tegra: Convert struct tegra_msi mask_lock into raw spinlock (git-fixes).
- PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation (git-fixes).
- PCI: xilinx-nwl: Fix ECAM programming (git-fixes).
- PM / devfreq: Check governor before using governor->name (git-fixes).
- PM / devfreq: Fix a index typo in trans_stat (git-fixes).
- PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() (stable-fixes).
- PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() (git-fixes).
- PM / devfreq: rockchip-dfi: double count on RK3588 (git-fixes).
- PM: EM: use kfree_rcu() to simplify the code (stable-fixes).
- PM: cpufreq: powernv/tracing: Move powernv_throttle trace event (git-fixes).
- PM: hibernate: Add pm_hibernation_mode_is_suspend() (bsc#1243112).
- PM: hibernate: Add stub for pm_hibernate_is_recovering() (bsc#1243112).
- PM: hibernate: Fix pm_hibernation_mode_is_suspend() build breakage (bsc#1243112).
- PM: hibernate: add new api pm_hibernate_is_recovering() (bsc#1243112).
- PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() (stable-fixes).
- PM: runtime: Take active children into account in pm_runtime_get_if_in_use() (git-fixes).
- PM: sleep: console: Fix the black screen issue (stable-fixes).
- PM: sleep: core: Clear power.must_resume in noirq suspend error path (git-fixes).
- RAS/AMD/ATL: Include row bit in row retirement (bsc#1242034).
- RAS/AMD/FMPM: Get masked address (bsc#1242034).
- RDMA/bnxt_re: Fix a possible memory leak in the driver (git-fixes)
- RDMA/bnxt_re: Fix size of uverbs_copy_to() in BNXT_RE_METHOD_GET_TOGGLE_MEM (git-fixes)
- RDMA/bnxt_re: Fix to do SRQ armena by default (git-fixes)
- RDMA/bnxt_re: Fix to initialize the PBL array (git-fixes)
- RDMA/bnxt_re: Fix to remove workload check in SRQ limit path (git-fixes)
- RDMA/cm: Rate limit destroy CM ID timeout error message (git-fixes)
- RDMA/core: Rate limit GID cache warning messages (git-fixes)
- RDMA/core: Resolve MAC of next-hop device without ARP support (git-fixes)
- RDMA/core: reduce stack using in nldev_stat_get_doit() (git-fixes)
- RDMA/counter: Check CAP_NET_RAW check in user namespace for RDMA counters (git-fixes)
- RDMA/erdma: Fix ignored return value of init_kernel_qp (git-fixes)
- RDMA/hns: Drop GFP_NOWARN (git-fixes)
- RDMA/hns: Fix -Wframe-larger-than issue (git-fixes)
- RDMA/hns: Fix HW configurations not cleared in error flow (git-fixes)
- RDMA/hns: Fix accessing uninitialized resources (git-fixes)
- RDMA/hns: Fix dip entries leak on devices newer than hip09 (git-fixes)
- RDMA/hns: Fix double destruction of rsv_qp (git-fixes)
- RDMA/hns: Fix querying wrong SCC context for DIP algorithm (git-fixes)
- RDMA/hns: Get message length of ack_req from FW (git-fixes)
- RDMA/mana_ib: Add device statistics support (bsc#1246651).
- RDMA/mana_ib: Drain send wrs of GSI QP (bsc#1251135).
- RDMA/mana_ib: Extend modify QP (bsc#1251135).
- RDMA/mana_ib: Fix DSCP value in modify QP (git-fixes).
- RDMA/mana_ib: add additional port counters (git-fixes).
- RDMA/mana_ib: add support of multiple ports (git-fixes).
- RDMA/mlx5: Better estimate max_qp_wr to reflect WQE count (git-fixes)
- RDMA/mlx5: Check CAP_NET_RAW in user namespace for anchor create (git-fixes)
- RDMA/mlx5: Check CAP_NET_RAW in user namespace for devx create (git-fixes)
- RDMA/mlx5: Check CAP_NET_RAW in user namespace for flow create (git-fixes)
- RDMA/mlx5: Fix UMR modifying of mkey page size (git-fixes)
- RDMA/mlx5: Fix compilation warning when USER_ACCESS isn't set (git-fixes)
- RDMA/mlx5: Fix vport loopback forcing for MPV device (git-fixes)
- RDMA/nldev: Check CAP_NET_RAW in user namespace for QP modify (git-fixes)
- RDMA/rxe: Fix race in do_task() when draining (git-fixes)
- RDMA/rxe: Flush delayed SKBs while releasing RXE resources (git-fixes)
- RDMA/siw: Always report immediate post SQ errors (git-fixes)
- RDMA/siw: Fix the sendmsg byte count in siw_tcp_sendpages (git-fixes)
- RDMA/uverbs: Add empty rdma_uattrs_has_raw_cap() declaration (git-fixes)
- RDMA/uverbs: Check CAP_NET_RAW in user namespace for QP create (git-fixes)
- RDMA/uverbs: Check CAP_NET_RAW in user namespace for RAW QP create (git-fixes)
- RDMA/uverbs: Check CAP_NET_RAW in user namespace for flow create (git-fixes)
- RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (git-fixes)
- README.BRANCH: mfranc@suse.cz leaving SUSE
- RISC-V: Add defines for the SBI nested acceleration extension (jsc#PED-348).
- Reapply "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" (git-fixes).
- Reapply "x86/smp: Eliminate mwait_play_dead_cpuid_hint()" (jsc#PED-13815).
- Revert "SUNRPC: Do not allow waiting for exiting tasks" (git-fixes).
- Revert "drm/amdgpu: fix incorrect vm flags to map bo" (stable-fixes).
- Revert "drm/nouveau: check ioctl command codes better" (git-fixes).
- Revert "gpio: mlxbf3: only get IRQ for device instance 0" (git-fixes).
- Revert "leds: trigger: netdev: Configure LED blink interval for HW offload" (git-fixes).
- Revert "mac80211: Dynamically set CoDel parameters per station" (stable-fixes).
- Revert "usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running" (git-fixes).
- Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()" (stable-fixes).
- Revert "wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO" (git-fixes).
- SUNRPC: call xs_sock_process_cmsg for all cmsg (git-fixes).
- Squashfs: add additional inode sanity checking (git-fixes).
- Squashfs: fix uninit-value in squashfs_get_parent (git-fixes).
- Squashfs: reject negative file sizes in squashfs_read_inode() (git-fixes).
- USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels (git-fixes).
- USB: gadget: f_hid: Fix memory leak in hidg_bind error path (git-fixes).
- USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI (stable-fixes).
- USB: serial: option: add Foxconn T99W640 (stable-fixes).
- USB: serial: option: add Foxconn T99W709 (stable-fixes).
- USB: serial: option: add SIMCom 8230C compositions (stable-fixes).
- USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition (stable-fixes).
- USB: serial: option: add Telit Cinterion FN990A w/audio compositions (stable-fixes).
- USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions (stable-fixes).
- USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera (stable-fixes).
- USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles (stable-fixes).
- Update config files. (bsc#1249186) Enable where we define KABI refs + rely on Kconfig deps.
- Update config files: revive pwc driver for Leap (bsc#1249060)
- accel/habanalabs/gaudi2: Use kvfree() for memory allocated with kvcalloc() (git-fixes).
- accel/ivpu: Correct DCT interrupt handling (git-fixes).
- accel/ivpu: Fix reset_engine debugfs file logic (stable-fixes).
- accel/ivpu: Fix warning in ivpu_gem_bo_free() (git-fixes).
- accel/ivpu: Prevent recovery work from being queued during device removal (git-fixes).
- amdgpu/amdgpu_discovery: increase timeout limit for IFWI init (stable-fixes).
- aoe: defer rexmit timer downdev work to workqueue (git-fixes).
- arch/powerpc: Remove .interp section in vmlinux (bsc#1215199).
- arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() (git-fixes)
- arm64/mm: Check PUD_TYPE_TABLE in pud_bad() (git-fixes)
- arm64/mm: Check pmd_table() in pmd_trans_huge() (git-fixes)
- arm64/mm: Close theoretical race where stale TLB entry remains valid (git-fixes)
- arm64/mm: Drop wrong writes into TCR2_EL1 (git-fixes)
- arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes)
- arm64/sysreg: Add register fields for HDFGRTR2_EL2 (git-fixes)
- arm64/sysreg: Add register fields for HDFGWTR2_EL2 (git-fixes)
- arm64/sysreg: Add register fields for HFGITR2_EL2 (git-fixes)
- arm64/sysreg: Add register fields for HFGRTR2_EL2 (git-fixes)
- arm64/sysreg: Add register fields for HFGWTR2_EL2 (git-fixes)
- arm64/sysreg: Update register fields for ID_AA64MMFR0_EL1 (git-fixes)
- arm64: Filter out SME hwcaps when FEAT_SME isn't implemented (git-fixes)
- arm64: Handle KCOV __init vs inline mismatches (git-fixes)
- arm64: Mark kernel as tainted on SAE and SError panic (git-fixes)
- arm64: Restrict pagetable teardown to avoid false warning (git-fixes)
- arm64: config: Make tpm_tis_spi module build-in (bsc#1246896)
- arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD (git-fixes)
- arm64: dts: add big-endian property back into watchdog node (git-fixes)
- arm64: dts: apple: Add ethernet0 alias for J375 template (git-fixes)
- arm64: dts: apple: t8103-j457: Fix PCIe ethernet iommu-map (git-fixes)
- arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename (git-fixes)
- arm64: dts: exynos: gs101: Add 'local-timer-stop' to cpuidle nodes (git-fixes)
- arm64: dts: exynos: gs101: ufs: add dma-coherent property (git-fixes)
- arm64: dts: freescale: imx8mm-verdin: Keep LDO5 always on (git-fixes)
- arm64: dts: freescale: imx93-tqma9352: Limit BUCK2 to 600mV (git-fixes)
- arm64: dts: imx8mm-beacon: Fix HS400 USDHC clock speed (git-fixes)
- arm64: dts: imx8mm-beacon: Fix RTC capacitive load (git-fixes)
- arm64: dts: imx8mm-beacon: Set SAI5 MCLK direction to output for HDMI (git-fixes)
- arm64: dts: imx8mm-venice-gw700x: Increase HS400 USDHC clock speed (git-fixes)
- arm64: dts: imx8mm-venice-gw7901: Increase HS400 USDHC clock speed (git-fixes)
- arm64: dts: imx8mm-venice-gw7902: Increase HS400 USDHC clock speed (git-fixes)
- arm64: dts: imx8mm-venice-gw7903: Increase HS400 USDHC clock speed (git-fixes)
- arm64: dts: imx8mm-venice-gw7904: Increase HS400 USDHC clock speed (git-fixes)
- arm64: dts: imx8mn-beacon: Fix HS400 USDHC clock speed (git-fixes)
- arm64: dts: imx8mn-beacon: Fix RTC capacitive load (git-fixes)
- arm64: dts: imx8mn-beacon: Set SAI5 MCLK direction to output for HDMI (git-fixes)
- arm64: dts: imx8mn-venice-gw7902: Increase HS400 USDHC clock speed (git-fixes)
- arm64: dts: imx8mp-beacon: Fix RTC capacitive load (git-fixes)
- arm64: dts: imx8mp-tqma8mpql: fix LDO5 power off (git-fixes)
- arm64: dts: imx8mp-venice-gw702x: Increase HS400 USDHC clock speed (git-fixes)
- arm64: dts: imx8mp-venice-gw71xx: fix TPM SPI frequency (git-fixes)
- arm64: dts: imx8mp-venice-gw72xx: fix TPM SPI frequency (git-fixes)
- arm64: dts: imx8mp-venice-gw73xx: fix TPM SPI frequency (git-fixes)
- arm64: dts: imx8mp-venice-gw74xx: fix TPM SPI frequency (git-fixes)
- arm64: dts: imx8mp: Correct thermal sensor index (git-fixes)
- arm64: dts: imx8mp: Fix missing microSD slot vqmmc on DH electronics (git-fixes)
- arm64: dts: imx8mp: Fix missing microSD slot vqmmc on Data Modul (git-fixes)
- arm64: dts: imx93-kontron: Fix GPIO for panel regulator (git-fixes)
- arm64: dts: imx93-kontron: Fix USB port assignment (git-fixes)
- arm64: dts: imx95: Correct the DMA interrupter number of pcie0_ep (git-fixes)
- arm64: dts: imx95: Correct the lpuart7 and lpuart8 srcid (git-fixes)
- arm64: dts: marvell: cn9132-clearfog: disable eMMC high-speed modes (git-fixes)
- arm64: dts: marvell: cn9132-clearfog: fix multi-lane pci x2 and x4 (git-fixes)
- arm64: dts: rockchip: Add cd-gpios for sdcard detect on Cool Pi 4B (git-fixes).
- arm64: dts: rockchip: Add cd-gpios for sdcard detect on Cool Pi CM5 (git-fixes)
- arm64: dts: rockchip: Add vcc-supply to SPI flash on (git-fixes)
- arm64: dts: rockchip: Add vcc-supply to SPI flash on rk3566-rock3c (git-fixes)
- arm64: dts: rockchip: Fix Bluetooth interrupts flag on Neardi LBA3368 (git-fixes)
- arm64: dts: rockchip: Fix the headphone detection on the orangepi 5 (git-fixes)
- arm64: dts: rockchip: Move SHMEM memory to reserved memory on rk3588 (git-fixes)
- arm64: dts: rockchip: Update eMMC for NanoPi R5 series (git-fixes)
- arm64: dts: rockchip: disable unrouted USB controllers and PHY on (git-fixes)
- arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma (git-fixes)
- arm64: dts: rockchip: fix endpoint dtc warning for PX30 ISP (git-fixes)
- arm64: dts: rockchip: fix internal USB hub instability on RK3399 Puma (git-fixes)
- arm64: dts: rockchip: use cs-gpios for spi1 on ringneck (git-fixes)
- arm64: dts: st: fix timer used for ticks (git-fixes)
- arm64: ftrace: fix unreachable PLT for ftrace_caller in init_module (git-fixes)
- arm64: map [_text, _stext) virtual address range (git-fixes)
- arm64: mte: Do not flag the zero page as PG_mte_tagged (git-fixes)
- arm64: poe: Handle spurious Overlay faults (git-fixes)
- arm64: rust: clean Rust 1.85.0 warning using softfloat target (git-fixes)
- arm64: stacktrace: Check kretprobe_find_ret_addr() return value (git-fixes)
- arm64: tegra: Add uartd serial alias for Jetson TX1 module (git-fixes)
- arm64: tegra: Drop remaining serial clock-names and reset-names (git-fixes)
- arm64: tegra: Resize aperture for the IGX PCIe C5 slot (git-fixes)
- arm64: tegra: p2597: Fix gpio for vdd-1v8-dis regulator (git-fixes)
- arm64: zynqmp: add clock-output-names property in clock nodes (git-fixes)
- ata: ahci: Disable DIPM if host lacks support (stable-fixes).
- ata: ahci: Disallow LPM policy control if not supported (stable-fixes).
- ata: libata-sata: Add link_power_management_supported sysfs attribute (git-fixes).
- ata: libata-sata: Disallow changing LPM state if not supported (stable-fixes).
- ata: libata-scsi: Fix CDL control (git-fixes).
- audit,module: restore audit logging in load failure case (git-fixes).
- ax25: properly unshare skbs in ax25_kiss_rcv() (git-fixes).
- batman-adv: fix OOB read/write in network-coding decode (git-fixes).
- benet: fix BUG when creating VFs (git-fixes).
- block: Introduce bio_needs_zone_write_plugging() (git-fixes).
- block: Make REQ_OP_ZONE_FINISH a write operation (git-fixes, bsc#1249552).
- block: ensure discard_granularity is zero when discard is not supported (git-fixes).
- block: fix kobject leak in blk_unregister_queue (git-fixes).
- block: mtip32xx: Fix usage of dma_map_sg() (git-fixes).
- block: sanitize chunk_sectors for atomic write limits (git-fixes).
- bnxt_en: Add a helper function to configure MRU and RSS (git-fixes).
- bnxt_en: Adjust TX rings if reservation is less than requested (git-fixes).
- bnxt_en: Fix DCB ETS validation (git-fixes).
- bnxt_en: Fix memory corruption when FW resources change during ifdown (git-fixes).
- bnxt_en: Fix stats context reservation logic (git-fixes).
- bnxt_en: Flush FW trace before copying to the coredump (git-fixes).
- bnxt_en: Update MRU and RSS table of RSS contexts on queue reset (git-fixes).
- bnxt_en: eliminate the compile warning in bnxt_request_irq due to CONFIG_RFS_ACCEL (git-fixes).
- bpf, arm64: Call bpf_jit_binary_pack_finalize() in bpf_jit_free() (git-fixes)
- bpf, arm64: Fix fp initialization for exception boundary (git-fixes)
- bpf, docs: Fix broken link to renamed bpf_iter_task_vmas.c (git-fixes).
- bpf, sockmap: Fix psock incorrectly pointing to sk (git-fixes).
- bpf: Adjust free target to avoid global starvation of LRU map (git-fixes).
- bpf: Allow XDP dev-bound programs to perform XDP_REDIRECT into maps (git-fixes).
- bpf: Avoid RCU context warning when unpinning htab with internal structs (git-fixes).
- bpf: Check link_create.flags parameter for multi_kprobe (git-fixes).
- bpf: Check link_create.flags parameter for multi_uprobe (git-fixes).
- bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} (git-fixes).
- bpf: Fix uninitialized values in BPF_{CORE,PROBE}_READ (git-fixes).
- bpf: Forget ranges when refining tnum after JSET (git-fixes).
- bpf: Make reg_not_null() true for CONST_PTR_TO_MAP (git-fixes).
- bpf: Only fails the busy counter check in bpf_cgrp_storage_get if it creates storage (git-fixes).
- bpf: Reject %p% format string in bprintf-like helpers (git-fixes).
- bpf: Reject attaching fexit/fmod_ret to __noreturn functions (git-fixes).
- bpf: Reject narrower access to pointer ctx fields (git-fixes).
- bpf: Return prog btf_id without capable check (git-fixes).
- bpf: Use preempt_count() directly in bpf_send_signal_common() (git-fixes).
- bpf: Use proper type to calculate bpf_raw_tp_null_args.mask index (git-fixes).
- bpf: fix possible endless loop in BPF map iteration (git-fixes).
- btrfs: abort transaction during log replay if walk_log_tree() failed (git-fixes).
- btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() (git-fixes).
- btrfs: add assertions and comment about path expectations to btrfs_cross_ref_exist() (git-fixes).
- btrfs: add debug build only WARN (bsc#1249038).
- btrfs: add function comment for check_committed_ref() (git-fixes).
- btrfs: always abort transaction on failure to add block group to free space tree (git-fixes).
- btrfs: avoid load/store tearing races when checking if an inode was logged (git-fixes).
- btrfs: avoid redundant call to get inline ref type at check_committed_ref() (git-fixes).
- btrfs: avoid starting new transaction when cleaning qgroup during subvolume drop (git-fixes).
- btrfs: clear dirty status from extent buffer on error at insert_new_root() (git-fixes).
- btrfs: codify pattern for adding block_group to bg_list (git-fixes).
- btrfs: convert ASSERT(0) with handled errors to DEBUG_WARN() (bsc#1249038).
- btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling (git-fixes).
- btrfs: correctly escape subvol in btrfs_show_options() (git-fixes).
- btrfs: do not allow relocation of partially dropped subvolumes (bsc#1249540).
- btrfs: do not ignore inode missing when replaying log tree (git-fixes).
- btrfs: do not output error message if a qgroup has been already cleaned up (git-fixes).
- btrfs: do not return VM_FAULT_SIGBUS on failure to set delalloc for mmap write (bsc#1247949).
- btrfs: do not silently ignore unexpected extent type when replaying log (git-fixes).
- btrfs: do not skip remaining extrefs if dir not found during log replay (git-fixes).
- btrfs: enhance ASSERT() to take optional format string (bsc#1249038).
- btrfs: error on missing block group when unaccounting log tree extent buffers (git-fixes).
- btrfs: exit after state split error at set_extent_bit() (git-fixes).
- btrfs: explicitly ref count block_group on new_bgs list (bsc#1243068)
- btrfs: fix -ENOSPC mmap write failure on NOCOW files/extents (bsc#1247949).
- btrfs: fix assertion when building free space tree (git-fixes).
- btrfs: fix corruption reading compressed range when block size is smaller than page size (git-fixes).
- btrfs: fix data overwriting bug during buffered write when block size < page size (git-fixes).
- btrfs: fix data race when accessing the inode's disk_i_size at btrfs_drop_extents() (git-fixes).
- btrfs: fix incorrect log message for nobarrier mount option (git-fixes).
- btrfs: fix inode lookup error handling during log replay (git-fixes).
- btrfs: fix invalid extref key setup when replaying dentry (git-fixes).
- btrfs: fix invalid inode pointer after failure to create reloc inode (git-fixes).
- btrfs: fix invalid inode pointer dereferences during log replay (git-fixes).
- btrfs: fix iteration bug in __qgroup_excl_accounting() (git-fixes).
- btrfs: fix log tree replay failure due to file with 0 links and extents (git-fixes).
- btrfs: fix missing error handling when searching for inode refs during log replay (git-fixes).
- btrfs: fix non-empty delayed iputs list on unmount due to async workers (git-fixes).
- btrfs: fix printing of mount info messages for NODATACOW/NODATASUM (git-fixes).
- btrfs: fix race between logging inode and checking if it was logged before (git-fixes).
- btrfs: fix race between setting last_dir_index_offset and inode logging (git-fixes).
- btrfs: fix squota compressed stats leak (git-fixes).
- btrfs: fix ssd_spread overallocation (git-fixes).
- btrfs: fix subvolume deletion lockup caused by inodes xarray race (git-fixes).
- btrfs: fix the inode leak in btrfs_iget() (git-fixes).
- btrfs: fix two misuses of folio_shift() (git-fixes).
- btrfs: fix wrong length parameter for btrfs_cleanup_ordered_extents() (git-fixes).
- btrfs: handle unaligned EOF truncation correctly for subpage cases (bsc#1249038).
- btrfs: initialize inode::file_extent_tree after i_mode has been set (git-fixes).
- btrfs: make btrfs_discard_workfn() block_group ref explicit (bsc#1243068)
- btrfs: make btrfs_iget() return a btrfs inode instead (git-fixes).
- btrfs: make btrfs_iget_path() return a btrfs inode instead (git-fixes).
- btrfs: move transaction aborts to the error site in add_block_group_free_space() (git-fixes).
- btrfs: pass a btrfs_inode to fixup_inode_link_count() (git-fixes).
- btrfs: pass struct btrfs_inode to btrfs_defrag_file() (git-fixes).
- btrfs: pass struct btrfs_inode to btrfs_double_mmap_lock() (git-fixes).
- btrfs: pass struct btrfs_inode to btrfs_double_mmap_unlock() (git-fixes).
- btrfs: pass struct btrfs_inode to btrfs_extent_same_range() (git-fixes).
- btrfs: pass struct btrfs_inode to btrfs_fill_inode() (git-fixes).
- btrfs: pass struct btrfs_inode to btrfs_iget_locked() (git-fixes).
- btrfs: pass struct btrfs_inode to btrfs_inode_inherit_props() (git-fixes).
- btrfs: pass struct btrfs_inode to btrfs_inode_type() (git-fixes).
- btrfs: pass struct btrfs_inode to btrfs_load_inode_props() (git-fixes).
- btrfs: pass struct btrfs_inode to btrfs_read_locked_inode() (git-fixes).
- btrfs: pass struct btrfs_inode to can_nocow_extent() (git-fixes).
- btrfs: pass struct btrfs_inode to clone_copy_inline_extent() (git-fixes).
- btrfs: pass struct btrfs_inode to extent_range_clear_dirty_for_io() (git-fixes).
- btrfs: pass struct btrfs_inode to fill_stack_inode_item() (git-fixes).
- btrfs: pass struct btrfs_inode to new_simple_dir() (git-fixes).
- btrfs: pass true to btrfs_delalloc_release_space() at btrfs_page_mkwrite() (bsc#1247949).
- btrfs: propagate last_unlink_trans earlier when doing a rmdir (git-fixes).
- btrfs: props: switch prop_handler::apply to struct btrfs_inode (git-fixes).
- btrfs: props: switch prop_handler::extract to struct btrfs_inode (git-fixes).
- btrfs: push cleanup into btrfs_read_locked_inode() (git-fixes).
- btrfs: qgroup: fix qgroup create ioctl returning success after quotas disabled (git-fixes).
- btrfs: qgroup: fix race between quota disable and quota rescan ioctl (git-fixes).
- btrfs: qgroup: remove no longer used fs_info->qgroup_ulist (git-fixes).
- btrfs: qgroup: set quota enabled bit if quota disable fails flushing reservations (git-fixes).
- btrfs: record new subvolume in parent dir earlier to avoid dir logging races (git-fixes).
- btrfs: remove conditional path allocation in btrfs_read_locked_inode() (git-fixes).
- btrfs: remove no longer needed strict argument from can_nocow_extent() (git-fixes).
- btrfs: remove redundant path release when replaying a log tree (git-fixes).
- btrfs: remove the snapshot check from check_committed_ref() (git-fixes).
- btrfs: restore mount option info messages during mount (git-fixes).
- btrfs: return a btrfs_inode from btrfs_iget_logging() (git-fixes).
- btrfs: return a btrfs_inode from read_one_inode() (git-fixes).
- btrfs: return any hit error from extent_writepage_io() (git-fixes).
- btrfs: send: remove unnecessary inode lookup at send_encoded_inline_extent() (git-fixes).
- btrfs: simplify arguments for btrfs_cross_ref_exist() (git-fixes).
- btrfs: simplify early error checking in btrfs_page_mkwrite() (bsc#1247949).
- btrfs: simplify error detection flow during log replay (git-fixes).
- btrfs: simplify return logic at check_committed_ref() (git-fixes).
- btrfs: subpage: fix the bitmap dump of the locked flags (git-fixes).
- btrfs: tests: fix chunk map leak after failure to add it to the tree (git-fixes).
- btrfs: tree-checker: fix the incorrect inode ref size check (git-fixes).
- btrfs: unfold transaction aborts when replaying log trees (git-fixes).
- btrfs: unify ordering of btrfs_key initializations (git-fixes).
- btrfs: update superblock's device bytes_used when dropping chunk (git-fixes).
- btrfs: use a single variable to track return value at btrfs_page_mkwrite() (bsc#1247949).
- btrfs: use btrfs_record_snapshot_destroy() during rmdir (git-fixes).
- btrfs: use filemap_get_folio() helper (git-fixes).
- btrfs: use struct btrfs_inode inside btrfs_get_name() (git-fixes).
- btrfs: use struct btrfs_inode inside btrfs_get_parent() (git-fixes).
- btrfs: use struct btrfs_inode inside btrfs_remap_file_range() (git-fixes).
- btrfs: use struct btrfs_inode inside btrfs_remap_file_range_prep() (git-fixes).
- btrfs: use struct btrfs_inode inside create_pending_snapshot() (git-fixes).
- btrfs: use verbose ASSERT() in volumes.c (bsc#1249038).
- build_bug.h: Add KABI assert (bsc#1249186).
- bus: firewall: Fix missing static inline annotations for stubs (git-fixes).
- bus: fsl-mc: Check return value of platform_get_resource() (git-fixes).
- bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint() (git-fixes).
- bus: mhi: ep: Fix chained transfer handling in read path (git-fixes).
- bus: mhi: host: Detect events pointing to unexpected TREs (git-fixes).
- bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() (git-fixes).
- bus: mhi: host: pci_generic: Fix the modem name of Foxconn T99W640 (git-fixes).
- can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes).
- can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled (stable-fixes).
- can: hi311x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes).
- can: j1939: implement NETDEV_UNREGISTER notification handler (git-fixes).
- can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails (git-fixes).
- can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed (git-fixes).
- can: kvaser_pciefd: Store device channel index (git-fixes).
- can: kvaser_usb: Assign netdev.dev_port based on device channel index (git-fixes).
- can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow (git-fixes).
- can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode (git-fixes).
- can: peak_usb: fix USB FD devices potential malfunction (git-fixes).
- can: peak_usb: fix shift-out-of-bounds issue (git-fixes).
- can: rcar_can: rcar_can_resume(): fix s2ram with PSCI (stable-fixes).
- can: rcar_canfd: Fix controller mode setting (stable-fixes).
- can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow (git-fixes).
- can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB (git-fixes).
- cdc-acm: fix race between initial clearing halt and open (git-fixes).
- cdc_ncm: Flag Intel OEM version of Fibocom L850-GL as WWAN (stable-fixes).
- cdx: Fix off-by-one error in cdx_rpmsg_probe() (git-fixes).
- cgroup/cpuset: Fix a partition error with CPU hotplug (bsc#1241166).
- cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key (bsc#1241166).
- cgroup: Add compatibility option for content of /proc/cgroups (jsc#PED-12405).
- cgroup: Print message when /proc/cgroups is read on v2-only system (jsc#PED-12405).
- cgroup: llist: avoid memory tears for llist_node (bsc#1247963).
- cgroup: make css_rstat_updated nmi safe (bsc#1247963).
- cgroup: remove per-cpu per-subsystem locks (bsc#1247963).
- cgroup: support to enable nmi-safe css_rstat_updated (bsc#1247963).
- char: misc: Fix improper and inaccurate error code returned by misc_init() (stable-fixes).
- clk: at91: peripheral: fix return value (git-fixes).
- clk: at91: sam9x7: update pll clk ranges (git-fixes).
- clk: clk-axi-clkgen: fix fpfd_max frequency for zynq (git-fixes).
- clk: davinci: Add NULL check in davinci_lpsc_clk_register() (git-fixes).
- clk: imx95-blk-ctl: Fix synchronous abort (git-fixes).
- clk: mediatek: clk-mux: Do not pass flags to clk_mux_determine_rate_flags() (git-fixes).
- clk: mediatek: mt8195-infra_ao: Fix parent for infra_ao_hdmi_26m (git-fixes).
- clk: qcom: common: Fix NULL vs IS_ERR() check in qcom_cc_icc_register() (git-fixes).
- clk: qcom: gcc-ipq8074: fix broken freq table for nss_port6_tx_clk_src (git-fixes).
- clk: qcom: tcsrcc-x1e80100: Set the bi_tcxo as parent to eDP refclk (git-fixes).
- clk: renesas: cpg-mssr: Fix memory leak in cpg_mssr_reserved_init() (git-fixes).
- clk: renesas: rzv2h: Fix missing CLK_SET_RATE_PARENT flag for ddiv clocks (git-fixes).
- clk: samsung: exynos850: fix a comment (git-fixes).
- clk: samsung: gs101: fix CLK_DOUT_CMU_G3D_BUSD (git-fixes).
- clk: samsung: gs101: fix alternate mout_hsi0_usb20_ref parent clock (git-fixes).
- clk: sunxi-ng: v3s: Fix de clock definition (git-fixes).
- clk: tegra: do not overallocate memory for bpmp clocks (git-fixes).
- clk: thead: th1520-ap: Correctly refer the parent of osc_12m (git-fixes).
- clk: xilinx: vcu: unregister pll_post only if registered correctly (git-fixes).
- comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() (git-fixes).
- comedi: Make insn_rw_emulate_bits() do insn->n samples (git-fixes).
- comedi: fix race between polling and detaching (git-fixes).
- comedi: pcl726: Prevent invalid irq number (git-fixes).
- compiler-clang.h: define __SANITIZE_*__ macros only when undefined (stable-fixes).
- compiler: remove __ADDRESSABLE_ASM{_STR,}() again (git-fixes).
- config.sh: SLFO 1.2 branched in IBS
- config: arm64: default: enable mtu3 dual-role support for MediaTek platforms (bsc#1245206)
- coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes).
- cpu: Define attack vectors (git-fixes).
- cpufreq/amd-pstate: Fix a regression leading to EPP 0 after resume (git-fixes).
- cpufreq/amd-pstate: Fix setting of CPPC.min_perf in active mode for performance governor (git-fixes).
- cpufreq/sched: Explicitly synchronize limits_changed flag (git-fixes)
- cpufreq/sched: Fix the usage of CPUFREQ_NEED_UPDATE_LIMITS (git-fixes)
- cpufreq: Add SM8650 to cpufreq-dt-platdev blocklist (stable-fixes).
- cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay (stable-fixes).
- cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag (stable-fixes).
- cpufreq: Exit governor when failed to start old governor (stable-fixes).
- cpufreq: Init policy->rwsem before it may be possibly used (git-fixes).
- cpufreq: Initialize cpufreq-based frequency-invariance later (git-fixes).
- cpufreq: Initialize cpufreq-based invariance before subsys (git-fixes).
- cpufreq: Make drivers using CPUFREQ_ETERNAL specify transition latency (stable-fixes git-fixes).
- cpufreq: Reference count policy in cpufreq_update_limits() (git-fixes).
- cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() (stable-fixes).
- cpufreq: armada-8k: make both cpu masks static (git-fixes).
- cpufreq: cppc: Fix invalid return value in .get() callback (git-fixes).
- cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() (git-fixes).
- cpufreq: intel_pstate: Add Granite Rapids support in no-HWP mode (stable-fixes).
- cpufreq: intel_pstate: Always use HWP_DESIRED_PERF in passive mode (git-fixes).
- cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (git-fixes).
- cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode (git-fixes).
- cpufreq: mediatek: fix device leak on probe failure (git-fixes).
- cpufreq: scmi: Account for malformed DT in scmi_dev_used_by_cpus() (git-fixes).
- cpufreq: scmi: Skip SCMI devices that are not used by the CPUs (stable-fixes).
- cpufreq: scpi: compare kHz instead of Hz (git-fixes).
- cpufreq: sun50i: prevent out-of-bounds access (git-fixes).
- cpufreq: tegra186: Set target frequency for all cpus in policy (git-fixes).
- cpufreq: tegra186: Share policy per cluster (stable-fixes).
- cpupower: Fix a bug where the -t option of the set subcommand was not working (stable-fixes).
- crypto: af_alg - Set merge to zero early in af_alg_sendmsg (git-fixes).
- crypto: arm/aes-neonbs - work around gcc-15 warning (git-fixes).
- crypto: aspeed - Fix dma_unmap_sg() direction (git-fixes).
- crypto: atmel - Fix dma_unmap_sg() direction (git-fixes).
- crypto: caam - Prevent crash on suspend with iMX8QM / iMX8ULP (git-fixes).
- crypto: ccp - Add missing bootloader info reg for pspv6 (stable-fixes).
- crypto: ccp - Fix crash when rebind ccp device for ccp.ko (git-fixes).
- crypto: ccp - Fix locking on alloc failure handling (git-fixes).
- crypto: essiv - Check ssize for decryption and in-place encryption (git-fixes).
- crypto: hisilicon - re-enable address prefetch after device resuming (git-fixes).
- crypto: hisilicon/hpre - fix dma unmap sequence (stable-fixes).
- crypto: hisilicon/qm - check whether the input function and PF are on the same device (git-fixes).
- crypto: hisilicon/qm - set NULL to qm->debug.qm_diff_regs (git-fixes).
- crypto: hisilicon/zip - remove unnecessary validation for high-performance mode configurations (git-fixes).
- crypto: img-hash - Fix dma_unmap_sg() nents value (git-fixes).
- crypto: inside-secure - Fix `dma_unmap_sg()` nents value (git-fixes).
- crypto: jitter - fix intermediary handling (stable-fixes).
- crypto: keembay - Add missing check after sg_nents_for_len() (git-fixes).
- crypto: keembay - Fix dma_unmap_sg() nents value (git-fixes).
- crypto: marvell/cesa - Fix engine load inaccuracy (git-fixes).
- crypto: octeontx2 - Call strscpy() with correct size argument (git-fixes).
- crypto: octeontx2 - Fix address alignment issue on ucode loading (stable-fixes).
- crypto: octeontx2 - Fix address alignment on CN10K A0/A1 and OcteonTX2 (stable-fixes).
- crypto: octeontx2 - Fix address alignment on CN10KB and CN10KA-B0 (stable-fixes).
- crypto: octeontx2 - add timeout for load_fvc completion poll (stable-fixes).
- crypto: qat - allow enabling VFs in the absence of IOMMU (git-fixes).
- crypto: qat - disable ZUC-256 capability for QAT GEN5 (git-fixes).
- crypto: qat - fix DMA direction for compression on GEN2 devices (git-fixes).
- crypto: qat - fix seq_file position update in adf_ring_next() (git-fixes).
- crypto: qat - fix state restore for banks with exceptions (git-fixes).
- crypto: qat - flush misc workqueue during device shutdown (git-fixes).
- crypto: qat - lower priority for skcipher and aead algorithms (stable-fixes).
- crypto: qat - use unmanaged allocation for dc_data (git-fixes).
- crypto: rng - Ensure set_ent is always present (git-fixes).
- crypto: rockchip - Fix dma_unmap_sg() nents value (git-fixes).
- crypto: sun8i-ce - fix nents passed to dma_unmap_sg() (git-fixes).
- devlink: Add support for u64 parameters (jsc#PED-13331).
- devlink: avoid param type value translations (jsc#PED-13331).
- devlink: define enum for attr types of dynamic attributes (jsc#PED-13331).
- devlink: introduce devlink_nl_put_u64() (jsc#PED-13331).
- devlink: let driver opt out of automatic phys_port_name generation (git-fixes).
- dm-mpath: do not print the "loaded" message if registering fails (git-fixes).
- dm-stripe: limit chunk_sectors to the stripe size (git-fixes).
- dm-table: fix checking for rq stackable devices (git-fixes).
- dm: Check for forbidden splitting of zone write operations (git-fixes).
- dm: split write BIOs on zone boundaries when zone append is not emulated (git-fixes).
- dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted (stable-fixes).
- dmaengine: Fix dma_async_tx_descriptor->tx_submit documentation (git-fixes).
- dmaengine: dw-edma: Drop unused dchan2dev() and chan2dev() (git-fixes).
- dmaengine: dw: dmamux: Fix device reference leak in rzn1_dmamux_route_allocate (git-fixes).
- dmaengine: fsl-dpaa2-qdma: Drop unused mc_enc() (git-fixes).
- dmaengine: idxd: Fix double free in idxd_setup_wqs() (git-fixes).
- dmaengine: idxd: Fix refcount underflow on module unload (git-fixes).
- dmaengine: idxd: Remove improper idxd_free (git-fixes).
- dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status() (git-fixes).
- dmaengine: mmp: Fix again Wvoid-pointer-to-enum-cast warning (git-fixes).
- dmaengine: mv_xor: Fix missing check after DMA map and missing unmap (git-fixes).
- dmaengine: nbpfaxi: Add missing check after DMA map (git-fixes).
- dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees (git-fixes).
- dmaengine: qcom: gpi: Drop unused gpi_write_reg_field() (git-fixes).
- dmaengine: stm32-dma: configure next sg only if there are more than 2 sgs (stable-fixes).
- dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (git-fixes).
- docs: admin-guide: update to current minimum pipe size default (git-fixes).
- dpll: Add basic Microchip ZL3073x support (jsc#PED-13331).
- dpll: Make ZL3073X invisible (jsc#PED-13331).
- dpll: zl3073x: Add support to get/set frequency on pins (jsc#PED-13331).
- dpll: zl3073x: Add support to get/set priority on input pins (jsc#PED-13331).
- dpll: zl3073x: Fetch invariants during probe (jsc#PED-13331).
- dpll: zl3073x: Fix build failure (jsc#PED-13331).
- dpll: zl3073x: Implement input pin selection in manual mode (jsc#PED-13331).
- dpll: zl3073x: Implement input pin state setting in automatic mode (jsc#PED-13331).
- dpll: zl3073x: Read DPLL types and pin properties from system firmware (jsc#PED-13331).
- dpll: zl3073x: Register DPLL devices and pins (jsc#PED-13331).
- dpll: zl3073x: ZL3073X_I2C and ZL3073X_SPI should depend on NET (jsc#PED-13331).
- driver core/PM: Set power.no_callbacks along with power.no_pm (stable-fixes).
- drivers/base/node: fix double free in register_one_node() (git-fixes).
- drivers/base/node: handle error properly in register_one_node() (git-fixes).
- drivers: base: handle module_kobject creation (git-fixes).
- drm/amd : Update MES API header file for v11 & v12 (stable-fixes).
- drm/amd/amdgpu: Declare isp firmware binary file (stable-fixes).
- drm/amd/amdgpu: Fix missing error return on kzalloc failure (git-fixes).
- drm/amd/amdgpu: Implement MES suspend/resume gang functionality for v12 (bsc#1243112).
- drm/amd/amdgpu: disable hwmon power1_cap* for gfx 11.0.3 on vf mode (stable-fixes).
- drm/amd/display: Add NULL check for stream before dereference in 'dm_vupdate_high_irq' (bsc#1243112).
- drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs (git-fixes).
- drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() (git-fixes).
- drm/amd/display: Add primary plane to commits for correct VRR handling (stable-fixes).
- drm/amd/display: Adjust DCE 8-10 clock, do not overclock by 15% (git-fixes).
- drm/amd/display: Allow DCN301 to clear update flags (git-fixes).
- drm/amd/display: Allow RX6xxx & RX7700 to invoke amdgpu_irq_get/put (git-fixes).
- drm/amd/display: Avoid a NULL pointer dereference (stable-fixes).
- drm/amd/display: Avoid configuring PSR granularity if PSR-SU not supported (stable-fixes).
- drm/amd/display: Avoid trying AUX transactions on disconnected ports (stable-fixes).
- drm/amd/display: Clear the CUR_ENABLE register on DCN314 w/out DPP PG (stable-fixes).
- drm/amd/display: Default IPS to RCG_IN_ACTIVE_IPS2_IN_OFF (git-fixes).
- drm/amd/display: Disable CRTC degamma LUT for DCN401 (stable-fixes).
- drm/amd/display: Disable DPCD Probe Quirk (bsc#1248121).
- drm/amd/display: Disable dsc_power_gate for dcn314 by default (stable-fixes).
- drm/amd/display: Disable scaling on DCE6 for now (git-fixes).
- drm/amd/display: Do not check for NULL divisor in fixpt code (git-fixes).
- drm/amd/display: Do not overclock DCE 6 by 15% (git-fixes).
- drm/amd/display: Do not overwrite dce60_clk_mgr (git-fixes).
- drm/amd/display: Do not print errors for nonexistent connectors (git-fixes).
- drm/amd/display: Do not warn when missing DCE encoder caps (stable-fixes).
- drm/amd/display: Enable Dynamic DTBCLK Switch (bsc#1243112).
- drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs (stable-fixes).
- drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs (stable-fixes).
- drm/amd/display: Fix 'failed to blank crtc!' (stable-fixes).
- drm/amd/display: Fix DP audio DTO1 clock source on DCE 6 (stable-fixes).
- drm/amd/display: Fix Xorg desktop unresponsive on Replay panel (stable-fixes).
- drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 (git-fixes).
- drm/amd/display: Fix mismatch type comparison (stable-fixes).
- drm/amd/display: Fix vupdate_offload_work doc (bsc#1243112).
- drm/amd/display: Free memory allocation (stable-fixes).
- drm/amd/display: Init DCN35 clocks from pre-os HW values (git-fixes).
- drm/amd/display: Initialize mode_select to 0 (stable-fixes).
- drm/amd/display: Only finalize atomic_obj if it was initialized (stable-fixes).
- drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 (git-fixes).
- drm/amd/display: Properly disable scaling on DCE6 (git-fixes).
- drm/amd/display: Remove redundant semicolons (git-fixes).
- drm/amd/display: Separate set_gsl from set_gsl_source_select (stable-fixes).
- drm/amd/display: Update DMCUB loading sequence for DCN3.5 (stable-fixes).
- drm/amd/display: add workaround flag to link to force FFE preset (stable-fixes).
- drm/amd/display: fix a Null pointer dereference vulnerability (stable-fixes).
- drm/amd/display: fix dmub access race condition (bsc#1243112).
- drm/amd/display: fix initial backlight brightness calculation (git-fixes).
- drm/amd/display: limit clear_update_flags to dcn32 and above (stable-fixes).
- drm/amd/display: more liberal vmin/vmax update for freesync (bsc#1243112).
- drm/amd/display: remove output_tf_change flag (git-fixes).
- drm/amd/display: use udelay rather than fsleep (git-fixes).
- drm/amd/include : MES v11 and v12 API header update (stable-fixes).
- drm/amd/include : Update MES v12 API for fence update (stable-fixes).
- drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value (git-fixes).
- drm/amd/pm: Adjust si_upload_smc_data register programming (v3) (git-fixes).
- drm/amd/pm: Disable MCLK switching with non-DC at 120 Hz+ (v2) (git-fixes).
- drm/amd/pm: Disable SCLK switching on Oland with high pixel clocks (v3) (git-fixes).
- drm/amd/pm: Disable ULV even if unsupported (v3) (git-fixes).
- drm/amd/pm: Fix si_upload_smc_data (v3) (git-fixes).
- drm/amd/pm: Treat zero vblank time as too short in si_dpm (v3) (git-fixes).
- drm/amd/pm: fix null pointer access (stable-fixes).
- drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual (stable-fixes).
- drm/amd: Avoid evicting resources at S5 (bsc#1243112).
- drm/amd: Check whether secure display TA loaded successfully (bsc#1243112).
- drm/amd: Fix hybrid sleep (bsc#1243112).
- drm/amd: Only restore cached manual clock settings in restore if OD enabled (bsc#1243112).
- drm/amd: Restore cached manual clock settings during resume (bsc#1243112).
- drm/amd: Restore cached power limit during resume (stable-fixes).
- drm/amdgpu/discovery: fix fw based ip discovery (git-fixes).
- drm/amdgpu/discovery: optionally use fw based ip discovery (stable-fixes).
- drm/amdgpu/gfx10: fix KGQ reset sequence (git-fixes).
- drm/amdgpu/gfx10: fix kiq locking in KCQ reset (git-fixes).
- drm/amdgpu/gfx9.4.3: fix kiq locking in KCQ reset (git-fixes).
- drm/amdgpu/gfx9: fix kiq locking in KCQ reset (git-fixes).
- drm/amdgpu/mes11: implement detect and reset callback (bsc#1243112).
- drm/amdgpu/mes12: implement detect and reset callback (bsc#1243112).
- drm/amdgpu/mes: add front end for detect and reset hung queue (bsc#1243112).
- drm/amdgpu/mes: add missing locking in helper functions (stable-fixes).
- drm/amdgpu/mes: enable compute pipes across all MEC (git-fixes).
- drm/amdgpu/mes: optimize compute loop handling (stable-fixes).
- drm/amdgpu/swm14: Update power limit logic (stable-fixes).
- drm/amdgpu/vcn4: Fix IB parsing with multiple engine info packages (stable-fixes).
- drm/amdgpu/vcn: Allow limiting ctx to instance 0 for AV1 at any time (stable-fixes).
- drm/amdgpu/vcn: fix ref counting for ring based profile handling (git-fixes).
- drm/amdgpu/vpe: cancel delayed work in hw_fini (bsc#1243112).
- drm/amdgpu: Add additional DCE6 SCL registers (git-fixes).
- drm/amdgpu: Avoid extra evict-restore process (stable-fixes).
- drm/amdgpu: Avoid rma causes GPU duplicate reset (bsc#1243112).
- drm/amdgpu: Enable MES lr_compute_wa by default (stable-fixes).
- drm/amdgpu: Fix allocating extra dwords for rings (v2) (git-fixes).
- drm/amdgpu: Fix for GPU reset being blocked by KIQ I/O (bsc#1243112).
- drm/amdgpu: Increase reset counter only on success (stable-fixes).
- drm/amdgpu: Initialize data to NULL in imu_v12_0_program_rlc_ram() (git-fixes).
- drm/amdgpu: Power up UVD 3 for FW validation (v2) (git-fixes).
- drm/amdgpu: Remove nbiov7.9 replay count reporting (git-fixes).
- drm/amdgpu: Report individual reset error (bsc#1243112).
- drm/amdgpu: Reset the clear flag in buddy during resume (git-fixes).
- drm/amdgpu: Update external revid for GC v9.5.0 (stable-fixes).
- drm/amdgpu: VCN v5_0_1 to prevent FW checking RB during DPG pause (stable-fixes).
- drm/amdgpu: add kicker fws loading for gfx11/smu13/psp13 (stable-fixes).
- drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities (stable-fixes).
- drm/amdgpu: do not resume device in thaw for normal hibernation (bsc#1243112).
- drm/amdgpu: drop hw access in non-DC audio fini (stable-fixes).
- drm/amdgpu: fix a memory leak in fence cleanup when unloading (git-fixes).
- drm/amdgpu: fix incorrect vm flags to map bo (git-fixes).
- drm/amdgpu: fix link error for !PM_SLEEP (bsc#1243112).
- drm/amdgpu: fix task hang from failed job submission during process kill (git-fixes).
- drm/amdgpu: fix vram reservation issue (git-fixes).
- drm/amdgpu: remove the redeclaration of variable i (git-fixes).
- drm/amdgpu: update mmhub 3.0.1 client id mappings (stable-fixes).
- drm/amdgpu: update mmhub 4.1.0 client id mappings (stable-fixes).
- drm/amdkfd: Destroy KFD debugfs after destroy KFD wq (stable-fixes).
- drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl() (git-fixes).
- drm/amdkfd: Fix mmap write lock not release (bsc#1243112).
- drm/ast: Use msleep instead of mdelay for edid read (git-fixes).
- drm/bridge: fix OF node leak (git-fixes).
- drm/bridge: it6505: select REGMAP_I2C (git-fixes).
- drm/bridge: ti-sn65dsi86: Remove extra semicolon in ti_sn_bridge_probe() (git-fixes).
- drm/bridge: ti-sn65dsi86: fix REFCLK setting (git-fixes).
- drm/cirrus-qemu: Fix pitch programming (git-fixes).
- drm/connector: hdmi: Evaluate limited range after computing format (git-fixes).
- drm/dp: Add an EDID quirk for the DPCD register access probe (bsc#1248121).
- drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS (stable-fixes).
- drm/dp: Change AUX DPCD probe address from LANE0_1_STATUS to TRAINING_PATTERN_SET (bsc#1248121).
- drm/edid: Add support for quirks visible to DRM core and drivers (bsc#1248121).
- drm/edid: Define the quirks in an enum list (bsc#1248121).
- drm/format-helper: Add conversion from XRGB8888 to BGR888 (stable-fixes).
- drm/gem: Internally test import_attach for imported objects (git-fixes).
- drm/gem: Test for imported GEM buffers with helper (stable-fixes).
- drm/gma500: Fix null dereference in hdmi teardown (git-fixes).
- drm/hisilicon/hibmc: fix the hibmc loaded failed bug (git-fixes).
- drm/hisilicon/hibmc: fix the i2c device resource leak when vdac init failed (git-fixes).
- drm/hisilicon/hibmc: refactored struct hibmc_drm_private (stable-fixes).
- drm/i915/backlight: Return immediately when scale() finds invalid parameters (stable-fixes).
- drm/i915/ddi: change intel_ddi_init_{dp, hdmi}_connector() return type (stable-fixes).
- drm/i915/ddi: gracefully handle errors from intel_ddi_init_hdmi_connector() (stable-fixes).
- drm/i915/ddi: only call shutdown hooks for valid encoders (stable-fixes).
- drm/i915/display: Fix dma_fence_wait_timeout() return value handling (git-fixes).
- drm/i915/display: add intel_encoder_is_hdmi() (stable-fixes).
- drm/i915/dp: Fix 2.7 Gbps DP_LINK_BW value on g4x (git-fixes).
- drm/i915/dp_mst: Work around Thunderbolt sink disconnect after SINK_COUNT_ESI read (stable-fixes).
- drm/i915/hdmi: add error handling in g4x_hdmi_init() (stable-fixes).
- drm/i915/hdmi: propagate errors from intel_hdmi_init_connector() (stable-fixes).
- drm/i915/icl+/tc: Cache the max lane count value (stable-fixes).
- drm/i915/icl+/tc: Convert AUX powered WARN to a debug message (stable-fixes).
- drm/i915/power: fix size for for_each_set_bit() in abox iteration (git-fixes).
- drm/imagination: Clear runtime PM errors while resetting the GPU (stable-fixes).
- drm/mediatek: Add error handling for old state CRTC in atomic_disable (git-fixes).
- drm/mediatek: Fix device/node reference count leaks in mtk_drm_get_all_drm_priv (git-fixes).
- drm/mediatek: fix potential OF node use-after-free (git-fixes).
- drm/msm/dp: account for widebus and yuv420 during mode validation (git-fixes).
- drm/msm/dpu: Fill in min_prefill_lines for SC8180X (git-fixes).
- drm/msm/dpu: fix incorrect type for ret (git-fixes).
- drm/msm/kms: move snapshot init earlier in KMS init (git-fixes).
- drm/msm: Add error handling for krealloc in metadata setup (stable-fixes).
- drm/msm: Defer fd_install in SUBMIT ioctl (git-fixes).
- drm/msm: update the high bitfield of certain DSI registers (git-fixes).
- drm/msm: use trylock for debugfs (stable-fixes).
- drm/nouveau/disp: Always accept linear modifier (git-fixes).
- drm/nouveau/gsp: fix potential leak of memory used during acpi init (git-fixes).
- drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor() (git-fixes).
- drm/nouveau: fix bad ret code in nouveau_bo_move_prep (git-fixes).
- drm/nouveau: fix error path in nvkm_gsp_fwsec_v2 (git-fixes).
- drm/nouveau: fix typos in comments (git-fixes).
- drm/nouveau: remove unused increment in gm200_flcn_pio_imem_wr (git-fixes).
- drm/nouveau: remove unused memory target test (git-fixes).
- drm/panel: novatek-nt35560: Fix invalid return value (git-fixes).
- drm/panfrost: Fix panfrost device variable name in devfreq (git-fixes).
- drm/panthor: Add missing explicit padding in drm_panthor_gpu_info (git-fixes).
- drm/panthor: Defer scheduler entitiy destruction to queue release (git-fixes).
- drm/panthor: Fix memory leak in panthor_ioctl_group_create() (git-fixes).
- drm/panthor: validate group queue count (git-fixes).
- drm/radeon/r600_cs: clean up of dead code in r600_cs (git-fixes).
- drm/rcar-du: dsi: Fix 1/2/3 lane support (git-fixes).
- drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed (git-fixes).
- drm/sched: Remove optimization that causes hang when killing dependent jobs (git-fixes).
- drm/simpledrm: Do not upcast in release helpers (git-fixes).
- drm/tests: Fix endian warning (git-fixes).
- drm/ttm: Respect the shrinker core free target (stable-fixes).
- drm/ttm: Should to return the evict error (stable-fixes).
- drm/vmwgfx: Fix Host-Backed userspace on Guest-Backed kernel (git-fixes).
- drm/vmwgfx: Fix Use-after-free in validation (git-fixes).
- drm/vmwgfx: Fix a null-ptr access in the cursor snooper (git-fixes).
- drm/vmwgfx: Fix copy-paste typo in validation (git-fixes).
- drm/xe/bmg: Add new PCI IDs (stable-fixes).
- drm/xe/bmg: Add one additional PCI ID (stable-fixes).
- drm/xe/bmg: Update Wa_22019338487 (git-fixes).
- drm/xe/gsc: do not flush the GSC worker from the reset path (git-fixes).
- drm/xe/hw_engine_group: Fix double write lock release in error path (git-fixes).
- drm/xe/mocs: Initialize MOCS index early (stable-fixes).
- drm/xe/pf: Move VFs reprovisioning to worker (stable-fixes).
- drm/xe/pf: Prepare to stop SR-IOV support prior GT reset (git-fixes).
- drm/xe/pf: Sanitize VF scratch registers on FLR (stable-fixes).
- drm/xe/tile: Release kobject for the failure path (git-fixes).
- drm/xe/uapi: Correct sync type definition in comments (git-fixes).
- drm/xe/uapi: loosen used tracking restriction (git-fixes).
- drm/xe/vf: Disable CSC support on VF (git-fixes).
- drm/xe/vm: Clear the scratch_pt pointer on error (git-fixes).
- drm/xe/xe_query: Use separate iterator while filling GT list (stable-fixes).
- drm/xe/xe_sync: avoid race during ufence signaling (git-fixes).
- drm/xe: Allow dropping kunit dependency as built-in (git-fixes).
- drm/xe: Attempt to bring bos back to VRAM after eviction (git-fixes).
- drm/xe: Carve out wopcm portion from the stolen memory (git-fixes).
- drm/xe: Do not trigger rebind on initial dma-buf validation (git-fixes).
- drm/xe: Ensure fixed_slice_mode gets set after ccs_mode change (git-fixes).
- drm/xe: Fix a NULL vs IS_ERR() in xe_vm_add_compute_exec_queue() (git-fixes).
- drm/xe: Fix build without debugfs (git-fixes).
- drm/xe: Make dma-fences compliant with the safe access rules (stable-fixes).
- drm/xe: Move page fault init after topology init (git-fixes).
- drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ (git-fixes).
- drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path (git-fixes).
- drm: renesas: rz-du: mipi_dsi: Add min check for VCLK range (stable-fixes).
- dt-bindings: dpll: Add DPLL device and pin (jsc#PED-13331).
- dt-bindings: dpll: Add support for Microchip Azurite chip family (jsc#PED-13331).
- e1000e: disregard NVM checksum on tgp when valid checksum bit is not set (git-fixes).
- e1000e: ignore uninitialized checksum word on tgp (git-fixes).
- efi: stmm: Fix incorrect buffer allocation method (git-fixes).
- erofs: avoid reading more for fragment maps (git-fixes).
- erofs: fix atomic context detection when !CONFIG_DEBUG_LOCK_ALLOC (git-fixes).
- execmem: enforce allocation size aligment to PAGE_SIZE (git-fixes).
- exfat: add cluster chain loop check for dir (git-fixes).
- exfat: fdatasync flag should be same like generic_write_sync() (git-fixes).
- ext4: fix checks for orphan inodes (bsc#1250119).
- ext4: remove writable userspace mappings before truncating page cache (bsc#1247223).
- fbcon: Fix OOB access in font allocation (git-fixes).
- fbcon: Fix outdated registered_fb reference in comment (git-fixes).
- fbcon: fix integer overflow in fbcon_do_set_font (git-fixes).
- fbdev: Fix logic error in "offb" name match (git-fixes).
- fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (stable-fixes).
- fbdev: fix potential buffer overflow in do_register_framebuffer() (stable-fixes).
- fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref (git-fixes).
- fbdev: simplefb: Fix use after free in simplefb_detach_genpds() (git-fixes).
- fgraph: Fix set_graph_notrace with setting TRACE_GRAPH_NOTRACE_BIT (git-fixes).
- firewire: core: fix overlooked update of subsystem ABI version (git-fixes).
- firewire: ohci: correct code comments about bus_reset tasklet (git-fixes).
- firmware: arm_ffa: Change initcall level of ffa_init() to rootfs_initcall (stable-fixes).
- firmware: arm_scmi: Convert to SYSTEM_SLEEP_PM_OPS (git-fixes).
- firmware: arm_scmi: Fix up turbo frequencies selection (git-fixes).
- firmware: arm_scmi: Mark VirtIO ready before registering scmi_virtio_driver (git-fixes).
- firmware: arm_scmi: power_control: Ensure SCMI_SYSPOWER_IDLE is set early during resume (stable-fixes).
- firmware: firmware: meson-sm: fix compile-test default (git-fixes).
- firmware: meson_sm: fix device leak at probe (git-fixes).
- firmware: tegra: Fix IVC dependency problems (stable-fixes).
- flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read (git-fixes).
- fs/nfs/io: make nfs_start_io_*() killable (git-fixes).
- fs/proc/task_mmu: check p->vec_buf for NULL (git-fixes).
- fs/proc: Use inode_get_dev() for device numbers in procmap_query References: bsc#1246450
- ftrace: Fix function profiler's filtering functionality (git-fixes).
- ftrace: fix incorrect hash size in register_ftrace_direct() (git-fixes).
- gfs2: Call gfs2_queue_verify_delete from gfs2_evict_inode (bsc#1247220).
- gfs2: Clean up delete work processing (bsc#1247220).
- gfs2: Faster gfs2_upgrade_iopen_glock wakeups (bsc#1247220).
- gfs2: Initialize gl_no_formal_ino earlier (bsc#1247220).
- gfs2: Minor delete_work_func cleanup (bsc#1247220).
- gfs2: Only defer deletes when we have an iopen glock (bsc#1247220).
- gfs2: Prevent inode creation race (2) (bsc#1247220).
- gfs2: Prevent inode creation race (bsc#1247220).
- gfs2: Randomize GLF_VERIFY_DELETE work delay (bsc#1247220).
- gfs2: Rename GIF_{DEFERRED -> DEFER}_DELETE (bsc#1247220).
- gfs2: Rename dinode_demise to evict_behavior (bsc#1247220).
- gfs2: Replace GIF_DEFER_DELETE with GLF_DEFER_DELETE (bsc#1247220).
- gfs2: Return enum evict_behavior from gfs2_upgrade_iopen_glock (bsc#1247220).
- gfs2: Simplify DLM_LKF_QUECVT use (bsc#1247220).
- gfs2: Update to the evict / remote delete documentation (bsc#1247220).
- gfs2: Use mod_delayed_work in gfs2_queue_try_to_evict (bsc#1247220).
- gfs2: gfs2_evict_inode clarification (bsc#1247220).
- gfs2: minor evict fix (bsc#1247220).
- gfs2: skip if we cannot defer delete (bsc#1247220).
- gpio: mlxbf2: use platform_get_irq_optional() (git-fixes).
- gpio: mlxbf3: use platform_get_irq_optional() (git-fixes).
- gpio: tps65912: check the return value of regmap_update_bits() (stable-fixes).
- gpio: virtio: Fix config space reading (git-fixes).
- gpio: wcd934x: check the return value of regmap_update_bits() (stable-fixes).
- gpio: wcd934x: mark the GPIO controller as sleeping (git-fixes).
- gpiolib: Extend software-node support to support secondary software-nodes (git-fixes).
- gve: Fix stuck TX queue for DQ queue format (git-fixes).
- gve: prevent ethtool ops after shutdown (git-fixes).
- habanalabs: fix UAF in export_dmabuf() (git-fixes).
- hid: fix I2C read buffer overflow in raw_event() for mcp2221 (stable-fixes).
- hv_netvsc: Fix panic during namespace deletion with VF (bsc#1248111).
- hv_netvsc: Link queues to NAPIs (git-fixes).
- hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state (stable-fixes).
- hwmon: (gsc-hwmon) fix fan pwm setpoint show functions (git-fixes).
- hwmon: (mlxreg-fan) Separate methods of fan setting coming from different subsystems (git-fixes).
- hwmon: mlxreg-fan: Prevent fans from getting stuck at 0 RPM (git-fixes).
- hwrng: ks-sa - fix division by zero in ks_sa_rng_init (git-fixes).
- hwrng: mtk - handle devm_pm_runtime_enable errors (git-fixes).
- hwrng: nomadik - add ARM_AMBA dependency (git-fixes).
- i2c: Force DLL0945 touchpad i2c freq to 100khz (stable-fixes).
- i2c: designware: Add disabling clocks when probe fails (git-fixes).
- i2c: designware: Add quirk for Intel Xe (stable-fixes).
- i2c: designware: Fix clock issue when PM is disabled (git-fixes).
- i2c: designware: Use temporary variable for struct device (stable-fixes).
- i2c: i801: Hide Intel Birch Stream SoC TCO WDT (git-fixes).
- i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD (git-fixes).
- i2c: muxes: mule: Fix an error handling path in mule_i2c_mux_probe() (git-fixes).
- i2c: omap: Add support for setting mux (stable-fixes).
- i2c: omap: Fix an error handling path in omap_i2c_probe() (git-fixes).
- i2c: omap: Handle omap_i2c_init() errors in omap_i2c_probe() (git-fixes).
- i2c: omap: fix deprecated of_property_read_bool() use (git-fixes).
- i2c: qup: jump out of the loop in case of timeout (git-fixes).
- i2c: riic: Allow setting frequencies lower than 50KHz (git-fixes).
- i2c: tegra: Fix reset error handling with ACPI (git-fixes).
- i2c: tegra: Use internal reset when reset property is not available (bsc#1249143)
- i2c: virtio: Avoid hang by using interruptible completion wait (git-fixes).
- i3c: Fix default I2C adapter timeout value (git-fixes).
- i3c: add missing include to internal header (stable-fixes).
- i3c: do not fail if GETHDRCAP is unsupported (stable-fixes).
- i3c: fix module_i3c_i2c_driver() with I3C=n (git-fixes).
- i3c: master: Initialize ret in i3c_i2c_notifier_call() (stable-fixes).
- i3c: master: svc: Recycle unused IBI slot (git-fixes).
- i3c: master: svc: Use manual response for IBI events (git-fixes).
- i40e: When removing VF MAC filters, only check PF-set MAC (git-fixes).
- i40e: report VF tx_dropped with tx_errors instead of tx_discards (git-fixes).
- ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof (git-fixes).
- ice, irdma: fix an off by one in error handling code (bsc#1247712).
- ice, irdma: move interrupts code to irdma (bsc#1247712).
- ice/ptp: fix crosstimestamp reporting (git-fixes).
- ice: Fix signedness bug in ice_init_interrupt_scheme() (bsc#1247712).
- ice: Replace ice specific DSCP mapping num with a kernel define (jsc#PED-13728 jsc#PED-13762).
- ice: check correct pointer in fwlog debugfs (git-fixes).
- ice: count combined queues using Rx/Tx count (bsc#1247712).
- ice: devlink PF MSI-X max and min parameter (bsc#1247712).
- ice: do not leave device non-functional if Tx scheduler config fails (git-fixes).
- ice: enable_rdma devlink param (bsc#1247712).
- ice: fix NULL pointer dereference in ice_unplug_aux_dev() on reset (jsc#PED-13728).
- ice: fix incorrect counter for buffer allocation failures (git-fixes).
- ice: get rid of num_lan_msix field (bsc#1247712).
- ice: init flow director before RDMA (bsc#1247712).
- ice: remove splitting MSI-X between features (bsc#1247712).
- ice: simplify VF MSI-X managing (bsc#1247712).
- ice: treat dyn_allowed only as suggestion (bsc#1247712).
- ice: use fixed adapter index for E825C embedded devices (git-fixes).
- idpf: add PTP clock configuration (jsc#PED-13728 jsc#PED-13762).
- idpf: add Tx timestamp capabilities negotiation (jsc#PED-13728 jsc#PED-13762).
- idpf: add Tx timestamp flows (jsc#PED-13728 jsc#PED-13762).
- idpf: add cross timestamping (jsc#PED-13728).
- idpf: add flow steering support (jsc#PED-13728).
- idpf: add initial PTP support (jsc#PED-13728 jsc#PED-13762).
- idpf: add mailbox access to read PTP clock time (jsc#PED-13728 jsc#PED-13762).
- idpf: add support for Rx timestamping (jsc#PED-13728 jsc#PED-13762).
- idpf: add support for Tx refillqs in flow scheduling mode (jsc#PED-13728).
- idpf: assign extracted ptype to struct libeth_rqe_info field (jsc#PED-13728 jsc#PED-13762).
- idpf: change the method for mailbox workqueue allocation (jsc#PED-13728 jsc#PED-13762).
- idpf: fix UAF in RDMA core aux dev deinitialization (jsc#PED-13728).
- idpf: implement IDC vport aux driver MTU change handler (jsc#PED-13728 jsc#PED-13762).
- idpf: implement RDMA vport auxiliary dev create, init, and destroy (jsc#PED-13728 jsc#PED-13762).
- idpf: implement core RDMA auxiliary dev create, init, and destroy (jsc#PED-13728 jsc#PED-13762).
- idpf: implement get LAN MMIO memory regions (jsc#PED-13728 jsc#PED-13762).
- idpf: implement remaining IDC RDMA core callbacks and handlers (jsc#PED-13728 jsc#PED-13762).
- idpf: improve when to set RE bit logic (jsc#PED-13728).
- idpf: move virtchnl structures to the header file (jsc#PED-13728 jsc#PED-13762).
- idpf: negotiate PTP capabilities and get PTP clock (jsc#PED-13728 jsc#PED-13762).
- idpf: preserve coalescing settings across resets (jsc#PED-13728).
- idpf: remove obsolete stashing code (jsc#PED-13728).
- idpf: remove unreachable code from setting mailbox (jsc#PED-13728 jsc#PED-13762).
- idpf: replace flow scheduling buffer ring with buffer pool (jsc#PED-13728).
- idpf: set mac type when adding and removing MAC filters (jsc#PED-13728).
- idpf: simplify and fix splitq Tx packet rollback error path (jsc#PED-13728).
- idpf: stop Tx if there are insufficient buffer resources (jsc#PED-13728).
- idpf: use reserved RDMA vectors from control plane (jsc#PED-13728 jsc#PED-13762).
- igb: xsk: solve negative overflow of nb_pkts in zerocopy mode (git-fixes).
- igc: disable L1.2 PCI-E link substate to avoid performance issue (git-fixes).
- igc: fix disabling L1.2 PCI-E link substate on I226 on init (git-fixes).
- iidc/ice/irdma: Break iidc.h into two headers (jsc#PED-13728 jsc#PED-13762).
- iidc/ice/irdma: Rename IDC header file (jsc#PED-13728 jsc#PED-13762).
- iidc/ice/irdma: Rename to iidc_* convention (jsc#PED-13728 jsc#PED-13762).
- iidc/ice/irdma: Update IDC to support multiple consumers (jsc#PED-13728 jsc#PED-13762).
- iio/adc/pac1934: fix channel disable configuration (git-fixes).
- iio: accel: adxl355: Make timestamp 64-bit aligned using aligned_s64 (git-fixes).
- iio: accel: fxls8962af: Fix temperature calculation (git-fixes).
- iio: adc: ad7173: fix setting ODR in probe (git-fixes).
- iio: adc: ad7266: Fix potential timestamp alignment issue (git-fixes).
- iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement (stable-fixes).
- iio: adc: ad7768-1: Fix insufficient alignment of timestamp (git-fixes).
- iio: adc: ad_sigma_delta: change to buffer predisable (git-fixes).
- iio: adc: ad_sigma_delta: do not overallocate scan buffer (stable-fixes).
- iio: adc: dln2: Use aligned_s64 for timestamp (git-fixes).
- iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] (stable-fixes).
- iio: adc: max1363: Reorder mode_list[] entries (stable-fixes).
- iio: chemical: pms7003: use aligned_s64 for timestamp (git-fixes).
- iio: chemical: sps30: use aligned_s64 for timestamp (git-fixes).
- iio: common: st_sensors: Fix use of uninitialize device structs (stable-fixes).
- iio: consumers: Fix handling of negative channel scale in iio_convert_raw_to_processed() (git-fixes).
- iio: consumers: Fix offset handling in iio_convert_raw_to_processed() (git-fixes).
- iio: dac: ad5360: use int type to store negative error codes (git-fixes).
- iio: dac: ad5421: use int type to store negative error codes (git-fixes).
- iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE (git-fixes).
- iio: frequency: adf4350: Fix prescaler usage (git-fixes).
- iio: hid-sensor-prox: Fix incorrect OFFSET calculation (git-fixes).
- iio: hid-sensor-prox: Restore lost scale assignments (git-fixes).
- iio: imu: bno055: fix OOB access of hw_xlate array (git-fixes).
- iio: imu: inv_icm42600: Convert to uXX and sXX integer types (stable-fixes).
- iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume (git-fixes).
- iio: imu: inv_icm42600: change invalid data error to -EBUSY (git-fixes).
- iio: imu: inv_icm42600: fix spi burst write not supported (git-fixes).
- iio: imu: inv_icm42600: switch timestamp type from int64_t __aligned(8) to aligned_s64 (stable-fixes).
- iio: imu: inv_icm42600: use = { } instead of memset() (stable-fixes).
- iio: light: Use aligned_s64 instead of open coding alignment (stable-fixes).
- iio: light: as73211: Ensure buffer holes are zeroed (git-fixes).
- iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe() (git-fixes).
- iio: pressure: mprls0025pa: use aligned_s64 for timestamp (git-fixes).
- iio: proximity: isl29501: fix buffered read on big-endian systems (git-fixes).
- iio: temperature: maxim_thermocouple: use DMA-safe buffer for spi_read() (git-fixes).
- iio: xilinx-ams: Fix AMS_ALARM_THR_DIRECT_MASK (git-fixes).
- iio: xilinx-ams: Unmask interrupts after updating alarms (git-fixes).
- integrity/platform_certs: Allow loading of keys in the static key management mode (jsc#PED-13345 jsc#PED-13343).
- intel_idle: Provide the default enter_dead() handler (jsc#PED-13815).
- intel_idle: Rescan "dead" SMT siblings during initialization (jsc#PED-13815).
- intel_idle: Use subsys_initcall_sync() for initialization (jsc#PED-13815).
- interconnect: qcom: sc8180x: specify num_nodes (git-fixes).
- interconnect: qcom: sc8280xp: specify num_links for qnm_a1noc_cfg (git-fixes).
- io_uring/rw: do not mask in f_iocb_flags (jsc#PED-12882 bsc#1237542). Drop blacklisting.
- io_uring: expose read/write attribute capability (jsc#PED-12882 bsc#1237542).
- io_uring: fix potential page leak in io_sqe_buffer_register() (git-fixes).
- iommu/amd: Enable PASID and ATS capabilities in the correct order (git-fixes).
- iommu/amd: Fix alias device DTE setting (git-fixes).
- iommu/amd: Fix geometry.aperture_end for V2 tables (git-fixes).
- iommu/arm-smmu-qcom: Add SM6115 MDSS compatible (git-fixes).
- iommu/arm-smmu-v3: Fix smmu_domain->nr_ats_masters decrement (git-fixes).
- iommu/tegra241-cmdqv: Read SMMU IDR1.CMDQS instead of hardcoding (git-fixes).
- iommu/vt-d: Disallow dirty tracking if incoherent page walk (git-fixes).
- iommu/vt-d: Fix __domain_mapping()'s usage of switch_to_super_page() (git-fixes).
- iommu/vt-d: Fix missing PASID in dev TLB flush with cache_tag_flush_all (git-fixes).
- iommu/vt-d: Fix possible circular locking dependency (git-fixes).
- iommu/vt-d: Fix system hang on reboot -f (git-fixes).
- iommu/vt-d: PRS isn't usable if PDS isn't supported (git-fixes).
- iommu: Handle race with default domain setup (git-fixes).
- iosys-map: Fix undefined behavior in iosys_map_clear() (git-fixes).
- ipmi: Fix strcpy source and destination the same (stable-fixes).
- ipmi: Use dev_warn_ratelimited() for incorrect message warnings (stable-fixes).
- ipv6: annotate data-races around rt->fib6_nsiblings (git-fixes).
- ipv6: fix possible infinite loop in fib6_info_uses_dev() (git-fixes).
- ipv6: prevent infinite loop in rt6_nlmsg_size() (git-fixes).
- ipv6: reject malicious packets in ipv6_gso_segment() (git-fixes).
- ipvs: Fix clamp() of ip_vs_conn_tab on small memory systems (git-fixes).
- irdma: free iwdev->rf after removing MSI-X (bsc#1247712).
- isolcpus: add missing hunk back (bsc#1236897 bsc#1249206).
- iwlwifi: Add missing check for alloc_ordered_workqueue (git-fixes).
- ixgbe: fix ixgbe_orom_civd_info struct layout (bsc#1245410).
- ixgbe: prevent from unwanted interface name changes (git-fixes).
- ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc (git-fixes).
- kABI fix after Add TDX support for vSphere (jsc#PED-13302).
- kABI fix after KVM: SVM: Fix SNP AP destroy race with VMRUN (git-fixes).
- kABI fix after KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest (git-fixes).
- kABI fix after KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap (git-fixes).
- kABI fix after vhost: Reintroduce kthread API and add mode selection (git-fixes).
- kABI workaround for "drm/dp: Add an EDID quirk for the DPCD register access probe" (bsc#1248121).
- kABI workaround for amd_sfh (git-fixes).
- kABI workaround for drm_gem.h (git-fixes).
- kABI workaround for struct mtk_base_afe changes (git-fixes).
- kABI: Fix the module::name type in audit_context (git-fixes).
- kABI: PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (git-fixes).
- kABI: arm64: ftrace: Restore struct mod_arch_specific layout (git-fixes).
- kABI: fix for struct devlink_port_attrs: move new member to the end (git-fixes).
- kABI: netfilter: supress warnings for nft_set_ops (git-fixes).
- kABI: x86/sev: Use TSC_FACTOR for Secure TSC frequency calculation (git-fixes).
- kabi/severities: ignore kABI compatibility in iio inv_icm42600 drivers They are used only locally
- kabi/severities: ignore two unused/dropped symbols from MEI
- kabi: Hide adding of u64 to devlink_param_type (jsc#PED-12745).
- kabi: Restore layout of parallel_data (bsc1248343).
- kabi: restore layout of struct cgroup_rstat_cpu (bsc#1247963).
- kasan: use vmalloc_dump_obj() for vmalloc error reports (git-fixes).
- kbuild/modpost: Continue processing all unresolved symbols when KLP_SYM_RELA is found (bsc#1218644, bsc#1250655).
- kbuild: rust: add rustc-min-version support function (git-fixes)
- kernel-binary: Another installation ordering fix (bsc#1241353).
- kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346)
- kernel: globalize lookup_or_create_module_kobject() (stable-fixes).
- kernel: param: rename locate_module_kobject (stable-fixes).
- leds: flash: leds-qcom-flash: Fix registry access after re-bind (git-fixes).
- leds: flash: leds-qcom-flash: Update torch current clamp setting (git-fixes).
- leds: leds-lp50xx: Handle reg to get correct multi_index (stable-fixes).
- leds: leds-lp55xx: Use correct address for memory programming (git-fixes).
- lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() (bsc#1236897).
- libbpf: Add identical pointer detection to btf_dedup_is_equiv() (git-fixes).
- libeth: move idpf_rx_csum_decoded and idpf_rx_extracted (jsc#PED-13728 jsc#PED-13762).
- livepatch: Add stack_order sysfs attribute (poo#187320).
- loop: use kiocb helpers to fix lockdep warning (git-fixes).
- lpfc: do not use file->f_path.dentry for comparisons (bsc#1250519).
- mISDN: Fix memory leak in dsp_hwec_enable() (git-fixes).
- mISDN: hfcpci: Fix warning when deleting uninitialized timer (git-fixes).
- mailbox: Not protect module_put with spin_lock_irqsave (stable-fixes).
- mailbox: mtk-cmdq: Remove pm_runtime APIs from cmdq_mbox_send_data() (git-fixes).
- mailbox: pcc: Always clear the platform ack interrupt first (stable-fixes).
- mailbox: pcc: Fix the possible race in updation of chan_in_use flag (stable-fixes).
- mailbox: pcc: Use acpi_os_ioremap() instead of ioremap() (stable-fixes).
- mailbox: zynqmp-ipi: Fix SGI cleanup on unbind (git-fixes).
- mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop (git-fixes).
- mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes (git-fixes).
- mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call (git-fixes).
- maple_tree: fix MAPLE_PARENT_RANGE32 and parent pointer docs (git-fixes).
- maple_tree: fix status setup on restore to active (git-fixes).
- maple_tree: fix testing for 32 bit builds (git-fixes).
- mctp: no longer rely on net->dev_index_head (git-fixes).
- md/raid1,raid10: strip REQ_NOWAIT from member bios (git-fixes).
- md: allow removing faulty rdev during resync (git-fixes).
- md: dm-zoned-target: Initialize return variable r to avoid uninitialized use (git-fixes).
- md: make rdev_addable usable for rcu mode (git-fixes).
- media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove (git-fixes).
- media: cec: extron-da-hd-4k-plus: drop external-module make commands (git-fixes).
- media: cx18: Add missing check after DMA map (git-fixes).
- media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() (stable-fixes).
- media: dvb-frontends: w7090p: fix null-ptr-deref in
w7090p_tuner_write_serpar and w7090p_tuner_read_serpar (stable-fixes).
- media: gspca: Add bounds checking to firmware parser (git-fixes).
- media: hi556: Fix reset GPIO timings (stable-fixes).
- media: hi556: correct the test pattern configuration (git-fixes).
- media: i2c: mt9v111: fix incorrect type for ret (git-fixes).
- media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe (git-fixes).
- media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() (git-fixes).
- media: ipu-bridge: Add _HID for OV5670 (stable-fixes).
- media: ipu6: isys: Use correct pads for xlate_streams() (git-fixes).
- media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls (git-fixes).
- media: lirc: Fix error handling in lirc_register() (git-fixes).
- media: mc: Fix MUST_CONNECT handling for pads with no links (git-fixes).
- media: mt9m114: Fix deadlock in get_frame_interval/set_frame_interval (git-fixes).
- media: ov2659: Fix memory leaks in ov2659_probe() (git-fixes).
- media: pci: ivtv: Add missing check after DMA map (git-fixes).
- media: pci: mg4b: fix uninitialized iio scan data (git-fixes).
- media: pisp_be: Fix pm_runtime underrun in probe (git-fixes).
- media: qcom: camss: cleanup media device allocated resource on error path (git-fixes).
- media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() (git-fixes).
- media: rc: fix races with imon_disconnect() (git-fixes).
- media: rj54n1cb0c: Fix memleak in rj54n1_probe() (git-fixes).
- media: s5p-mfc: remove an unused/uninitialized variable (git-fixes).
- media: st-delta: avoid excessive stack usage (git-fixes).
- media: tc358743: Check I2C succeeded during probe (stable-fixes).
- media: tc358743: Increase FIFO trigger level to 374 (stable-fixes).
- media: tc358743: Return an appropriate colorspace from tc358743_set_fmt (stable-fixes).
- media: ti: j721e-csi2rx: Fix source subdev link creation (git-fixes).
- media: ti: j721e-csi2rx: Use devm_of_platform_populate (git-fixes).
- media: ti: j721e-csi2rx: fix list_del corruption (git-fixes).
- media: tuner: xc5000: Fix use-after-free in xc5000_release (git-fixes).
- media: usb: hdpvr: disable zero-length read messages (stable-fixes).
- media: usbtv: Lock resolution while streaming (git-fixes).
- media: uvcvideo: Add quirk for HP Webcam HD 2300 (stable-fixes).
- media: uvcvideo: Do not mark valid metadata as invalid (git-fixes).
- media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() (git-fixes).
- media: uvcvideo: Fix bandwidth issue for Alcor camera (stable-fixes).
- media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID (git-fixes).
- media: uvcvideo: Rollback non processed entities on error (git-fixes).
- media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control (stable-fixes).
- media: v4l2-ctrls: Do not reset handler's error in v4l2_ctrl_handler_free() (git-fixes).
- media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check (git-fixes).
- media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() (git-fixes).
- media: v4l2: Add support for NV12M tiled variants to v4l2_format_info() (git-fixes).
- media: venus: Add a check for packet size after reading from shared memory (git-fixes).
- media: venus: Fix MSM8998 frequency table (git-fixes).
- media: venus: Fix OOB read due to missing payload bound check (git-fixes).
- media: venus: firmware: Use correct reset sequence for IRIS2 (git-fixes).
- media: venus: hfi: explicitly release IRQ during teardown (git-fixes).
- media: venus: protect against spurious interrupts during probe (git-fixes).
- media: venus: vdec: Clamp param smaller than 1fps and bigger than 240 (git-fixes).
- media: venus: venc: Clamp param smaller than 1fps and bigger than 240 (git-fixes).
- media: verisilicon: Fix AV1 decoder clock frequency (git-fixes).
- media: vivid: fix wrong pixel_array control size (git-fixes).
- media: zoran: Remove zoran_fh structure (git-fixes).
- mei: bus: Check for still connected devices in mei_cl_bus_dev_release() (stable-fixes).
- mei: vsc: Destroy mutex after freeing the IRQ (git-fixes).
- mei: vsc: Do not re-init VSC from mei_vsc_hw_reset() on stop (git-fixes).
- mei: vsc: Drop unused vsc_tp_request_irq() and vsc_tp_free_irq() (stable-fixes).
- mei: vsc: Event notifier fixes (git-fixes).
- mei: vsc: Fix "BUG: Invalid wait context" lockdep error (git-fixes).
- mei: vsc: Run event callback from a workqueue (git-fixes).
- mei: vsc: Unset the event callback on remove and probe errors (git-fixes).
- memory: mtk-smi: Add ostd setting for mt8186 (git-fixes).
- memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe (git-fixes).
- memstick: Fix deadlock by moving removing flag earlier (git-fixes).
- mfd: axp20x: Set explicit ID for AXP313 regulator (stable-fixes).
- mfd: cros_ec: Separate charge-control probing from USB-PD (git-fixes).
- mfd: exynos-lpass: Fix another error handling path in exynos_lpass_probe() (git-fixes).
- mfd: rz-mtu3: Fix MTU5 NFCR register offset (git-fixes).
- mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() (git-fixes).
- microchip: lan865x: Fix LAN8651 autoloading (git-fixes).
- microchip: lan865x: Fix module autoloading (git-fixes).
- microchip: lan865x: fix missing Timer Increment config for Rev.B0/B1 (git-fixes).
- microchip: lan865x: fix missing netif_start_queue() call on device open (git-fixes).
- misc: fastrpc: Fix fastrpc_map_lookup operation (git-fixes).
- misc: fastrpc: Save actual DMA size in fastrpc_map structure (git-fixes).
- misc: fastrpc: Skip reference for DMA handles (git-fixes).
- misc: fastrpc: fix possible map leak in fastrpc_put_args (git-fixes).
- misc: genwqe: Fix incorrect cmd field being reported in error (git-fixes).
- misc: pci_endpoint_test: Fix 'irq_type' to convey the correct type (git-fixes).
- misc: pci_endpoint_test: Give disabled BARs a distinct error code (stable-fixes).
- misc: rtsx: usb: Ensure mmc child device is active when card is present (git-fixes).
- mm/damon/core: avoid destroyed target reference from DAMOS quota (git-fixes).
- mm/damon/core: prevent unnecessary overflow in damos_set_effective_quota() (git-fixes).
- mm/damon/core: set quota->charged_from to jiffies at first charge window (git-fixes).
- mm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters() (git-fixes).
- mm/damon/ops-common: ignore migration request to invalid nodes (git-fixes).
- mm/damon/reclaim: avoid divide-by-zero in damon_reclaim_apply_parameters() (git-fixes).
- mm/damon/sysfs: fix use-after-free in state_show() (git-fixes).
- mm/memory-failure: fix redundant updates for already poisoned pages (bsc#1250087).
- mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() (git-fixes)
- mm/userfaultfd: fix kmap_local LIFO ordering for CONFIG_HIGHPTE (git-fixes).
- mm: close theoretical race where stale TLB entries could linger (git-fixes).
- mm: fault in complete folios instead of individual pages for tmpfs (git-fixes).
- mm: fix the inaccurate memory statistics issue for users (bsc#1244723).
- mm: introduce and use {pgd,p4d}_populate_kernel() (git-fixes).
- mm: khugepaged: fix call hpage_collapse_scan_file() for anonymous vma (git-fixes).
- mm: memory-tiering: fix PGPROMOTE_CANDIDATE counting (bsc#1245630).
- mm: memory-tiering: fix PGPROMOTE_CANDIDATE counting - kabi (bsc#1245630).
- mm: move page table sync declarations to linux/pgtable.h (git-fixes).
- mm: swap: fix potential buffer overflow in setup_clusters() (git-fixes).
- mmc: core: Fix variable shadowing in mmc_route_rpmb_frames() (git-fixes).
- mmc: mvsdio: Fix dma_unmap_sg() nents value (git-fixes).
- mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() (stable-fixes).
- mmc: sdhci-cadence: add Mobileye eyeQ support (stable-fixes).
- mmc: sdhci-msm: Ensure SD card power isn't ON when card removed (stable-fixes).
- mmc: sdhci-of-arasan: Ensure CD logic stabilization before power-up (stable-fixes).
- mmc: sdhci-of-arasan: Support for emmc hardware reset (stable-fixes).
- mmc: sdhci-pci-gli: Add a new function to simplify the code (git-fixes).
- mmc: sdhci-pci-gli: GL9763e: Mask the replay timer timeout of AER (git-fixes).
- mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency (git-fixes).
- mmc: sdhci_am654: Disable HS400 for AM62P SR1.0 and SR1.1 (git-fixes).
- module: Fix memory deallocation on error path in move_module() (git-fixes).
- module: Prevent silent truncation of module name in delete_module(2) (git-fixes).
- module: Remove unnecessary +1 from last_unloaded_module::name size (git-fixes).
- module: Restore the moduleparam prefix length check (git-fixes).
- most: core: Drop device reference after usage in get_channel() (git-fixes).
- mptcp: fix spurious wake-up on under memory pressure (git-fixes).
- mtd: fix possible integer overflow in erase_xfer() (git-fixes).
- mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing (git-fixes).
- mtd: rawnand: atmel: Fix dma_mapping_error() address (git-fixes).
- mtd: rawnand: atmel: Fix error handling path in atmel_nand_controller_add_nands (git-fixes).
- mtd: rawnand: atmel: set pmecc data setup time (git-fixes).
- mtd: rawnand: fsmc: Add missing check after DMA map (git-fixes).
- mtd: rawnand: omap2: fix device leak on probe failure (git-fixes).
- mtd: rawnand: qcom: Fix last codeword read in qcom_param_page_type_exec() (git-fixes).
- mtd: rawnand: renesas: Add missing check after DMA map (git-fixes).
- mtd: rawnand: rockchip: Add missing check after DMA map (git-fixes).
- mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer (git-fixes).
- mtd: rawnand: stm32_fmc2: fix ECC overwrite (git-fixes).
- mtd: spi-nor: Fix spi_nor_try_unlock_all() (git-fixes).
- mtd: spi-nor: spansion: Fixup params->set_4byte_addr_mode for SEMPER (git-fixes).
- mtd: spinand: propagate spinand_wait() errors from spinand_write_page() (git-fixes).
- mwl8k: Add missing check after DMA map (git-fixes).
- neighbour: Fix null-ptr-deref in neigh_flush_dev() (git-fixes).
- net/mlx5: Base ECVF devlink port attrs from 0 (git-fixes).
- net/mlx5: CT: Use the correct counter offset (git-fixes).
- net/mlx5: Check device memory pointer before usage (git-fixes).
- net/mlx5: Correctly set gso_segs when LRO is used (git-fixes).
- net/mlx5: Correctly set gso_size when LRO is used (git-fixes).
- net/mlx5: E-Switch, Fix peer miss rules to use peer eswitch (git-fixes).
- net/mlx5: Fix lockdep assertion on sync reset unload event (git-fixes).
- net/mlx5: Fix memory leak in cmd_exec() (git-fixes).
- net/mlx5: HWS, Fix memory leak in hws_action_get_shared_stc_nic error flow (git-fixes).
- net/mlx5: HWS, Fix pattern destruction in mlx5hws_pat_get_pattern error path (git-fixes).
- net/mlx5: HWS, fix bad parameter in CQ creation (git-fixes).
- net/mlx5: Nack sync reset when SFs are present (git-fixes).
- net/mlx5: Prevent flow steering mode changes in switchdev mode (git-fixes).
- net/mlx5: Reload auxiliary drivers on fw_activate (git-fixes).
- net/mlx5e: Add new prio for promiscuous mode (git-fixes).
- net/mlx5e: Clear Read-Only port buffer size in PBMC before update (git-fixes).
- net/mlx5e: Preserve shared buffer capacity during headroom updates (git-fixes).
- net/mlx5e: Remove skb secpath if xfrm state is not found (git-fixes).
- net/mlx5e: Set local Xoff after FW update (git-fixes).
- net/mlx5e: Update and set Xon/Xoff upon MTU set (git-fixes).
- net/mlx5e: Update and set Xon/Xoff upon port speed set (git-fixes).
- net/packet: fix a race in packet_set_ring() and packet_notifier() (git-fixes).
- net/sched: Restrict conditions for adding duplicating netems to qdisc tree (git-fixes).
- net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing (git-fixes).
- net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (git-fixes).
- net/sched: taprio: enforce minimum value for picos_per_byte (git-fixes).
- net/smc: check sndbuf_space again after NOSPACE flag is set in smc_poll (git-fixes).
- net: 802: LLC+SNAP OID:PID lookup on start of skb data (git-fixes).
- net: dsa: restore dsa_software_vlan_untag() ability to operate on VLAN-untagged traffic (git-fixes).
- net: dsa: tag_ocelot_8021q: fix broken reception (git-fixes).
- net: hsr: fix fill_frame_info() regression vs VLAN packets (git-fixes).
- net: hsr: fix hsr_init_sk() vs network/transport headers (git-fixes).
- net: hv_netvsc: fix loss of early receive events from host during channel open (git-fixes).
- net: ieee8021q: fix insufficient table-size assertion (stable-fixes).
- net: llc: reset skb->transport_header (git-fixes).
- net: mana: Add handler for hardware servicing events (bsc#1245730).
- net: mana: Add speed support in mana_get_link_ksettings (bsc#1245726).
- net: mana: Add support for net_shaper_ops (bsc#1245726).
- net: mana: Allocate MSI-X vectors dynamically (bsc#1245457).
- net: mana: Allow irq_setup() to skip cpus for affinity (bsc#1245457).
- net: mana: Expose additional hardware counters for drop and TC via ethtool (bsc#1245729).
- net: mana: Fix build errors when CONFIG_NET_SHAPER is disabled (gix-fixes).
- net: mana: Fix potential deadlocks in mana napi ops (bsc#1245726).
- net: mana: Handle Reset Request from MANA NIC (bsc#1245728).
- net: mana: Handle unsupported HWC commands (bsc#1245726).
- net: mana: Set tx_packets to post gso processing packet count (bsc#1245731).
- net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754).
- net: mana: explain irq_setup() algorithm (bsc#1245457).
- net: mana: fix spelling for mana_gd_deregiser_irq() (git-fixes).
- net: mctp: handle skb cleanup on sock_queue failures (git-fixes).
- net: mdio: mdio-bcm-unimac: Correct rate fallback logic (git-fixes).
- net: nfc: nci: Add parameter validation for packet data (git-fixes).
- net: page_pool: allow enabling recycling late, fix false positive warning (git-fixes).
- net: phy: bcm54811: PHY initialization (stable-fixes).
- net: phy: fix phy_uses_state_machine() (git-fixes).
- net: phy: micrel: Add ksz9131_resume() (stable-fixes).
- net: phy: micrel: fix KSZ8081/KSZ8091 cable test (git-fixes).
- net: phy: smsc: add proper reset flags for LAN8710A (stable-fixes).
- net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer (git-fixes).
- net: rose: convert 'use' field to refcount_t (git-fixes).
- net: rose: fix a typo in rose_clear_routes() (git-fixes).
- net: rose: include node references in rose_neigh refcount (git-fixes).
- net: rose: split remove and free operations in rose_remove_neigh() (stable-fixes).
- net: thunderbolt: Enable end-to-end flow control also in transmit (stable-fixes).
- net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths() (stable-fixes).
- net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast (git-fixes).
- net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock (git-fixes).
- net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization (git-fixes).
- net: usb: asix_devices: add phy_mask for ax88772 mdio bus (git-fixes).
- net: usb: cdc-ncm: check for filtering capability (git-fixes).
- net: usb: qmi_wwan: add Telit Cinterion FN990A w/audio composition (stable-fixes).
- net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions (git-fixes).
- net: usb: qmi_wwan: fix Telit Cinterion FE990A name (stable-fixes).
- net: usb: qmi_wwan: fix Telit Cinterion FN990A name (stable-fixes).
- net: usbnet: Avoid potential RCU stall on LINK_CHANGE event (git-fixes).
- net: usbnet: Fix the wrong netif_carrier_on() call (git-fixes).
- netfilter: ctnetlink: fix refcount leak on table dump (git-fixes).
- netfilter: ctnetlink: remove refcounting in expectation dumpers (git-fixes).
- netfilter: nf_conncount: garbage collection is not skipped when jiffies wrap around (git-fixes).
- netfilter: nf_nat: also check reverse tuple to obtain clashing entry (git-fixes).
- netfilter: nf_reject: do not leak dst refcount for loopback packets (git-fixes).
- netfilter: nf_tables: Drop dead code from fill_*_info routines (git-fixes).
- netfilter: nf_tables: adjust lockdep assertions handling (git-fixes).
- netfilter: nf_tables: fix set size with rbtree backend (git-fixes).
- netfilter: nf_tables: imbalance in flowtable binding (git-fixes).
- netfilter: nft_ct: Use __refcount_inc() for per-CPU nft_ct_pcpu_template (git-fixes).
- netfilter: nft_flow_offload: update tcp state flags under lock (git-fixes).
- netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237).
- netfilter: nft_set_hash: skip duplicated elements pending gc run (git-fixes).
- netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext (git-fixes).
- netfilter: nft_set_pipapo: prefer kvmalloc for scratch maps (git-fixes).
- netfilter: nft_tunnel: fix geneve_opt dump (git-fixes).
- netfilter: xtables: support arpt_mark and ipv6 optstrip for iptables-nft only builds (git-fixes).
- netlink: fix policy dump for int with validation callback (jsc#PED-13331).
- netlink: specs: devlink: replace underscores with dashes in names (jsc#PED-13331).
- netpoll: prevent hanging NAPI when netcons gets enabled (git-fixes).
- nfs/localio: add direct IO enablement with sync and async IO support (git-fixes).
- nfs/localio: remove extra indirect nfs_to call to check {read,write}_iter (git-fixes).
- nfsd: Fix NFSD_MAY_BYPASS_GSS and NFSD_MAY_BYPASS_GSS_ON_ROOT (git-fixes).
- nfsd: fix access checking for NLM under XPRTSEC policies (git-fixes).
- nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (git-fixes).
- nouveau: fix disabling the nonstall irq due to storm code (git-fixes).
- nvme-auth: update bi_directional flag (git-fixes).
- nvme-fc: use lock accessing port_state and rport state (bsc#1245193 bsc#1247500).
- nvme-pci: try function level reset on init failure (git-fixes).
- nvme-tcp: log TLS handshake failures at error level (git-fixes).
- nvme-tcp: send only permitted commands for secure concat (git-fixes).
- nvme: fix PI insert on write (git-fixes).
- nvme: fix endianness of command word prints in nvme_log_err_passthru() (git-fixes).
- nvme: fix inconsistent RCU list manipulation in nvme_ns_add_to_ctrl_list() (git-fixes).
- nvme: fix misaccounting of nvme-mpath inflight I/O (git-fixes).
- nvmet-fc: avoid scheduling association deletion twice (bsc#1245193 bsc#1247500).
- nvmet-fc: move lsop put work to nvmet_fc_ls_req_op (bsc#1245193 bsc#1247500).
- nvmet-fcloop: call done callback even when remote port is gone (bsc#1245193 bsc#1247500).
- nvmet-tcp: fix callback lock for TLS handshake (git-fixes).
- nvmet: exit debugfs after discovery subsystem exits (git-fixes).
- nvmet: initialize discovery subsys after debugfs is initialized (git-fixes).
- nvmet: pci-epf: Do not complete commands twice if nvmet_req_init() fails (git-fixes).
- objtool, ASoC: codecs: wcd934x: Remove potential undefined behavior in wcd934x_slim_irq_handler() (stable-fixes).
- objtool, lkdtm: Obfuscate the do_nothing() pointer (stable-fixes).
- objtool, regulator: rk808: Remove potential undefined behavior in rk806_set_mode_dcdc() (stable-fixes).
- of: dynamic: Fix memleak when of_pci_add_properties() failed (git-fixes).
- of: dynamic: Fix use after free in of_changeset_add_prop_helper() (git-fixes).
- of: resolver: Fix device node refcount leakage in of_resolve_phandles() (git-fixes).
- of: resolver: Simplify of_resolve_phandles() using __free() (stable-fixes).
- of: unittest: Fix device reference count leak in of_unittest_pci_node_verify (git-fixes).
- of: unittest: Unlock on error in unittest_data_add() (git-fixes).
- pNFS/flexfiles: do not attempt pnfs on fatal DS errors (git-fixes).
- pNFS: Fix disk addr range check in block/scsi layout (git-fixes).
- pNFS: Fix stripe mapping in block/scsi layout (git-fixes).
- pNFS: Fix uninited ptr deref in block/scsi layout (git-fixes).
- pNFS: Handle RPC size limit for layoutcommits (git-fixes).
- percpu: fix race on alloc failed warning limit (git-fixes).
- perf bpf-event: Fix use-after-free in synthesis (git-fixes).
- perf bpf-utils: Constify bpil_array_desc (git-fixes).
- perf bpf-utils: Harden get_bpf_prog_info_linear (git-fixes).
- perf dso: Add missed dso__put to dso__load_kcore (git-fixes).
- perf hwmon_pmu: Avoid shortening hwmon PMU name (git-fixes).
- perf parse-events: Set default GH modifier properly (git-fixes).
- perf record: Cache build-ID of hit DSOs only (git-fixes).
- perf sched: Fix memory leaks for evsel->priv in timehist (git-fixes).
- perf sched: Fix memory leaks in 'perf sched latency' (git-fixes).
- perf sched: Fix memory leaks in 'perf sched map' (git-fixes).
- perf sched: Fix thread leaks in 'perf sched timehist' (git-fixes).
- perf sched: Free thread->priv using priv_destructor (git-fixes).
- perf sched: Make sure it frees the usage string (git-fixes).
- perf sched: Use RC_CHK_EQUAL() to compare pointers (git-fixes).
- perf symbol-minimal: Fix ehdr reading in filename__read_build_id (git-fixes).
- perf test: Fix a build error in x86 topdown test (git-fixes).
- perf tests bp_account: Fix leaked file descriptor (git-fixes).
- perf tools: Remove libtraceevent in .gitignore (git-fixes).
- perf topdown: Use attribute to see an event is a topdown metic or slots (git-fixes).
- perf trace: Remove --map-dump documentation (git-fixes).
- phy: fsl-imx8mq-usb: fix phy_tx_vboost_level_from_property() (git-fixes).
- phy: mscc: Fix parsing of unicast frames (git-fixes).
- phy: mscc: Fix timestamping for vsc8584 (git-fixes).
- phy: qcom: phy-qcom-m31: Update IPQ5332 M31 USB phy initialization sequence (git-fixes).
- phy: qualcomm: phy-qcom-eusb2-repeater: Do not zero-out registers (git-fixes).
- phy: qualcomm: phy-qcom-eusb2-repeater: fix override properties (git-fixes).
- phy: rockchip-pcie: Properly disable TEST_WRITE strobe signal (stable-fixes).
- phy: rockchip: naneng-combphy: Enable U3 OTG port for RK3568 (git-fixes).
- phy: rockchip: samsung-hdptx: Do no set rk_hdptx_phy->rate in case of errors (git-fixes).
- phy: rockchip: samsung-hdptx: Fix clock ratio setup (git-fixes).
- phy: tegra: xusb: fix device and OF node leak at probe (git-fixes).
- phy: ti-pipe3: fix device leak at unbind (git-fixes).
- phy: ti: omap-usb2: fix device leak at unbind (git-fixes).
- pidfs: Fix memory leak in pidfd_info() (jsc#PED-13113).
- pidfs: raise SB_I_NODEV and SB_I_NOEXEC (bsc#1249562).
- pinctrl: STMFX: add missing HAS_IOMEM dependency (git-fixes).
- pinctrl: berlin: fix memory leak in berlin_pinctrl_build_state() (git-fixes).
- pinctrl: equilibrium: Remove redundant semicolons (git-fixes).
- pinctrl: meson-gxl: add missing i2c_d pinmux (git-fixes).
- pinctrl: renesas: Use int type to store negative error codes (git-fixes).
- pinctrl: renesas: rzg2l: Fix invalid unsigned return in rzg3s_oen_read() (git-fixes).
- pinctrl: samsung: Drop unused S3C24xx driver data (git-fixes).
- pinctrl: stm32: Manage irq affinity settings (stable-fixes).
- pinctrl: sunxi: Fix memory leak on krealloc failure (git-fixes).
- pinmux: fix race causing mux_owner NULL with active mux_usecount (git-fixes).
- platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() (git-fixes).
- platform/chrome: cros_ec_sensorhub: Retries when a sensor is not ready (stable-fixes).
- platform/chrome: cros_ec_typec: Defer probe on missing EC parent (stable-fixes).
- platform/mellanox: mlxbf-pmc: Remove newline char from event name input (git-fixes).
- platform/mellanox: mlxbf-pmc: Use kstrtobool() to check 0/1 input (git-fixes).
- platform/mellanox: mlxbf-pmc: Validate event/enable input (git-fixes).
- platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL (git-fixes).
- platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042 list (stable-fixes).
- platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious 8042 quirks list (stable-fixes).
- platform/x86/amd/pmc: Add TUXEDO IB Pro Gen10 AMD to spurious 8042 quirks list (stable-fixes).
- platform/x86/amd/pmf: Support new ACPI ID AMDI0108 (stable-fixes).
- platform/x86/amd: pmc: Add Lenovo Yoga 6 13ALC6 to pmc quirk list (stable-fixes).
- platform/x86/intel-uncore-freq: Check write blocked for ELC (git-fixes).
- platform/x86/intel: power-domains: Use topology_logical_package_id() for package ID (git-fixes).
- platform/x86: Fix initialization order for firmware_attributes_class (git-fixes).
- platform/x86: asus-nb-wmi: add DMI quirk for ASUS Zenbook Duo UX8406CA (stable-fixes).
- platform/x86: asus-wmi: Fix ROG button mapping, tablet mode on ASUS ROG Z13 (stable-fixes).
- platform/x86: asus-wmi: Re-add extra keys to ignore_key_wlan quirk (git-fixes).
- platform/x86: asus-wmi: Remove extra keys from ignore_key_wlan quirk (git-fixes).
- platform/x86: ideapad-laptop: Fix FnLock not remembered among boots (git-fixes).
- platform/x86: ideapad-laptop: Fix kbd backlight not remembered among boots (git-fixes).
- platform/x86: lg-laptop: Fix WMAB call in fan_mode_store() (git-fixes).
- pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() (stable-fixes).
- pm: cpupower: bench: Prevent NULL dereference on malloc failure (stable-fixes).
- power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery (git-fixes).
- power: supply: bq27xxx: restrict no-battery detection to bq27000 (git-fixes).
- power: supply: cpcap-charger: Fix null check for power_supply_get_by_name (git-fixes).
- power: supply: cw2015: Fix a alignment coding style issue (git-fixes).
- power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set (git-fixes).
- power: supply: max77976_charger: fix constant current reporting (git-fixes).
- power: supply: qcom_battmgr: Add lithium-polymer entry (stable-fixes).
- powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() (git-fixes).
- powerpc/eeh: Export eeh_unfreeze_pe() (bsc#1215199).
- powerpc/eeh: Make EEH driver device hotplug safe (bsc#1215199).
- powerpc/ftrace: ensure ftrace record ops are always set for NOPs (git-fixes).
- powerpc/ftrace: ensure ftrace record ops are always set for NOPs (jsc#PED-10909 git-fixes).
- powerpc/kernel: Fix ppc_save_regs inclusion in build (bsc#1215199).
- powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199).
- powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199).
- powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199).
- powerpc/pseries: Correct secvar format representation for static key management (jsc#PED-13345 jsc#PED-13343).
- powerpc/secvar: Expose secvars relevant to the key management mode (jsc#PED-13345 jsc#PED-13343).
- powerpc64/modules: correctly iterate over stubs in setup_ftrace_ool_stubs (jsc#PED-10909 git-fixes).
- powerpc: do not build ppc_save_regs.o always (bsc#1215199).
- powerpc: floppy: Add missing checks after DMA map (bsc#1215199).
- pptp: fix pptp_xmit() error path (git-fixes).
- printk: nbcon: Allow reacquire during panic (bsc#1246688).
- psample: adjust size if rate_as_probability is set (git-fixes).
- ptp: fix breakage after ptp_vclock_in_use() rework (git-fixes).
- pwm: berlin: Fix wrong register in suspend/resume (git-fixes).
- pwm: imx-tpm: Reset counter if CMOD is 0 (git-fixes).
- pwm: mediatek: Fix duty and period setting (git-fixes).
- pwm: mediatek: Handle hardware enable and clock enable separately (stable-fixes).
- pwm: rockchip: Round period/duty down on apply, up on get (git-fixes).
- pwm: tiehrpwm: Do not drop runtime PM reference in .free() (git-fixes).
- pwm: tiehrpwm: Fix corner case in clock divisor calculation (git-fixes).
- pwm: tiehrpwm: Fix various off-by-one errors in duty-cycle calculation (git-fixes).
- pwm: tiehrpwm: Make code comment in .free() more useful (git-fixes).
- r8169: add support for RTL8125D (stable-fixes).
- r8169: disable RTL8126 ZRX-DC timeout (stable-fixes).
- r8169: do not scan PHY addresses > 0 (stable-fixes).
- rcu: Fix racy re-initialization of irq_work causing hangs (git-fixes)
- regmap: Remove superfluous check for !config in __regmap_init() (git-fixes).
- regulator: core: fix NULL dereference on unbind due to stale coupling data (stable-fixes).
- regulator: scmi: Use int type to store negative error codes (git-fixes).
- regulator: sy7636a: fix lifecycle of power good gpio (git-fixes).
- reset: brcmstb: Enable reset drivers for ARCH_BCM2835 (stable-fixes).
- reset: eyeq: fix OF node leak (git-fixes).
- resource: Add resource set range and size helpers (jsc#PED-13728 jsc#PED-13762).
- resource: fix false warning in __request_region() (git-fixes).
- ring-buffer: Do not allow events in NMI with generic atomic64 cmpxchg() (git-fixes).
- ring-buffer: Make reading page consistent with the code logic (git-fixes).
- rpm/config.sh: SLFO 1.2 is now synced to OBS as well
- rtc: ds1307: fix incorrect maximum clock rate handling (git-fixes).
- rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 (stable-fixes).
- rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe (stable-fixes).
- rtc: hym8563: fix incorrect maximum clock rate handling (git-fixes).
- rtc: nct3018y: fix incorrect maximum clock rate handling (git-fixes).
- rtc: optee: fix memory leak on driver removal (git-fixes).
- rtc: pcf85063: fix incorrect maximum clock rate handling (git-fixes).
- rtc: pcf8563: fix incorrect maximum clock rate handling (git-fixes).
- rtc: rv3028: fix incorrect maximum clock rate handling (git-fixes).
- rtc: x1205: Fix Xicor X1205 vendor prefix (git-fixes).
- s390/ap: Unmask SLCF bit in card and queue ap functions sysfs (git-fixes bsc#1247837).
- s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again (git-fixes bsc#1246868).
- s390/cpum_cf: Deny all sampling events by counter PMU (git-fixes bsc#1249477).
- s390/early: Copy last breaking event address to pt_regs (git-fixes bsc#1249061).
- s390/hypfs: Avoid unnecessary ioctl registration in debugfs (bsc#1248727 git-fixes).
- s390/hypfs: Enable limited access during lockdown (bsc#1248727 git-fixes).
- s390/ism: fix concurrency management in ism_cmd() (git-fixes bsc#1247372).
- s390/mm: Allocate page table with PAGE_SIZE granularity (git-fixes bsc#1247838).
- s390/mm: Do not map lowcore with identity mapping (git-fixes bsc#1249066).
- s390/mm: Remove possible false-positive warning in pte_free_defer() (git-fixes bsc#1247366).
- s390/pai: Deny all events not handled by this PMU (git-fixes bsc#1249478).
- s390/pci: Allow automatic recovery with minimal driver support (bsc#1248728 git-fixes).
- s390/sclp: Fix SCCB present check (git-fixes bsc#1249065).
- s390/stp: Remove udelay from stp_sync_clock() (git-fixes bsc#1249062).
- s390/time: Use monotonic clock in get_cycles() (git-fixes bsc#1249064).
- samples/bpf: Fix compilation failure for samples/bpf on LoongArch Fedora (git-fixes).
- samples: mei: Fix building on musl libc (git-fixes).
- sched/deadline: Always stop dl-server before changing parameters (bsc#1247936).
- sched/deadline: Do not count nr_running for dl_server proxy tasks (git-fixes, bsc#1247936).
- sched/deadline: Fix RT task potential starvation when expiry time passed (git-fixes, bsc#1247936).
- sched/deadline: Fix dl_server_stopped() (bsc#1247936).
- sched/deadline: Initialize dl_servers after SMP (git-fixes)
- sched_ext, sched/core: Do not call scx_group_set_weight() (git-fixes)
- scsi: Revert "scsi: iscsi: Fix HW conn removal use after free" (git-fixes).
- scsi: core: Fix kernel doc for scsi_track_queue_full() (git-fixes).
- scsi: elx: efct: Fix dma_unmap_sg() nents value (git-fixes).
- scsi: fc: Avoid -Wflex-array-member-not-at-end warnings (bsc#1250519).
- scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value (git-fixes).
- scsi: isci: Fix dma_unmap_sg() nents value (git-fixes).
- scsi: lpfc: Abort outstanding ELS WQEs regardless of if rmmod is in progress (bsc#1250519).
- scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET (bsc#1250519).
- scsi: lpfc: Clean up allocated queues when queue setup mbox commands fail (bsc#1250519).
- scsi: lpfc: Clean up extraneous phba dentries (bsc#1250519).
- scsi: lpfc: Convert debugfs directory counts from atomic to unsigned int (bsc#1250519).
- scsi: lpfc: Copyright updates for 14.4.0.11 patches (bsc#1250519).
- scsi: lpfc: Decrement ndlp kref after FDISC retries exhausted (bsc#1250519).
- scsi: lpfc: Define size of debugfs entry for xri rebalancing (bsc#1250519).
- scsi: lpfc: Ensure PLOGI_ACC is sent prior to PRLI in Point to Point topology (bsc#1250519).
- scsi: lpfc: Fix buffer free/clear order in deferred receive path (bsc#1250519).
- scsi: lpfc: Fix wrong function reference in a comment (bsc#1250519).
- scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup (bsc#1250519).
- scsi: lpfc: Remove redundant assignment to avoid memory leak (bsc#1250519).
- scsi: lpfc: Remove unused member variables in struct lpfc_hba and lpfc_vport (bsc#1250519).
- scsi: lpfc: Update lpfc version to 14.4.0.11 (bsc#1250519).
- scsi: lpfc: Use int type to store negative error codes (bsc#1250519).
- scsi: lpfc: Use switch case statements in DIF debugfs handlers (bsc#1250519).
- scsi: lpfc: use min() to improve code (bsc#1250519).
- scsi: mpi3mr: Event processing debug improvement (bsc#1251186).
- scsi: mpi3mr: Fix I/O failures during controller reset (bsc#1251186).
- scsi: mpi3mr: Fix controller init failure on fault during queue creation (bsc#1251186).
- scsi: mpi3mr: Fix device loss during enclosure reboot due to zero link speed (bsc#1251186).
- scsi: mpi3mr: Fix kernel-doc issues in mpi3mr_app.c (git-fixes).
- scsi: mpi3mr: Fix premature TM timeouts on virtual drives (bsc#1251186).
- scsi: mpi3mr: Fix race between config read submit and interrupt completion (git-fixes).
- scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems (git-fixes).
- scsi: mpi3mr: Update MPI headers to revision 37 (bsc#1251186).
- scsi: mpi3mr: Update driver version to 8.15.0.5.50 (bsc#1251186).
- scsi: mpt3sas: Fix a fw_event memory leak (git-fixes).
- scsi: mvsas: Fix dma_unmap_sg() nents value (git-fixes).
- scsi: qla2xxx: Avoid stack frame size warning in qla_dfs (git-fixes).
- scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES() (git-fixes).
- scsi: qla2xxx: Fix incorrect sign of error code in qla_nvme_xmt_ls_rsp() (git-fixes).
- scsi: qla2xxx: Remove firmware URL (git-fixes).
- scsi: qla2xxx: Use secs_to_jiffies() instead of msecs_to_jiffies() (git-fixes).
- scsi: qla2xxx: edif: Fix incorrect sign of error code (git-fixes).
- scsi: sd: Make sd shutdown issue START STOP UNIT appropriately (git-fixes).
- scsi: smartpqi: Enhance WWID logging logic (bsc#1246631).
- scsi: smartpqi: Take drives offline when controller is offline (bsc#1246631).
- scsi: smartpqi: Update driver version to 2.1.34-035 (bsc#1246631).
- scsi: ufs: Fix toggling of clk_gating.state when clock gating is not allowed (git-fixes).
- scsi: ufs: Introduce quirk to extend PA_HIBERN8TIME for UFS devices (git-fixes).
- scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails (git-fixes).
- scsi: ufs: core: Add missing post notify for power mode change (git-fixes).
- scsi: ufs: core: Add ufshcd_send_bsg_uic_cmd() for UFS BSG (git-fixes).
- scsi: ufs: core: Always initialize the UIC done completion (git-fixes).
- scsi: ufs: core: Do not perform UFS clkscaling during host async scan (git-fixes).
- scsi: ufs: core: Fix clk scaling to be conditional in reset and restore (git-fixes).
- scsi: ufs: core: Fix error return with query response (git-fixes).
- scsi: ufs: core: Fix spelling of a sysfs attribute name (git-fixes).
- scsi: ufs: core: Fix ufshcd_is_ufs_dev_busy() and ufshcd_eh_timed_out() (git-fixes).
- scsi: ufs: core: Honor runtime/system PM levels if set by host controller drivers (git-fixes).
- scsi: ufs: core: Improve ufshcd_mcq_sq_cleanup() (git-fixes).
- scsi: ufs: core: Introduce ufshcd_has_pending_tasks() (git-fixes).
- scsi: ufs: core: Prepare to introduce a new clock_gating lock (git-fixes).
- scsi: ufs: core: Remove redundant query_complete trace (git-fixes).
- scsi: ufs: core: Set default runtime/system PM levels before ufshcd_hba_init() (git-fixes).
- scsi: ufs: core: Update compl_time_stamp_local_clock after completing a cqe (git-fixes).
- scsi: ufs: core: Use link recovery when h8 exit fails during runtime resume (git-fixes).
- scsi: ufs: exynos: Add check inside exynos_ufs_config_smu() (git-fixes).
- scsi: ufs: exynos: Add gs101_ufs_drv_init() hook and enable WriteBooster (git-fixes).
- scsi: ufs: exynos: Enable PRDT pre-fetching with UFSHCD_CAP_CRYPTO (git-fixes).
- scsi: ufs: exynos: Ensure consistent phy reference counts (git-fixes).
- scsi: ufs: exynos: Ensure pre_link() executes before exynos_ufs_phy_init() (git-fixes).
- scsi: ufs: exynos: Fix hibern8 notify callbacks (git-fixes).
- scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE (git-fixes).
- scsi: ufs: exynos: Move UFS shareability value to drvdata (git-fixes).
- scsi: ufs: exynos: Move phy calls to .exit() callback (git-fixes).
- scsi: ufs: exynos: Remove empty drv_init method (git-fixes).
- scsi: ufs: exynos: Remove superfluous function parameter (git-fixes).
- scsi: ufs: exynos: gs101: Put UFS device in reset on .suspend() (git-fixes).
- scsi: ufs: mcq: Delete ufshcd_release_scsi_cmd() in ufshcd_mcq_abort() (git-fixes).
- scsi: ufs: pltfrm: Disable runtime PM during removal of glue drivers (git-fixes).
- scsi: ufs: pltfrm: Drop PM runtime reference count after ufshcd_remove() (git-fixes).
- scsi: ufs: qcom: Fix crypto key eviction (git-fixes).
- scsi: ufs: qcom: fix dev reference leaked through of_qcom_ice_get (git-fixes).
- scsi: ufs: ufs-pci: Fix default runtime and system PM levels (git-fixes).
- scsi: ufs: ufs-pci: Fix hibernate state transition for Intel MTL-like host controllers (git-fixes).
- seccomp: Fix a race with WAIT_KILLABLE_RECV if the tracer replies too fast (git-fixes bsc#1250671).
- selftest/livepatch: Only run test-kprobe with CONFIG_KPROBES_ON_FTRACE (poo#187320).
- selftests/cpufreq: Fix cpufreq basic read and update testcases (bsc#1250344).
- selftests/livepatch: Ignore NO_SUPPORT line in dmesg (poo#187320).
- selftests/livepatch: Replace hardcoded module name with variable in test-callbacks.sh (poo#187320).
- selftests/run_kselftest.sh: Fix help string for --per-test-log (poo#187320).
- selftests/run_kselftest.sh: Use readlink if realpath is not available (poo#187320).
- selftests/tracing: Fix false failure of subsystem event test (git-fixes).
- selftests: ALSA: fix memory leak in utimer test (git-fixes).
- selftests: livepatch: add new ftrace helpers functions (poo#187320).
- selftests: livepatch: add test cases of stack_order sysfs interface (poo#187320).
- selftests: livepatch: handle PRINTK_CALLER in check_result() (poo#187320).
- selftests: livepatch: rename KLP_SYSFS_DIR to SYSFS_KLP_DIR (poo#187320).
- selftests: livepatch: save and restore kprobe state (poo#187320).
- selftests: livepatch: test if ftrace can trace a livepatched function (poo#187320).
- selftests: livepatch: test livepatching a kprobed function (poo#187320).
- selftests: ncdevmem: Move ncdevmem under drivers/net/hw (poo#187443).
- selinux: change security_compute_sid to return the ssid or tsid on match (git-fixes).
- selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len (stable-fixes).
- serial: 8250: Touch watchdogs in write_atomic() (bsc#1246688).
- serial: 8250: fix panic due to PSLVERR (git-fixes).
- serial: max310x: Add error checking in probe() (git-fixes).
- serial: sc16is7xx: fix bug in flow control levels init (git-fixes).
- skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650).
- slab: Decouple slab_debug and no_hash_pointers (bsc#1249022).
- smb: client: fix crypto buffers in non-linear memory (bsc#1250491, boo#1239206).
- smb: client: fix netns refcount leak after net_passive changes (git-fixes).
- soc/tegra: cbb: Clear ERR_FORCE register with ERR_STATUS (git-fixes).
- soc/tegra: pmc: Ensure power-domains are in a known state (git-fixes).
- soc: mediatek: mtk-svs: fix device leaks on mt8183 probe failure (git-fixes).
- soc: mediatek: mtk-svs: fix device leaks on mt8192 probe failure (git-fixes).
- soc: qcom: QMI encoding/decoding for big endian (git-fixes).
- soc: qcom: fix endianness for QMI header (git-fixes).
- soc: qcom: mdt_loader: Actually use the e_phoff (stable-fixes).
- soc: qcom: mdt_loader: Deal with zero e_shentsize (git-fixes).
- soc: qcom: mdt_loader: Ensure we do not read past the ELF header (git-fixes).
- soc: qcom: mdt_loader: Fix error return values in mdt_header_valid() (git-fixes).
- soc: qcom: pmic_glink: fix OF node leak (git-fixes).
- soc: qcom: rpmh-rsc: Add RSC version 4 support (stable-fixes).
- soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS (git-fixes).
- soundwire: Move handle_nested_irq outside of sdw_dev_lock (stable-fixes).
- soundwire: amd: cancel pending slave status handling workqueue during remove sequence (stable-fixes).
- soundwire: amd: fix for handling slave alerts after link is down (git-fixes).
- soundwire: amd: serialize amd manager resume sequence during pm_prepare (stable-fixes).
- soundwire: stream: restore params when prepare ports fail (git-fixes).
- spi: bcm2835: Remove redundant semicolons (git-fixes).
- spi: cadence-quadspi: Fix cqspi_setup_flash() (git-fixes).
- spi: cadence-quadspi: Flush posted register writes before DAC access (git-fixes).
- spi: cadence-quadspi: Flush posted register writes before INDAC access (git-fixes).
- spi: cadence-quadspi: fix cleanup of rx_chan on failure paths (stable-fixes).
- spi: cs42l43: Property entry should be a null-terminated array (bsc#1246979).
- spi: fix return code when spi device has too many chipselects (git-fixes).
- spi: mtk-snfi: Remove redundant semicolons (git-fixes).
- spi: spi-fsl-lpspi: Clamp too high speed_hz (git-fixes).
- spi: spi-fsl-lpspi: Clear status register after disabling the module (git-fixes).
- spi: spi-fsl-lpspi: Fix transmissions when using CONT (git-fixes).
- spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort (git-fixes).
- spi: spi-fsl-lpspi: Set correct chip-select polarity bit (git-fixes).
- spi: stm32: Check for cfg availability in stm32_spi_probe (git-fixes).
- sprintf.h requires stdarg.h (git-fixes).
- sprintf.h: mask additional include (git-fixes).
- squashfs: fix memory leak in squashfs_fill_super (git-fixes).
- staging: axis-fifo: fix TX handling on copy_from_user() failure (git-fixes).
- staging: axis-fifo: fix maximum TX packet length check (git-fixes).
- staging: axis-fifo: flush RX FIFO on read errors (git-fixes).
- staging: axis-fifo: remove sysfs interface (git-fixes).
- staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() (git-fixes).
- staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int() (git-fixes).
- staging: nvec: Fix incorrect null termination of battery manufacturer (git-fixes).
- staging: vchiq_arm: Make vchiq_shutdown never fail (git-fixes).
- struct cdc_ncm_ctx: move new member to end (git-fixes).
- sunrpc: fix client side handling of tls alerts (git-fixes).
- sunrpc: fix handling of server side tls alerts (git-fixes).
- sunrpc: fix null pointer dereference on zero-length checksum (git-fixes).
- sunvdc: Balance device refcount in vdc_port_mpgroup_check (git-fixes).
- supported.conf: Mark ZL3073X modules supported
- supported.conf: mark hyperv_drm as external
- tcp: call tcp_measure_rcv_mss() for ooo packets (git-fixes).
- tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650).
- thermal/drivers/mediatek/lvts_thermal: Add lvts commands and their sizes to driver data (stable-fixes).
- thermal/drivers/mediatek/lvts_thermal: Add mt7988 lvts commands (stable-fixes).
- thermal/drivers/mediatek/lvts_thermal: Change lvts commands array to static const (stable-fixes).
- thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required (stable-fixes).
- thermal/drivers/qcom/lmh: Add missing IRQ includes (git-fixes).
- thermal: sysfs: Return ENODATA instead of EAGAIN for reads (stable-fixes).
- thunderbolt: Compare HMAC values in constant time (git-fixes).
- thunderbolt: Fix copy+paste error in match_service_id() (git-fixes).
- tools/power turbostat: Clustered Uncore MHz counters should honor show/hide options (stable-fixes).
- tools/power turbostat: Fix bogus SysWatt for forked program (git-fixes).
- tools/power turbostat: Fix build with musl (stable-fixes).
- tools/power turbostat: Handle cap_get_proc() ENOSYS (stable-fixes).
- tools/power turbostat: Handle non-root legacy-uncore sysfs permissions (stable-fixes).
- tools/resolve_btfids: Fix build when cross compiling kernel with clang (git-fixes).
- tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single (git-fixes).
- trace/fgraph: Fix error handling (git-fixes).
- trace/ring-buffer: Do not use TP_printk() formatting for boot mapped buffers (git-fixes).
- tracepoint: Print the function symbol when tracepoint_debug is set (jsc#PED-13631).
- tracing/kprobe: Make trace_kprobe's module callback called after jump_label update (git-fixes).
- tracing/kprobes: Fix to free objects when failed to copy a symbol (git-fixes).
- tracing: Correct the refcount if the hist/hist_debug file fails to open (git-fixes).
- tracing: Fix filter string testing (git-fixes).
- tracing: Fix using ret variable in tracing_set_tracer() (git-fixes).
- tracing: Remove unneeded goto out logic (bsc#1249286).
- tracing: Switch trace.c code over to use guard() (git-fixes).
- tracing: Switch trace_events_hist.c code over to use guard() (git-fixes).
- tracing: fprobe events: Fix possible UAF on modules (git-fixes).
- tracing: tprobe-events: Fix leakage of module refcount (git-fixes).
- tty: hvc_console: Call hvc_kick in hvc_write unconditionally (bsc#1230062).
- tty: n_gsm: Do not block input queue by waiting MSC (git-fixes).
- tty: serial: fix print format specifiers (stable-fixes).
- ublk: sanity check add_dev input for underflow (git-fixes).
- ublk: use vmalloc for ublk_device's __queues (git-fixes).
- ucount: fix atomic_long_inc_below() argument type (git-fixes).
- uio: uio_pdrv_genirq: Remove MODULE_DEVICE_TABLE (git-fixes).
- usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() (git-fixes).
- usb: cdns3: cdnsp-pci: remove redundant pci_disable_device() call (git-fixes).
- usb: core: Add 0x prefix to quirks debug output (stable-fixes).
- usb: core: config: Prevent OOB read in SS endpoint companion parsing (stable-fixes).
- usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test (git-fixes).
- usb: core: usb_submit_urb: downgrade type check (stable-fixes).
- usb: dwc3: Ignore late xferNotReady event to prevent halt timeout (git-fixes).
- usb: dwc3: Remove WARN_ON for device endpoint command timeouts (stable-fixes).
- usb: dwc3: imx8mp: fix device leak at unbind (git-fixes).
- usb: dwc3: meson-g12a: fix device leaks at unbind (git-fixes).
- usb: dwc3: pci: add support for the Intel Wildcat Lake (stable-fixes).
- usb: dwc3: qcom: Do not leave BCR asserted (git-fixes).
- usb: early: xhci-dbc: Fix early_ioremap leak (git-fixes).
- usb: gadget : fix use-after-free in composite_dev_cleanup() (git-fixes).
- usb: gadget: configfs: Correctly set use_os_string at bind (git-fixes).
- usb: gadget: midi2: Fix MIDI2 IN EP max packet size (git-fixes).
- usb: gadget: midi2: Fix missing UMP group attributes initialization (git-fixes).
- usb: gadget: udc: renesas_usb3: fix device leak at unbind (git-fixes).
- usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup (git-fixes).
- usb: host: xhci-plat: fix incorrect type for of_match variable in xhci_plat_probe() (git-fixes).
- usb: misc: apple-mfi-fastcharge: Make power supply names unique (git-fixes).
- usb: misc: qcom_eud: Access EUD_MODE_MANAGER2 through secure calls (git-fixes).
- usb: musb: omap2430: fix device leak at unbind (git-fixes).
- usb: phy: twl6030: Fix incorrect type for ret (git-fixes).
- usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive (stable-fixes).
- usb: renesas-xhci: Fix External ROM access timeouts (git-fixes).
- usb: storage: realtek_cr: Use correct byte order for bcs->Residue (git-fixes).
- usb: typec: fusb302: cache PD RX state (git-fixes).
- usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present (stable-fixes).
- usb: typec: maxim_contaminant: disable low power mode when reading comparator values (git-fixes).
- usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean (git-fixes).
- usb: typec: tcpm/tcpci_maxim: fix irq wake usage (stable-fixes).
- usb: typec: tcpm: allow switching to mode accessory to mux properly (stable-fixes).
- usb: typec: tcpm: allow to use sink in accessory mode (stable-fixes).
- usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach (git-fixes).
- usb: typec: tcpm: properly deliver cable vdms to altmode drivers (git-fixes).
- usb: typec: tipd: Clear interrupts first (git-fixes).
- usb: typec: ucsi: Update power_supply on power role change (git-fixes).
- usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default (stable-fixes).
- usb: typec: ucsi: yoga-c630: fix error and remove paths (git-fixes).
- usb: vhci-hcd: Prevent suspending virtually attached devices (git-fixes).
- usb: xhci: Avoid showing errors during surprise removal (stable-fixes).
- usb: xhci: Avoid showing warnings for dying controller (stable-fixes).
- usb: xhci: Fix slot_id resource race conflict (git-fixes).
- usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command (stable-fixes).
- usb: xhci: print xhci->xhc_state when queue_command failed (stable-fixes).
- use uniform permission checks for all mount propagation changes (git-fixes).
- vdpa/mlx5: Fix needs_teardown flag calculation (git-fixes).
- vdpa: Fix IDR memory leak in VDUSE module exit (git-fixes).
- vhost-scsi: Fix log flooding with target does not exist errors (git-fixes).
- vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() (git-fixes).
- vhost/vsock: Avoid allocating arbitrarily-sized SKBs (git-fixes).
- vhost: Fix ioctl # for VHOST_[GS]ET_FORK_FROM_OWNER (git-fixes).
- vhost: Reintroduce kthread API and add mode selection (git-fixes).
- vhost: fail early when __vhost_add_used() fails (git-fixes).
- virtchnl2: add flow steering support (jsc#PED-13728).
- virtchnl2: rename enum virtchnl2_cap_rss (jsc#PED-13728).
- virtchnl: add PTP virtchnl definitions (jsc#PED-13728 jsc#PED-13762).
- virtio_net: Enforce minimum TX ring size for reliability (git-fixes).
- virtio_ring: Fix error reporting in virtqueue_resize (git-fixes).
- vmci: Prevent the dispatching of uninitialized payloads (git-fixes).
- vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page (git-fixes).
- vsock/virtio: Validate length in packet header before skb_put() (git-fixes).
- vt: defkeymap: Map keycodes above 127 to K_HOLE (git-fixes).
- vt: keyboard: Do not process Unicode characters in K_OFF mode (git-fixes).
- watchdog: dw_wdt: Fix default timeout (stable-fixes).
- watchdog: iTCO_wdt: Report error if timeout configuration fails (stable-fixes).
- watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog (git-fixes).
- watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition (stable-fixes).
- watchdog: ziirave_wdt: check record length in ziirave_firm_verify() (git-fixes).
- wifi: ath10k: avoid unnecessary wait for service ready message (git-fixes).
- wifi: ath10k: shutdown driver when hardware is unreliable (stable-fixes).
- wifi: ath11k: HAL SRNG: do not deinitialize and re-initialize again (git-fixes).
- wifi: ath11k: clear initialized flag for deinit-ed srng lists (git-fixes).
- wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() (git-fixes).
- wifi: ath11k: fix dest ring-buffer corruption (git-fixes).
- wifi: ath11k: fix dest ring-buffer corruption when ring is full (git-fixes).
- wifi: ath11k: fix group data packet drops during rekey (git-fixes).
- wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() (git-fixes).
- wifi: ath11k: fix source ring-buffer corruption (git-fixes).
- wifi: ath11k: fix suspend use-after-free after probe failure (git-fixes).
- wifi: ath12k: Add MODULE_FIRMWARE() entries (bsc#1250952).
- wifi: ath12k: Add memset and update default rate value in wmi tx completion (stable-fixes).
- wifi: ath12k: Correct tid cleanup when tid setup fails (stable-fixes).
- wifi: ath12k: Decrement TID on RX peer frag setup error handling (stable-fixes).
- wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0 (stable-fixes).
- wifi: ath12k: Fix station association with MBSSID Non-TX BSS (stable-fixes).
- wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() (git-fixes).
- wifi: ath12k: fix dest ring-buffer corruption (git-fixes).
- wifi: ath12k: fix dest ring-buffer corruption when ring is full (git-fixes).
- wifi: ath12k: fix endianness handling while accessing wmi service bit (git-fixes).
- wifi: ath12k: fix memory leak in ath12k_pci_remove() (stable-fixes).
- wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event (git-fixes).
- wifi: ath12k: fix source ring-buffer corruption (git-fixes).
- wifi: ath12k: fix the fetching of combined rssi (git-fixes).
- wifi: ath12k: fix wrong handling of CCMP256 and GCMP ciphers (git-fixes).
- wifi: ath12k: fix wrong logging ID used for CE (git-fixes).
- wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE (git-fixes).
- wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work (git-fixes).
- wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() (git-fixes).
- wifi: cfg80211: Fix interface type validation (stable-fixes).
- wifi: cfg80211: fix use-after-free in cmp_bss() (git-fixes).
- wifi: cfg80211: reject HTC bit for management frames (stable-fixes).
- wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() (git-fixes).
- wifi: cw1200: cap SSID length in cw1200_do_join() (git-fixes).
- wifi: iwlegacy: Check rate_idx range after addition (stable-fixes).
- wifi: iwlwifi: Add missing firmware info for bz-b0-* models (bsc#1252084).
- wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start() (git-fixes).
- wifi: iwlwifi: Fix memory leak in iwl_mvm_init() (git-fixes).
- wifi: iwlwifi: Remove redundant header files (git-fixes).
- wifi: iwlwifi: config: unify fw/pnvm MODULE_FIRMWARE (bsc#1252084).
- wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() (stable-fixes).
- wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect (stable-fixes).
- wifi: iwlwifi: mvm: avoid outdated reorder buffer head_sn (stable-fixes).
- wifi: iwlwifi: mvm: fix scan request validation (stable-fixes).
- wifi: iwlwifi: mvm: set gtk id also in older FWs (stable-fixes).
- wifi: iwlwifi: return ERR_PTR from opmode start() (stable-fixes).
- wifi: iwlwifi: uefi: check DSM item validity (git-fixes).
- wifi: libertas: cap SSID len in lbs_associate() (git-fixes).
- wifi: mac80211: Check 802.11 encaps offloading in ieee80211_tx_h_select_key() (git-fixes).
- wifi: mac80211: Do not call fq_flow_idx() for management frames (git-fixes).
- wifi: mac80211: Do not schedule stopped TXQs (git-fixes).
- wifi: mac80211: Write cnt before copying in ieee80211_copy_rnr_beacon() (git-fixes).
- wifi: mac80211: avoid weird state in error path (stable-fixes).
- wifi: mac80211: do not complete management TX on SAE commit (stable-fixes).
- wifi: mac80211: do not unreserve never reserved chanctx (stable-fixes).
- wifi: mac80211: fix Rx packet handling when pubsta information is not available (git-fixes).
- wifi: mac80211: fix incorrect type for ret (stable-fixes).
- wifi: mac80211: fix rx link assignment for non-MLO stations (stable-fixes).
- wifi: mac80211: increase scan_ies_len for S1G (stable-fixes).
- wifi: mac80211: reject TDLS operations when station is not associated (git-fixes).
- wifi: mac80211: update radar_required in channel context after channel switch (stable-fixes).
- wifi: mt76: fix linked list corruption (git-fixes).
- wifi: mt76: fix potential memory leak in mt76_wmac_probe() (git-fixes).
- wifi: mt76: free pending offchannel tx frames on wcid cleanup (git-fixes).
- wifi: mt76: mt7915: fix mt7981 pre-calibration (git-fixes).
- wifi: mt76: mt7915: mcu: re-init MCU before loading FW patch (stable-fixes).
- wifi: mt76: mt7925: adjust rm BSS flow to prevent next connection failure (git-fixes).
- wifi: mt76: mt7925: fix locking in mt7925_change_vif_links() (git-fixes).
- wifi: mt76: mt7925: fix the wrong bss cleanup for SAP (git-fixes).
- wifi: mt76: mt7925u: use connac3 tx aggr check in tx complete (git-fixes).
- wifi: mt76: mt7996: Convert mt7996_wed_rro_addr to LE (git-fixes).
- wifi: mt76: mt7996: Fix RX packets configuration for primary WED device (git-fixes).
- wifi: mt76: mt7996: Initialize hdr before passing to skb_put_data() (git-fixes).
- wifi: mt76: prevent non-offchannel mgmt tx during scan/roc (git-fixes).
- wifi: mwifiex: Initialize the chan_stats array to zero (git-fixes).
- wifi: mwifiex: send world regulatory domain to driver (git-fixes).
- wifi: nl80211: Set num_sub_specs before looping through sub_specs (git-fixes).
- wifi: plfxlc: Fix error handling in usb driver probe (git-fixes).
- wifi: rtl818x: Kill URBs before clearing tx status queue (git-fixes).
- wifi: rtl8xxxu: Do not claim USB ID 07b8:8188 (stable-fixes).
- wifi: rtl8xxxu: Fix RX skb size for aggregation disabled (git-fixes).
- wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc() (stable-fixes).
- wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()` (stable-fixes).
- wifi: rtlwifi: rtl8192cu: Do not claim USB ID 07b8:8188 (stable-fixes).
- wifi: rtw88: Fix macid assigned to TDLS station (git-fixes).
- wifi: rtw89: Fix rtw89_mac_power_switch() for USB (stable-fixes).
- wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB (stable-fixes).
- wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band (git-fixes).
- wifi: rtw89: avoid circular locking dependency in ser_state_run() (git-fixes).
- wifi: rtw89: scan abort when assign/unassign_vif (stable-fixes).
- wifi: rtw89: wow: Add Basic Rate IE to probe request in scheduled scan mode (stable-fixes).
- wifi: virt_wifi: Fix page fault on connect (stable-fixes).
- wifi: wilc1000: avoid buffer overflow in WID string configuration (stable-fixes).
- writeback: Avoid contention on wb->list_lock when switching inodes (bsc#1237776).
- writeback: Avoid contention on wb->list_lock when switching inodes (kABI fixup) (bsc#1237776).
- writeback: Avoid excessively long inode switching times (bsc#1237776).
- writeback: Avoid softlockup when switching many inodes (bsc#1237776).
- x86/CPU/AMD: Add CPUID faulting support (jsc#PED-13704).
- x86/Kconfig: Add arch attack vector support (git-fixes).
- x86/Kconfig: Always enable ARCH_SPARSEMEM_ENABLE (git-fixes).
- x86/boot: Sanitize boot params before parsing command line (git-fixes).
- x86/bugs: Add SRSO_MITIGATION_NOSMT (git-fixes).
- x86/bugs: Add attack vector controls for BHI (git-fixes).
- x86/bugs: Add attack vector controls for GDS (git-fixes).
- x86/bugs: Add attack vector controls for ITS (git-fixes).
- x86/bugs: Add attack vector controls for L1TF (git-fixes).
- x86/bugs: Add attack vector controls for MDS (git-fixes).
- x86/bugs: Add attack vector controls for MMIO (git-fixes).
- x86/bugs: Add attack vector controls for RFDS (git-fixes).
- x86/bugs: Add attack vector controls for SRBDS (git-fixes).
- x86/bugs: Add attack vector controls for SRSO (git-fixes).
- x86/bugs: Add attack vector controls for SSB (git-fixes).
- x86/bugs: Add attack vector controls for TAA (git-fixes).
- x86/bugs: Add attack vector controls for TSA (git-fixes).
- x86/bugs: Add attack vector controls for retbleed (git-fixes).
- x86/bugs: Add attack vector controls for spectre_v1 (git-fixes).
- x86/bugs: Add attack vector controls for spectre_v2 (git-fixes).
- x86/bugs: Add attack vector controls for spectre_v2_user (git-fixes).
- x86/bugs: Allow ITS stuffing in eIBRS+retpoline mode also (git-fixes).
- x86/bugs: Avoid AUTO after the select step in the retbleed mitigation (git-fixes).
- x86/bugs: Avoid warning when overriding return thunk (git-fixes).
- x86/bugs: Clean up SRSO microcode handling (git-fixes).
- x86/bugs: Define attack vectors relevant for each bug (git-fixes).
- x86/bugs: Fix GDS mitigation selecting when mitigation is off (git-fixes).
- x86/bugs: Introduce cdt_possible() (git-fixes).
- x86/bugs: Print enabled attack vectors (git-fixes).
- x86/bugs: Remove its=stuff dependency on retbleed (git-fixes).
- x86/bugs: Select best SRSO mitigation (git-fixes).
- x86/bugs: Simplify the retbleed=stuff checks (git-fixes).
- x86/bugs: Use IBPB for retbleed if used by SRSO (git-fixes).
- x86/bugs: Use switch/case in its_apply_mitigation() (git-fixes).
- x86/cacheinfo: Properly parse CPUID(0x80000005) L1d/L1i associativity (git-fixes).
- x86/cacheinfo: Properly parse CPUID(0x80000006) L2/L3 associativity (git-fixes).
- x86/cpu: Sanitize CPUID(0x80000000) output (git-fixes).
- x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 (git-fixes).
- x86/fpu/xstate: Fix inconsistencies in guest FPU xfeatures (git-fixes).
- x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct() (git-fixes).
- x86/fpu: Delay instruction pointer fixup until after warning (git-fixes).
- x86/fpu: Fix guest FPU state buffer allocation size (git-fixes).
- x86/fpu: Fully optimize out WARN_ON_FPU() (git-fixes).
- x86/fpu: Refactor xfeature bitmask update code for sigframe XSAVE (git-fixes).
- x86/fred/signal: Prevent immediate repeat of single step trap on return from SIGTRAP handler (git-fixes).
- x86/headers: Replace __ASSEMBLY__ with __ASSEMBLER__ in UAPI headers (git-fixes).
- x86/locking: Use ALT_OUTPUT_SP() for percpu_{,try_}cmpxchg{64,128}_op() (git-fixes).
- x86/mce/amd: Add default names for MCA banks and blocks (git-fixes).
- x86/mce: Do not remove sysfs if thresholding sysfs init fails (git-fixes).
- x86/mce: Ensure user polling settings are honored when restarting timer (git-fixes).
- x86/mce: Make sure CMCI banks are cleared during shutdown on Intel (git-fixes).
- x86/microcode/AMD: Handle the case of no BIOS microcode (git-fixes).
- x86/microcode: Consolidate the loader enablement checking (git-fixes).
- x86/microcode: Update the Intel processor flag scan check (git-fixes).
- x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() (git-fixes).
- x86/mm/pat: do not collapse pages without PSE set (git-fixes).
- x86/nmi: Add an emergency handler in nmi_desc & use it in nmi_shootdown_cpus() (git-fixes).
- x86/percpu: Disable named address spaces for UBSAN_BOOL with KASAN for GCC < 14.2 (git-fixes).
- x86/pkeys: Simplify PKRU update in signal frame (git-fixes).
- x86/platform/olpc: Remove unused variable 'len' in olpc_dt_compatible_match() (git-fixes).
- x86/pti: Add attack vector controls for PTI (git-fixes).
- x86/rdrand: Disable RDSEED on AMD Cyan Skillfish (git-fixes).
- x86/smp: Allow calling mwait_play_dead with an arbitrary hint (jsc#PED-13815).
- x86/smp: Fix mwait_play_dead() and acpi_processor_ffh_play_dead() noreturn behavior (jsc#PED-13815).
- x86/smp: PM/hibernate: Split arch_resume_nosmt() (jsc#PED-13815).
- x86/smpboot: Fix INIT delay assignment for extended Intel Families (git-fixes).
- x86/topology: Implement topology_is_core_online() to address SMT regression (jsc#PED-13815).
- x86/traps: Initialize DR6 by writing its architectural reset value (git-fixes).
- xen/gntdev: remove struct gntdev_copy_batch from stack (git-fixes).
- xen/netfront: Fix TX response spurious interrupts (git-fixes).
- xen: fix UAF in dmabuf_exp_from_pages() (git-fixes).
- xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO (git-fixes).
- xfs: change xfs_xattr_class from a TRACE_EVENT() to DECLARE_EVENT_CLASS() (git-fixes).
- xfs: do not propagate ENODATA disk errors into xattr code (git-fixes).
- xfs: fix scrub trace with null pointer in quotacheck (git-fixes).
- xfs: only create event xfs_file_compat_ioctl when CONFIG_COMPAT is configure (git-fixes).
- xfs: remove unused event xfs_alloc_near_error (git-fixes).
- xfs: remove unused event xfs_alloc_near_nominleft (git-fixes).
- xfs: remove unused event xfs_attr_node_removename (git-fixes).
- xfs: remove unused event xfs_ioctl_clone (git-fixes).
- xfs: remove unused event xfs_pagecache_inval (git-fixes).
- xfs: remove unused event xlog_iclog_want_sync (git-fixes).
- xfs: remove unused trace event xfs_attr_remove_iter_return (git-fixes).
- xfs: remove unused trace event xfs_attr_rmtval_set (git-fixes).
- xfs: remove unused trace event xfs_discard_rtrelax (git-fixes).
- xfs: remove unused trace event xfs_log_cil_return (git-fixes).
- xfs: remove unused trace event xfs_reflink_cow_enospc (git-fixes).
- xfs: remove unused xfs_attr events (git-fixes).
- xfs: remove unused xfs_reflink_compare_extents events (git-fixes).
- xfs: remove usused xfs_end_io_direct events (git-fixes).
- xhci: dbc: Fix full DbC transfer ring after several reconnects (git-fixes).
- xhci: dbc: decouple endpoint allocation from initialization (git-fixes).
- xhci: fix memory leak regression when freeing xhci vdev devices depth first (git-fixes).
- xirc2ps_cs: fix register access when enabling FullDuplex (git-fixes).
- zram: permit only one post-processing operation at a time (git-fixes).
Patchnames
SUSE-SL-Micro-6.2-50
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\n\nThe SUSE Linux Enterprise Server 16.0 and SUSE Linux Micro 6.2 kernel was updated to receive various security bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863).\n- CVE-2024-57891: sched_ext: Fix invalid irq restore in scx_ops_bypass() (bsc#1235953).\n- CVE-2024-57951: hrtimers: Handle CPU state correctly on hotplug (bsc#1237108).\n- CVE-2024-57952: Revert \"libfs: fix infinite directory reads for offset dir\" (bsc#1237131).\n- CVE-2024-58090: sched/core: Prevent rescheduling when interrupts are disabled (bsc#1240324).\n- CVE-2025-22034: mm/rmap: avoid -EBUSY from make_device_exclusive() (bsc#1241435).\n- CVE-2025-22077: Revert \"smb: client: fix TCP timers deadlock after rmmod\" (bsc#1241403).\n- CVE-2025-23141: KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses (bsc#1242782).\n- CVE-2025-37821: sched/eevdf: Fix se-\u003eslice being set to U64_MAX and resulting (bsc#1242864).\n- CVE-2025-37849: KVM: arm64: Tear down vGIC on failed vCPU creation (bsc#1243000).\n- CVE-2025-37856: btrfs: harden block_group::bg_list against list_del() races (bsc#1243068).\n- CVE-2025-37861: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue (bsc#1243055).\n- CVE-2025-37864: net: dsa: clean up FDB, MDB, VLAN entries on unbind (bsc#1242965).\n- CVE-2025-38006: net: mctp: Do not access ifa_index when missing (bsc#1244930).\n- CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939).\n- CVE-2025-38019: mlxsw: spectrum_router: Fix use-after-free when deleting GRE net devices (bsc#1245000).\n- CVE-2025-38034: btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref (bsc#1244792).\n- CVE-2025-38038: cpufreq: amd-pstate: Remove unnecessary driver_lock in set_boost (bsc#1244812).\n- CVE-2025-38058: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock (bsc#1245151).\n- CVE-2025-38062: kABI: restore layout of struct msi_desc (bsc#1245216).\n- CVE-2025-38075: scsi: target: iscsi: Fix timeout on deleted connection (bsc#1244734).\n- CVE-2025-38101: ring-buffer: Fix buffer locking in ring_buffer_subbuf_order_set() (bsc#1245659).\n- CVE-2025-38103: HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() (bsc#1245663).\n- CVE-2025-38106: io_uring/sqpoll: do not put task_struct on tctx setup failure (bsc#1245664).\n- CVE-2025-38117: hci_dev centralize extra lock (bsc#1245695).\n- CVE-2025-38119: scsi: core: ufs: Fix a hang in the error handler (bsc#1245700).\n- CVE-2025-38125: net: stmmac: make sure that ptp_rate is not 0 before configuring EST (bsc#1245710).\n- CVE-2025-38146: net: openvswitch: Fix the dead loop of MPLS parse (bsc#1245767).\n- CVE-2025-38160: clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() (bsc#1245780).\n- CVE-2025-38168: perf: arm-ni: Unregister PMUs on probe failure (bsc#1245763).\n- CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970).\n- CVE-2025-38182: ublk: santizize the arguments from userspace when adding a device (bsc#1245937).\n- CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956).\n- CVE-2025-38185: atm: atmtcp: Free invalid length skb in atmtcp_c_send() (bsc#1246012).\n- CVE-2025-38190: atm: Revert atm_account_tx() if copy_from_iter_full() fails (bsc#1245973).\n- CVE-2025-38201: netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX (bsc#1245977).\n- CVE-2025-38205: drm/amd/display: Avoid divide by zero by initializing dummy pitch to 1 (bsc#1246005).\n- CVE-2025-38208: smb: client: add NULL check in automount_fullpath (bsc#1245815).\n- CVE-2025-38216: iommu/vt-d: Restore context entry setup order for aliased devices (bsc#1245963).\n- CVE-2025-38220: ext4: only dirty folios when data journaling regular files (bsc#1245966).\n- CVE-2025-38222: ext4: inline: fix len overflow in ext4_prepare_inline_data (bsc#1245976).\n- CVE-2025-38242: mm: userfaultfd: fix race of userfaultfd_move and swap cache (bsc#1246176).\n- CVE-2025-38244: smb: client: fix potential deadlock when reconnecting channels (bsc#1246183).\n- CVE-2025-38245: atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister() (bsc#1246193).\n- CVE-2025-38251: atm: clip: prevent NULL deref in clip_push() (bsc#1246181).\n- CVE-2025-38256: io_uring/rsrc: fix folio unpinning (bsc#1246188).\n- CVE-2025-38258: mm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter-\u003ememcg_path on write (bsc#1246185).\n- CVE-2025-38263: bcache: fix NULL pointer in cache_set_flush() (bsc#1246248).\n- CVE-2025-38267: ring-buffer: Do not trigger WARN_ON() due to a commit_overrun (bsc#1246245).\n- CVE-2025-38270: net: drv: netdevsim: do not napi_complete() from netpoll (bsc#1246252).\n- CVE-2025-38272: net: dsa: b53: do not enable EEE on bcm63xx (bsc#1246268).\n- CVE-2025-38301: nvmem: zynqmp_nvmem: unbreak driver after cleanup (bsc#1246351).\n- CVE-2025-38306: fs/fhandle.c: fix a race in call of has_locked_children() (bsc#1246366).\n- CVE-2025-38311: iavf: get rid of the crit lock (bsc#1246376).\n- CVE-2025-38318: perf: arm-ni: Fix missing platform_set_drvdata() (bsc#1246444).\n- CVE-2025-38322: perf/x86/intel: Fix crash in icl_update_topdown_event() (bsc#1246447).\n- CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473).\n- CVE-2025-38337: jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() (bsc#1246253).\n- CVE-2025-38341: eth: fbnic: avoid double free when failing to DMA-map FW msg (bsc#1246260).\n- CVE-2025-38349: eventpoll: do not decrement ep refcount while still holding the ep mutex (bsc#1246777).\n- CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781).\n- CVE-2025-38351: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush (bsc#1246782).\n- CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911).\n- CVE-2025-38359: s390/mm: Fix in_atomic() handling in do_secure_storage_access() (bsc#1247076).\n- CVE-2025-38360: drm/amd/display: Add more checks for DSC / HUBP ONO guarantees (bsc#1247078).\n- CVE-2025-38365: btrfs: fix a race between renames and directory logging (bsc#1247023).\n- CVE-2025-38374: optee: ffa: fix sleep in atomic context (bsc#1247024).\n- CVE-2025-38382: btrfs: fix iteration of extrefs during log replay (bsc#1247031).\n- CVE-2025-38383: mm/vmalloc: fix data race in show_numa_info() (bsc#1247250).\n- CVE-2025-38392: idpf: convert control queue mutex to a spinlock (bsc#1247169).\n- CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (bsc#1247156).\n- CVE-2025-38399: scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() (bsc#1247097).\n- CVE-2025-38402: idpf: return 0 size for RSS key if not supported (bsc#1247262).\n- CVE-2025-38408: genirq/irq_sim: Initialize work context pointers properly (bsc#1247126).\n- CVE-2025-38418: remoteproc: core: Release rproc-\u003eclean_table after rproc_attach() fails (bsc#1247137).\n- CVE-2025-38419: remoteproc: core: Cleanup acquired resources when\n rproc_handle_resources() fails in rproc_attach() (bsc#1247136).\n- CVE-2025-38426: drm/amdgpu: Add basic validation for RAS header (bsc#1247252).\n- CVE-2025-38439: bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT (bsc#1247155).\n- CVE-2025-38440: net/mlx5e: Fix race between DIM disable and net_dim() (bsc#1247290).\n- CVE-2025-38441: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() (bsc#1247167).\n- CVE-2025-38444: raid10: cleanup memleak at raid10_make_request (bsc#1247162).\n- CVE-2025-38445: md/raid1: Fix stack memory use after return in raid1_reshape (bsc#1247229).\n- CVE-2025-38451: md/md-bitmap: fix GPF in bitmap_get_stats() (bsc#1247102).\n- CVE-2025-38453: kABI: io_uring: msg_ring ensure io_kiocb freeing is deferred (bsc#1247234).\n- CVE-2025-38456: ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() (bsc#1247099).\n- CVE-2025-38457: net/sched: Abort __tc_modify_qdisc if parent class does not exist (bsc#1247098).\n- CVE-2025-38458: atm: clip: Fix NULL pointer dereference in vcc_sendmsg() (bsc#1247116).\n- CVE-2025-38459: atm: clip: Fix infinite recursive call of clip_push() (bsc#1247119).\n- CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143).\n- CVE-2025-38463: tcp: Correct signedness in skb remaining space calculation (bsc#1247113).\n- CVE-2025-38464: tipc: Fix use-after-free in tipc_conn_close() (bsc#1247112).\n- CVE-2025-38470: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime (bsc#1247288).\n- CVE-2025-38472: netfilter: nf_conntrack: fix crash due to removal of uninitialised entry (bsc#1247313).\n- CVE-2025-38475: smc: Fix various oops due to inet_sock type confusion (bsc#1247308).\n- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239).\n- CVE-2025-38490: net: libwx: remove duplicate page_pool_put_full_page() (bsc#1247243).\n- CVE-2025-38491: mptcp: make fallback action and fallback decision atomic (bsc#1247280).\n- CVE-2025-38493: tracing/osnoise: Fix crash in timerlat_dump_stack() (bsc#1247283).\n- CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347).\n- CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976).\n- CVE-2025-38500: xfrm: interface: fix use-after-free after changing collect_md xfrm interface (bsc#1248088).\n- CVE-2025-38508: x86/sev: Use TSC_FACTOR for Secure TSC frequency calculation (bsc#1248190).\n- CVE-2025-38514: rxrpc: Fix oops due to non-existence of prealloc backlog struct (bsc#1248202).\n- CVE-2025-38524: rxrpc: Fix recv-recv race of completed call (bsc#1248194).\n- CVE-2025-38526: ice: add NULL check in eswitch lag check (bsc#1248192).\n- CVE-2025-38527: smb: client: fix use-after-free in cifs_oplock_break (bsc#1248199).\n- CVE-2025-38533: net: libwx: fix the using of Rx buffer DMA (bsc#1248200).\n- CVE-2025-38539: tracing: Add down_write(trace_event_sem) when adding trace event (bsc#1248211).\n- CVE-2025-38544: rxrpc: Fix bug due to prealloc collision (bsc#1248225).\n- CVE-2025-38545: net: ethernet: ti: am65-cpsw-nuss: Fix skb size by accounting for skb_shared_info (bsc#1248224).\n- CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223).\n- CVE-2025-38549: efivarfs: Fix memory leak of efivarfs_fs_info in fs_context error paths (bsc#1248235).\n- CVE-2025-38554: mm: fix a UAF when vma-\u003emm is freed after vma-\u003evm_refcnt got dropped (bsc#1248299).\n- CVE-2025-38556: HID: core: Harden s32ton() against conversion to 0 bits (bsc#1248296).\n- CVE-2025-38560: x86/sev: Evict cache lines during SNP memory validation (bsc#1248312).\n- CVE-2025-38566: sunrpc: fix handling of server side tls alerts (bsc#1248374).\n- CVE-2025-38571: sunrpc: fix client side handling of tls alerts (bsc#1248401).\n- CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248399).\n- CVE-2025-38574: pptp: ensure minimal skb length in pptp_xmit() (bsc#1248365).\n- CVE-2025-38584: padata: Fix pd UAF once and for all (bsc1248343).\n- CVE-2025-38588: ipv6: prevent infinite loop in rt6_nlmsg_size() (bsc#1248368).\n- CVE-2025-38593: kABI workaround for bluetooth discovery_state change (bsc#1248357).\n- CVE-2025-38597: drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port (bsc#1248378).\n- CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338).\n- CVE-2025-38614: eventpoll: Fix semi-unbounded recursion (bsc#1248392).\n- CVE-2025-38616: tls: handle data disappearing from under the TLS ULP (bsc#1248512).\n- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511).\n- CVE-2025-38622: net: drop UFO packets in udp_rcv_segment() (bsc#1248619).\n- CVE-2025-38623: PCI: pnv_php: Fix surprise plug detection and recovery (bsc#1248610).\n- CVE-2025-38628: vdpa/mlx5: Fix release of uninitialized resources on error path (bsc#1248616).\n- CVE-2025-38639: netfilter: xt_nfacct: do not assume acct name is null-terminated (bsc#1248674).\n- CVE-2025-38640: bpf: Disable migration in nf_hook_run_bpf() (bsc#1248622).\n- CVE-2025-38643: wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() (bsc#1248681).\n- CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248748).\n- CVE-2025-38659: gfs2: No more self recovery (bsc#1248639).\n- CVE-2025-38660: [ceph] parse_longname(): strrchr() expects NUL-terminated string (bsc#1248634).\n- CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628).\n- CVE-2025-38676: iommu/amd: Avoid stack buffer overflow from kernel cmdline (bsc#1248775).\n- CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249126).\n- CVE-2025-38684: net/sched: ets: use old \u0027nbands\u0027 while purging unused classes (bsc#1249156).\n- CVE-2025-38686: userfaultfd: fix a crash in UFFDIO_MOVE when PMD is a migration entry (bsc#1249160).\n- CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn-\u003edd_data only if memory is allocated (bsc#1249182).\n- CVE-2025-38701: ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr (bsc#1249258).\n- CVE-2025-38709: loop: Avoid updating block size under exclusive owner (bsc#1249199).\n- CVE-2025-38710: gfs2: Validate i_depth for exhash directories (bsc#1249201).\n- CVE-2025-38730: io_uring/net: commit partial buffers on retry (bsc#1249172).\n- CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324).\n- CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320).\n- CVE-2025-39677: net/sched: Fix backlog accounting in qdisc_dequeue_internal (bsc#1249300).\n- CVE-2025-39681: x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper (bsc#1249303).\n- CVE-2025-39682: tls: fix handling of zero-length records on the rx_list (bsc#1249284).\n- CVE-2025-39683: tracing: Limit access to parser-\u003ebuffer when trace_get_user failed (bsc#1249286).\n- CVE-2025-39691: fs/buffer: fix use-after-free when call bh_read() helper (bsc#1249374).\n- CVE-2025-39698: io_uring/futex: ensure io_futex_wait() cleans up properly on failure (bsc#1249322).\n- CVE-2025-39703: net, hsr: reject HSR frame if skb can\u0027t hold tag (bsc#1249315).\n- CVE-2025-39723: kABI: netfs: handle new netfs_io_stream flag (bsc#1249314).\n- CVE-2025-39744: rcu: Fix rcu_read_unlock() deadloop due to IRQ work (bsc#1249494).\n- CVE-2025-39749: rcu: Protect -\u003edefer_qs_iw_pending from data race (bsc#1249533).\n- CVE-2025-39754: mm/smaps: fix race between smaps_hugetlb_range and migration (bsc#1249524).\n- CVE-2025-39766: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit (bsc#1249510).\n- CVE-2025-39770: net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM (bsc#1249508).\n- CVE-2025-39773: net: bridge: fix soft lockup in br_multicast_query_expired() (bsc#1249504).\n- CVE-2025-39775: mm/mremap: fix WARN with uffd that has remap events disabled (bsc#1249500).\n- CVE-2025-39782: jbd2: prevent softlockup in jbd2_log_do_checkpoint() (bsc#1249526).\n- CVE-2025-39791: dm: dm-crypt: Do not partially accept write BIOs with zoned targets (bsc#1249550).\n- CVE-2025-39792: dm: Always split write BIOs to zoned device limits (bsc#1249618).\n- CVE-2025-39797: xfrm: xfrm_alloc_spi shouldn\u0027t use 0 as SPI (bsc#1249608).\n- CVE-2025-39813: ftrace: Also allocate and copy hash for reading of filter files (bsc#1250032).\n- CVE-2025-39816: io_uring/kbuf: always use READ_ONCE() to read ring provided buffer lengths (bsc#1249906).\n- CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002).\n- CVE-2025-39825: smb: client: fix race with concurrent opens in rename(2) (bsc#1250179).\n- CVE-2025-39828: kABI workaround for struct atmdev_ops extension (bsc#1250205).\n- CVE-2025-39830: net/mlx5: HWS, Fix memory leak in hws_pool_buddy_init error path (bsc#1249974).\n- CVE-2025-39838: cifs: prevent NULL pointer dereference in UTF16 conversion (bsc#1250365).\n- CVE-2025-39842: ocfs2: prevent release journal inode after journal shutdown (bsc#1250267).\n- CVE-2025-39847: ppp: fix memory leak in pad_compress_skb (bsc#1250292).\n- CVE-2025-39850: vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects (bsc#1250276).\n- CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296).\n- CVE-2025-39852: net/tcp: Fix socket memory leak in TCP-AO failure handling for IPv6 (bsc#1250258).\n- CVE-2025-39853: i40e: Fix potential invalid access when MAC list is empty (bsc#1250275).\n- CVE-2025-39854: ice: fix NULL access of tx-\u003ein_use in ice_ll_ts_intr (bsc#1250297).\n- CVE-2025-39857: net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync() (bsc#1250251).\n- CVE-2025-39865: tee: fix NULL pointer dereference in tee_shm_put (bsc#1250294).\n- CVE-2025-39875: igb: Fix NULL pointer dereference in ethtool loopback test (bsc#1250398).\n- CVE-2025-39885: ocfs2: fix recursive semaphore deadlock in fiemap call (bsc#1250407).\n- CVE-2025-39898: e1000e: fix heap overflow in e1000_set_eeprom (bsc#1250742).\n- CVE-2025-39900: net_sched: gen_estimator: fix est_timer() vs CONFIG_PREEMPT_RT=y (bsc#1250758).\n- CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702).\n- CVE-2025-39922: ixgbe: fix incorrect map used in eee linkmode (bsc#1250722).\n- CVE-2025-39926: genetlink: fix genl_bind() invoking bind() after -EPERM (bsc#1250737).\n- CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230).\n- CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114).\n- CVE-2025-40300: x86/vmscape: Warn when STIBP is disabled with SMT (bsc#1247483).\n- CVE-2026-38264: nvme-tcp: sanitize request list handling (bsc#1246387).\n\nThe following non-security bugs were fixed:\n\n- ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids() (git-fixes).\n- ACPI/processor_idle: Add FFH state handling (jsc#PED-13815).\n- ACPI/processor_idle: Export acpi_processor_ffh_play_dead() (jsc#PED-13815).\n- ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path (stable-fixes).\n- ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered (stable-fixes).\n- ACPI: EC: Add device to acpi_ec_no_wakeup[] qurik list (stable-fixes).\n- ACPI: LPSS: Remove AudioDSP related ID (git-fixes).\n- ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message (git-fixes).\n- ACPI: RISC-V: Fix FFH_CPPC_CSR error handling (git-fixes).\n- ACPI: Return -ENODEV from acpi_parse_spcr() when SPCR support is disabled (stable-fixes).\n- ACPI: Suppress misleading SPCR console message when SPCR table is absent (stable-fixes).\n- ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT (git-fixes).\n- ACPI: battery: Add synchronization between interface updates (git-fixes).\n- ACPI: debug: fix signedness issues in read/write helpers (git-fixes).\n- ACPI: pfr_update: Fix the driver update version check (git-fixes).\n- ACPI: processor: Rescan \"dead\" SMT siblings during initialization (jsc#PED-13815).\n- ACPI: processor: fix acpi_object initialization (stable-fixes).\n- ACPI: processor: idle: Fix memory leak when register cpuidle device failed (git-fixes).\n- ACPI: processor: perflib: Fix initial _PPC limit application (git-fixes).\n- ACPI: processor: perflib: Move problematic pr-\u003eperformance check (git-fixes).\n- ACPI: property: Fix buffer properties extraction for subnodes (git-fixes).\n- ACPICA: Fix largest possible resource descriptor index (git-fixes).\n- ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported (stable-fixes).\n- ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (stable-fixes).\n- ALSA: hda/ca0132: Fix missing error handling in ca0132_alt_select_out() (git-fixes).\n- ALSA: hda/cs35l56: Workaround bad dev-index on Lenovo Yoga Book 9i GenX (stable-fixes).\n- ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model (stable-fixes).\n- ALSA: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx (stable-fixes).\n- ALSA: hda/realtek - Add mute LED support for HP Victus 15-fa0xxx (stable-fixes).\n- ALSA: hda/realtek - Fix mute LED for HP Victus 16-d1xxx (MB 8A26) (stable-fixes).\n- ALSA: hda/realtek - Fix mute LED for HP Victus 16-r0xxx (stable-fixes).\n- ALSA: hda/realtek - Fix mute LED for HP Victus 16-r1xxx (stable-fixes).\n- ALSA: hda/realtek - Fix mute LED for HP Victus 16-s0xxx (stable-fixes).\n- ALSA: hda/realtek: Add ALC295 Dell TAS2781 I2C fixup (git-fixes).\n- ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks (stable-fixes).\n- ALSA: hda/realtek: Add quirk for ASUS ROG Strix G712LWS (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS NUC using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6 (stable-fixes).\n- ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again (git-fixes).\n- ALSA: hda/realtek: Fix headset mic for TongFang X6[AF]R5xxY (stable-fixes).\n- ALSA: hda/realtek: Fix headset mic on ASUS Zenbook 14 (git-fixes).\n- ALSA: hda/realtek: Fix headset mic on HONOR BRB-X (stable-fixes).\n- ALSA: hda/realtek: Fix mute LED mask on HP OMEN 16 laptop (git-fixes).\n- ALSA: hda/realtek: Fix mute led for HP Laptop 15-dw4xx (stable-fixes).\n- ALSA: hda/realtek: add LG gram 16Z90R-A to alc269 fixup table (stable-fixes).\n- ALSA: hda: Disable jack polling at shutdown (stable-fixes).\n- ALSA: hda: Handle the jack polling always via a work (stable-fixes).\n- ALSA: hda: intel-dsp-config: Prevent SEGFAULT if ACPI_HANDLE() is NULL (git-fixes).\n- ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 (stable-fixes).\n- ALSA: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe() (git-fixes).\n- ALSA: lx_core: use int type to store negative error codes (git-fixes).\n- ALSA: pcm: Disable bottom softirqs as part of spin_lock_irq() on PREEMPT_RT (git-fixes).\n- ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop (stable-fixes).\n- ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() (git-fixes).\n- ALSA: timer: fix ida_free call while not allocated (git-fixes).\n- ALSA: usb-audio: Add DSD support for Comtrue USB Audio device (stable-fixes).\n- ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 (stable-fixes).\n- ALSA: usb-audio: Add mute TLV for playback volumes on more devices (stable-fixes).\n- ALSA: usb-audio: Add mute TLV for playback volumes on some devices (stable-fixes).\n- ALSA: usb-audio: Allow Focusrite devices to use low samplerates (git-fixes).\n- ALSA: usb-audio: Avoid multiple assignments in mixer_quirks (stable-fixes).\n- ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros (stable-fixes).\n- ALSA: usb-audio: Convert comma to semicolon (git-fixes).\n- ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks (stable-fixes).\n- ALSA: usb-audio: Fix block comments in mixer_quirks (stable-fixes).\n- ALSA: usb-audio: Fix build with CONFIG_INPUT=n (git-fixes).\n- ALSA: usb-audio: Fix code alignment in mixer_quirks (stable-fixes).\n- ALSA: usb-audio: Fix size validation in convert_chmap_v3() (git-fixes).\n- ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks (stable-fixes).\n- ALSA: usb-audio: Simplify NULL comparison in mixer_quirks (stable-fixes).\n- ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation (git-fixes).\n- ALSA: usb-audio: Validate UAC3 cluster segment descriptors (git-fixes).\n- ALSA: usb-audio: Validate UAC3 power domain descriptors, too (git-fixes).\n- ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free (git-fixes).\n- ALSA: usb-audio: move mixer_quirks\u0027 min_mute into common quirk (stable-fixes).\n- ASoC: Intel: avs: Fix uninitialized pointer error in probe() (stable-fixes).\n- ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping (git-fixes).\n- ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (git-fixes).\n- ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (git-fixes).\n- ASoC: Intel: catpt: Expose correct bit depth to userspace (git-fixes).\n- ASoC: Intel: fix SND_SOC_SOF dependencies (stable-fixes).\n- ASoC: Intel: sof_sdw: Prevent jump to NULL add_sidecar callback (git-fixes).\n- ASoC: SOF: Intel: Read the LLP via the associated Link DMA channel (git-fixes).\n- ASoC: SOF: Intel: hda-pcm: Place the constraint on period time instead of buffer time (git-fixes).\n- ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message (git-fixes).\n- ASoC: SOF: amd: acp-loader: Use GFP_KERNEL for DMA allocations in resume context (git-fixes).\n- ASoC: SOF: ipc3-topology: Fix multi-core and static pipelines tear down (git-fixes).\n- ASoC: SOF: ipc4-topology: Account for different ChainDMA host buffer size (git-fixes).\n- ASoC: SOF: ipc4-topology: Correct the minimum host DMA buffer size (git-fixes).\n- ASoC: SOF: topology: Parse the dapm_widget_tokens in case of DSPless mode (stable-fixes).\n- ASoC: amd: acp: Adjust pdm gain value (stable-fixes).\n- ASoC: amd: yc: Add DMI entries to support HP 15-fb1xxx (stable-fixes).\n- ASoC: amd: yc: Add DMI quirk for HP Laptop 17 cp-2033dx (stable-fixes).\n- ASoC: amd: yc: add DMI quirk for ASUS M6501RM (stable-fixes).\n- ASoC: codecs: rt5640: Retry DEVICE_ID verification (stable-fixes).\n- ASoC: codecs: tx-macro: correct tx_macro_component_drv name (stable-fixes).\n- ASoC: codecs: wcd9375: Fix double free of regulator supplies (git-fixes).\n- ASoC: codecs: wcd937x: Drop unused buck_supply (git-fixes).\n- ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() (stable-fixes).\n- ASoC: fsl_sai: replace regmap_write with regmap_update_bits (git-fixes).\n- ASoC: fsl_xcvr: get channel status data when PHY is not exists (git-fixes).\n- ASoC: hdac_hdmi: Rate limit logging on connection and disconnection (stable-fixes).\n- ASoC: imx-hdmi: remove cpu_pdev related code (git-fixes).\n- ASoC: mediatek: mt8365-dai-i2s: pass correct size to mt8365_dai_set_priv (git-fixes).\n- ASoC: mediatek: use reserved memory or enable buffer pre-allocation (git-fixes).\n- ASoC: ops: dynamically allocate struct snd_ctl_elem_value (git-fixes).\n- ASoC: qcom: audioreach: Fix lpaif_type configuration for the I2S interface (git-fixes).\n- ASoC: qcom: audioreach: fix potential null pointer dereference (git-fixes).\n- ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed (git-fixes).\n- ASoC: qcom: q6apm-lpass-dais: Fix missing set_fmt DAI op for I2S (git-fixes).\n- ASoC: qcom: use drvdata instead of component to keep id (stable-fixes).\n- ASoC: rt5682s: Adjust SAR ADC button mode to fix noise issue (stable-fixes).\n- ASoC: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask() (git-fixes).\n- ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed (stable-fixes).\n- ASoC: tas2781: Fix the wrong step for TLV on tas2781 (git-fixes).\n- ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() (git-fixes).\n- ASoC: wm8940: Correct PLL rate rounding (git-fixes).\n- ASoC: wm8940: Correct typo in control name (git-fixes).\n- ASoC: wm8974: Correct PLL rate rounding (git-fixes).\n- Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (git-fixes).\n- Bluetooth: ISO: Fix possible UAF on iso_conn_free (git-fixes).\n- Bluetooth: ISO: do not leak skb in ISO_CONT RX (git-fixes).\n- Bluetooth: ISO: free rx_skb if not consumed (git-fixes).\n- Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO (git-fixes).\n- Bluetooth: MGMT: Fix possible UAFs (git-fixes).\n- Bluetooth: btmtk: Fix wait_on_bit_timeout interruption during shutdown (git-fixes).\n- Bluetooth: btusb: Add USB ID 2001:332a for D-Link AX9U rev. A1 (stable-fixes).\n- Bluetooth: btusb: Add USB ID 3625:010b for TP-LINK Archer TX10UB Nano (stable-fixes).\n- Bluetooth: btusb: Add new VID/PID 0489/e14e for MT7925 (stable-fixes).\n- Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync() (git-fixes).\n- Bluetooth: hci_core: Fix using {cis,bis}_capable for current settings (git-fixes).\n- Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced (git-fixes).\n- Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync (git-fixes).\n- Bluetooth: hci_event: Mark connection as closed during suspend disconnect (git-fixes).\n- Bluetooth: hci_event: Mask data status from LE ext adv reports (git-fixes).\n- Bluetooth: hci_event: Treat UNKNOWN_CONN_ID on disconnect as success (git-fixes).\n- Bluetooth: hci_event: fix MTU for BN == 0 in CIS Established (git-fixes).\n- Bluetooth: hci_sock: Reset cookie to zero in hci_sock_free_cookie() (stable-fixes).\n- Bluetooth: hci_sync: Avoid adding default advertising on startup (stable-fixes).\n- Bluetooth: hci_sync: Fix hci_resume_advertising_sync (git-fixes).\n- Bluetooth: hci_sync: Fix scan state after PA Sync has been established (git-fixes).\n- Bluetooth: hci_sync: Fix using random address for BIG/PA advertisements (git-fixes).\n- Bluetooth: hci_sync: Prevent unintended PA sync when SID is 0xFF (git-fixes).\n- Bluetooth: hci_sync: fix set_local_name race condition (git-fixes).\n- Bluetooth: vhci: Prevent use-after-free by removing debugfs files early (git-fixes).\n- CONFIG \u0026 no reference -\u003e OK temporarily, must be resolved eventually\n- Disable CET before shutdown by tboot (bsc#1247950).\n- Docs/ABI: Fix sysfs-kernel-address_bits path (git-fixes).\n- Documentation/x86: Document new attack vector controls (git-fixes).\n- Documentation: ACPI: Fix parent device references (git-fixes).\n- Documentation: KVM: Fix unexpected unindent warning (git-fixes).\n- Documentation: KVM: Fix unexpected unindent warnings (git-fixes).\n- Documentation: usb: gadget: Wrap remaining usage snippets in literal code block (git-fixes).\n- Drop ath12k patch that was reverted in the upstream (git-fixes)\n- EDAC/{i10nm,skx,skx_common}: Support UV systems (bsc#1234693).\n- Enable CONFIG_CMA_SYSFS This is a generally useful feature for anyone\n using CMA or investigating CMA issues, with a small and simple code base\n and no runtime overhead.\n- Enable MT7925 WiFi drivers for openSUSE Leap 16.0 (bsc#1247325)\n- Enable SMC_LO (a.k.a SMC-D) (jsc#PED-13256).\n- Fix bogus i915 patch backport (bsc#1238972) It\u0027s been already cherry-picked in 6.12 kernel itself.\n- Fix dma_unmap_sg() nents value (git-fixes)\n- HID: amd_sfh: Add sync across amd sfh work functions (git-fixes).\n- HID: apple: avoid setting up battery timer for devices without battery (git-fixes).\n- HID: apple: validate feature-report field count to prevent NULL pointer dereference (git-fixes).\n- HID: asus: add support for missing PX series fn keys (stable-fixes).\n- HID: asus: fix UAF via HID_CLAIMED_INPUT validation (git-fixes).\n- HID: core: do not bypass hid_hw_raw_request (stable-fixes).\n- HID: core: ensure the allocated report buffer can contain the reserved report ID (stable-fixes).\n- HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() (stable-fixes).\n- HID: hidraw: tighten ioctl command parsing (git-fixes).\n- HID: input: rename hidinput_set_battery_charge_status() (stable-fixes).\n- HID: input: report battery status changes immediately (git-fixes).\n- HID: intel-ish-ipc: Remove redundant ready check after timeout function (git-fixes).\n- HID: logitech: Add ids for G PRO 2 LIGHTSPEED (stable-fixes).\n- HID: magicmouse: avoid setting up battery timer when not needed (git-fixes).\n- HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() (git-fixes).\n- HID: quirks: add support for Legion Go dual dinput modes (stable-fixes).\n- HID: wacom: Add a new Art Pen 2 (stable-fixes).\n- IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions (git-fixes)\n- IB/sa: Fix sa_local_svc_timeout_ms read race (git-fixes)\n- Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table (stable-fixes).\n- Input: iqs7222 - avoid enabling unused interrupts (stable-fixes).\n- Input: psxpad-spi - add a check for the return value of spi_setup() (git-fixes).\n- Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak (git-fixes).\n- KEYS: X.509: Fix Basic Constraints CA flag parsing (git-fixes).\n- KEYS: trusted_tpm1: Compare HMAC values in constant time (git-fixes).\n- KVM: Allow CPU to reschedule while setting per-page memory attributes (git-fixes).\n- KVM: Bail from the dirty ring reset flow if a signal is pending (git-fixes).\n- KVM: Bound the number of dirty ring entries in a single reset at INT_MAX (git-fixes).\n- KVM: Conditionally reschedule when resetting the dirty ring (git-fixes).\n- KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199).\n- KVM: SVM: Disable interception of SPEC_CTRL iff the MSR exists for the guest (git-fixes).\n- KVM: SVM: Fix SNP AP destroy race with VMRUN (git-fixes).\n- KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight (git-fixes).\n- KVM: TDX: Add new TDVMCALL status code for unsupported subfuncs (jsc#PED-13302).\n- KVM: TDX: Do not report base TDVMCALLs (git-fixes).\n- KVM: TDX: Exit to userspace for GetTdVmCallInfo (jsc#PED-13302).\n- KVM: TDX: Exit to userspace for SetupEventNotifyInterrupt (jsc#PED-13302).\n- KVM: TDX: Handle TDG.VP.VMCALL\u0026lt;GetQuote\u003e (jsc#PED-13302).\n- KVM: TDX: Report supported optional TDVMCALLs in TDX capabilities (jsc#PED-13302).\n- KVM: TDX: Use kvm_arch_vcpu.host_debugctl to restore the host\u0027s DEBUGCTL (git-fixes).\n- KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest (git-fixes).\n- KVM: VMX: Ensure unused kvm_tdx_capabilities fields are zeroed out (jsc#PED-13302).\n- KVM: arm64: Adjust range correctly during host stage-2 faults (git-fixes).\n- KVM: arm64: Do not free hyp pages with pKVM on GICv2 (git-fixes).\n- KVM: arm64: Fix error path in init_hyp_mode() (git-fixes).\n- KVM: arm64: Mark freed S2 MMUs as invalid (git-fixes).\n- KVM: arm64: vgic: fix incorrect spinlock API usage (git-fixes).\n- KVM: s390: Fix access to unavailable adapter indicator pages during postcopy (git-fixes bsc#1250124).\n- KVM: s390: Fix incorrect usage of mmu_notifier_register() (git-fixes bsc#1250123).\n- KVM: x86/mmu: Locally cache whether a PFN is host MMIO when making a SPTE (git-fixes).\n- KVM: x86/xen: Allow \u0027out of range\u0027 event channel ports in IRQ routing table (git-fixes).\n- KVM: x86: Avoid calling kvm_is_mmio_pfn() when kvm_x86_ops.get_mt_mask is NULL (git-fixes).\n- KVM: x86: Convert vcpu_run()\u0027s immediate exit param into a generic bitmap (git-fixes).\n- KVM: x86: Drop pending_smi vs. INIT_RECEIVED check when setting MP_STATE (git-fixes).\n- KVM: x86: Reject KVM_SET_TSC_KHZ vCPU ioctl for TSC protected guest (git-fixes).\n- KVM: x86: avoid underflow when scaling TSC frequency (git-fixes).\n- Limit patch filenames to 100 characters (bsc#1249604).\n- Move upstreamed SPI patch into sorted section\n- NFS: Fix a race when updating an existing write (git-fixes).\n- NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (git-fixes).\n- NFS: Fix the setting of capabilities when automounting a new filesystem (git-fixes).\n- NFS: Fix wakeup of __nfs_lookup_revalidate() in unblock_revalidate() (git-fixes).\n- NFS: Fixup allocation flags for nfsiod\u0027s __GFP_NORETRY (git-fixes).\n- NFS: nfs_invalidate_folio() must observe the offset and size arguments (git-fixes).\n- NFSD: Define a proc_layoutcommit for the FlexFiles layout type (git-fixes).\n- NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() (git-fixes).\n- NFSD: detect mismatch of file handle and delegation stateid in OPEN op (git-fixes).\n- NFSv4.1: fix backchannel max_resp_sz verification check (git-fixes).\n- NFSv4.2: another fix for listxattr (git-fixes).\n- NFSv4/flexfiles: Fix layout merge mirror check (git-fixes).\n- NFSv4: Clear NFS_CAP_OPEN_XOR and NFS_CAP_DELEGTIME if not supported (git-fixes).\n- NFSv4: Clear the NFS_CAP_FS_LOCATIONS flag if it is not set (git-fixes).\n- NFSv4: Clear the NFS_CAP_XATTR flag if not supported by the server (git-fixes).\n- NFSv4: Do not clear capabilities that won\u0027t be reset (git-fixes).\n- Octeontx2-af: Skip overlap check for SPI field (git-fixes).\n- PCI/ACPI: Fix pci_acpi_preserve_config() memory leak (git-fixes).\n- PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (git-fixes).\n- PCI/AER: Fix missing uevent on recovery when a reset is requested (git-fixes).\n- PCI/ERR: Fix uevent on failure to recover (git-fixes).\n- PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV (git-fixes).\n- PCI/MSI: Export pci_msix_prepare_desc() for dynamic MSI-X allocations (bsc#1245457).\n- PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge (git-fixes).\n- PCI/pwrctrl: Fix device leak at registration (git-fixes).\n- PCI/sysfs: Ensure devices are powered for config reads (git-fixes).\n- PCI: Extend isolated function probing to LoongArch (git-fixes).\n- PCI: Rename PCIE_RESET_CONFIG_DEVICE_WAIT_MS to PCIE_RESET_CONFIG_WAIT_MS (git-fixes).\n- PCI: Support Immediate Readiness on devices without PM capabilities (git-fixes).\n- PCI: dw-rockchip: Replace PERST# sleep time with proper macro (git-fixes).\n- PCI: dw-rockchip: Wait PCIE_RESET_CONFIG_WAIT_MS after link-up IRQ (git-fixes).\n- PCI: dwc: Ensure that dw_pcie_wait_for_link() waits 100 ms after link up (stable-fixes).\n- PCI: endpoint: Fix configfs group list head handling (git-fixes).\n- PCI: endpoint: Fix configfs group removal on driver teardown (git-fixes).\n- PCI: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem attribute (git-fixes).\n- PCI: endpoint: pci-epf-vntb: Return -ENOENT if pci_epc_get_next_free_bar() fails (git-fixes).\n- PCI: hv: Allow dynamic MSI-X vector allocation (bsc#1245457).\n- PCI: imx6: Add IMX8MM_EP and IMX8MP_EP fixed 256-byte BAR 4 in epc_features (git-fixes).\n- PCI: imx6: Add IMX8MQ_EP third 64-bit BAR in epc_features (git-fixes).\n- PCI: imx6: Add i.MX8Q PCIe Endpoint (EP) support (git-fixes).\n- PCI: imx6: Delay link start until configfs \u0027start\u0027 written (git-fixes).\n- PCI: imx6: Remove apps_reset toggling from imx_pcie_{assert/deassert}_core_reset (git-fixes).\n- PCI: j721e: Fix incorrect error message in probe() (git-fixes).\n- PCI: j721e: Fix programming sequence of \"strap\" settings (git-fixes).\n- PCI: keystone: Use devm_request_irq() to free \"ks-pcie-error-irq\" on exit (git-fixes).\n- PCI: pnv_php: Clean up allocated IRQs on unplug (bsc#1215199).\n- PCI: pnv_php: Work around switches with broken presence detection (bsc#1215199).\n- PCI: qcom: Wait PCIE_RESET_CONFIG_WAIT_MS after link-up IRQ (git-fixes).\n- PCI: rcar-gen4: Add missing 1ms delay after PWR reset assertion (git-fixes).\n- PCI: rcar-gen4: Assure reset occurs before DBI access (git-fixes).\n- PCI: rcar-gen4: Fix PHY initialization (git-fixes).\n- PCI: rcar-gen4: Fix inverted break condition in PHY initialization (git-fixes).\n- PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock (git-fixes).\n- PCI: rcar-host: Drop PMSR spinlock (git-fixes).\n- PCI: rockchip-host: Fix \"Unexpected Completion\" log message (git-fixes).\n- PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining (git-fixes).\n- PCI: rockchip: Use standard PCIe definitions (git-fixes).\n- PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq() (git-fixes).\n- PCI: tegra194: Fix duplicate PLL disable in pex_ep_event_pex_rst_assert() (git-fixes).\n- PCI: tegra194: Handle errors in BPMP response (git-fixes).\n- PCI: tegra194: Reset BARs when running in PCIe endpoint mode (git-fixes).\n- PCI: tegra: Convert struct tegra_msi mask_lock into raw spinlock (git-fixes).\n- PCI: tegra: Fix devm_kcalloc() argument order for port-\u003ephys allocation (git-fixes).\n- PCI: xilinx-nwl: Fix ECAM programming (git-fixes).\n- PM / devfreq: Check governor before using governor-\u003ename (git-fixes).\n- PM / devfreq: Fix a index typo in trans_stat (git-fixes).\n- PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() (stable-fixes).\n- PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() (git-fixes).\n- PM / devfreq: rockchip-dfi: double count on RK3588 (git-fixes).\n- PM: EM: use kfree_rcu() to simplify the code (stable-fixes).\n- PM: cpufreq: powernv/tracing: Move powernv_throttle trace event (git-fixes).\n- PM: hibernate: Add pm_hibernation_mode_is_suspend() (bsc#1243112).\n- PM: hibernate: Add stub for pm_hibernate_is_recovering() (bsc#1243112).\n- PM: hibernate: Fix pm_hibernation_mode_is_suspend() build breakage (bsc#1243112).\n- PM: hibernate: add new api pm_hibernate_is_recovering() (bsc#1243112).\n- PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() (stable-fixes).\n- PM: runtime: Take active children into account in pm_runtime_get_if_in_use() (git-fixes).\n- PM: sleep: console: Fix the black screen issue (stable-fixes).\n- PM: sleep: core: Clear power.must_resume in noirq suspend error path (git-fixes).\n- RAS/AMD/ATL: Include row bit in row retirement (bsc#1242034).\n- RAS/AMD/FMPM: Get masked address (bsc#1242034).\n- RDMA/bnxt_re: Fix a possible memory leak in the driver (git-fixes)\n- RDMA/bnxt_re: Fix size of uverbs_copy_to() in BNXT_RE_METHOD_GET_TOGGLE_MEM (git-fixes)\n- RDMA/bnxt_re: Fix to do SRQ armena by default (git-fixes)\n- RDMA/bnxt_re: Fix to initialize the PBL array (git-fixes)\n- RDMA/bnxt_re: Fix to remove workload check in SRQ limit path (git-fixes)\n- RDMA/cm: Rate limit destroy CM ID timeout error message (git-fixes)\n- RDMA/core: Rate limit GID cache warning messages (git-fixes)\n- RDMA/core: Resolve MAC of next-hop device without ARP support (git-fixes)\n- RDMA/core: reduce stack using in nldev_stat_get_doit() (git-fixes)\n- RDMA/counter: Check CAP_NET_RAW check in user namespace for RDMA counters (git-fixes)\n- RDMA/erdma: Fix ignored return value of init_kernel_qp (git-fixes)\n- RDMA/hns: Drop GFP_NOWARN (git-fixes)\n- RDMA/hns: Fix -Wframe-larger-than issue (git-fixes)\n- RDMA/hns: Fix HW configurations not cleared in error flow (git-fixes)\n- RDMA/hns: Fix accessing uninitialized resources (git-fixes)\n- RDMA/hns: Fix dip entries leak on devices newer than hip09 (git-fixes)\n- RDMA/hns: Fix double destruction of rsv_qp (git-fixes)\n- RDMA/hns: Fix querying wrong SCC context for DIP algorithm (git-fixes)\n- RDMA/hns: Get message length of ack_req from FW (git-fixes)\n- RDMA/mana_ib: Add device statistics support (bsc#1246651).\n- RDMA/mana_ib: Drain send wrs of GSI QP (bsc#1251135).\n- RDMA/mana_ib: Extend modify QP (bsc#1251135).\n- RDMA/mana_ib: Fix DSCP value in modify QP (git-fixes).\n- RDMA/mana_ib: add additional port counters (git-fixes).\n- RDMA/mana_ib: add support of multiple ports (git-fixes).\n- RDMA/mlx5: Better estimate max_qp_wr to reflect WQE count (git-fixes)\n- RDMA/mlx5: Check CAP_NET_RAW in user namespace for anchor create (git-fixes)\n- RDMA/mlx5: Check CAP_NET_RAW in user namespace for devx create (git-fixes)\n- RDMA/mlx5: Check CAP_NET_RAW in user namespace for flow create (git-fixes)\n- RDMA/mlx5: Fix UMR modifying of mkey page size (git-fixes)\n- RDMA/mlx5: Fix compilation warning when USER_ACCESS isn\u0027t set (git-fixes)\n- RDMA/mlx5: Fix vport loopback forcing for MPV device (git-fixes)\n- RDMA/nldev: Check CAP_NET_RAW in user namespace for QP modify (git-fixes)\n- RDMA/rxe: Fix race in do_task() when draining (git-fixes)\n- RDMA/rxe: Flush delayed SKBs while releasing RXE resources (git-fixes)\n- RDMA/siw: Always report immediate post SQ errors (git-fixes)\n- RDMA/siw: Fix the sendmsg byte count in siw_tcp_sendpages (git-fixes)\n- RDMA/uverbs: Add empty rdma_uattrs_has_raw_cap() declaration (git-fixes)\n- RDMA/uverbs: Check CAP_NET_RAW in user namespace for QP create (git-fixes)\n- RDMA/uverbs: Check CAP_NET_RAW in user namespace for RAW QP create (git-fixes)\n- RDMA/uverbs: Check CAP_NET_RAW in user namespace for flow create (git-fixes)\n- RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (git-fixes)\n- README.BRANCH: mfranc@suse.cz leaving SUSE\n- RISC-V: Add defines for the SBI nested acceleration extension (jsc#PED-348).\n- Reapply \"wifi: mac80211: Update skb\u0027s control block key in ieee80211_tx_dequeue()\" (git-fixes).\n- Reapply \"x86/smp: Eliminate mwait_play_dead_cpuid_hint()\" (jsc#PED-13815).\n- Revert \"SUNRPC: Do not allow waiting for exiting tasks\" (git-fixes).\n- Revert \"drm/amdgpu: fix incorrect vm flags to map bo\" (stable-fixes).\n- Revert \"drm/nouveau: check ioctl command codes better\" (git-fixes).\n- Revert \"gpio: mlxbf3: only get IRQ for device instance 0\" (git-fixes).\n- Revert \"leds: trigger: netdev: Configure LED blink interval for HW offload\" (git-fixes).\n- Revert \"mac80211: Dynamically set CoDel parameters per station\" (stable-fixes).\n- Revert \"usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running\" (git-fixes).\n- Revert \"vgacon: Add check for vc_origin address range in vgacon_scroll()\" (stable-fixes).\n- Revert \"wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO\" (git-fixes).\n- SUNRPC: call xs_sock_process_cmsg for all cmsg (git-fixes).\n- Squashfs: add additional inode sanity checking (git-fixes).\n- Squashfs: fix uninit-value in squashfs_get_parent (git-fixes).\n- Squashfs: reject negative file sizes in squashfs_read_inode() (git-fixes).\n- USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels (git-fixes).\n- USB: gadget: f_hid: Fix memory leak in hidg_bind error path (git-fixes).\n- USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI (stable-fixes).\n- USB: serial: option: add Foxconn T99W640 (stable-fixes).\n- USB: serial: option: add Foxconn T99W709 (stable-fixes).\n- USB: serial: option: add SIMCom 8230C compositions (stable-fixes).\n- USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition (stable-fixes).\n- USB: serial: option: add Telit Cinterion FN990A w/audio compositions (stable-fixes).\n- USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions (stable-fixes).\n- USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera (stable-fixes).\n- USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles (stable-fixes).\n- Update config files. (bsc#1249186) Enable where we define KABI refs + rely on Kconfig deps.\n- Update config files: revive pwc driver for Leap (bsc#1249060)\n- accel/habanalabs/gaudi2: Use kvfree() for memory allocated with kvcalloc() (git-fixes).\n- accel/ivpu: Correct DCT interrupt handling (git-fixes).\n- accel/ivpu: Fix reset_engine debugfs file logic (stable-fixes).\n- accel/ivpu: Fix warning in ivpu_gem_bo_free() (git-fixes).\n- accel/ivpu: Prevent recovery work from being queued during device removal (git-fixes).\n- amdgpu/amdgpu_discovery: increase timeout limit for IFWI init (stable-fixes).\n- aoe: defer rexmit timer downdev work to workqueue (git-fixes).\n- arch/powerpc: Remove .interp section in vmlinux (bsc#1215199).\n- arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() (git-fixes)\n- arm64/mm: Check PUD_TYPE_TABLE in pud_bad() (git-fixes)\n- arm64/mm: Check pmd_table() in pmd_trans_huge() (git-fixes)\n- arm64/mm: Close theoretical race where stale TLB entry remains valid (git-fixes)\n- arm64/mm: Drop wrong writes into TCR2_EL1 (git-fixes)\n- arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes)\n- arm64/sysreg: Add register fields for HDFGRTR2_EL2 (git-fixes)\n- arm64/sysreg: Add register fields for HDFGWTR2_EL2 (git-fixes)\n- arm64/sysreg: Add register fields for HFGITR2_EL2 (git-fixes)\n- arm64/sysreg: Add register fields for HFGRTR2_EL2 (git-fixes)\n- arm64/sysreg: Add register fields for HFGWTR2_EL2 (git-fixes)\n- arm64/sysreg: Update register fields for ID_AA64MMFR0_EL1 (git-fixes)\n- arm64: Filter out SME hwcaps when FEAT_SME isn\u0027t implemented (git-fixes)\n- arm64: Handle KCOV __init vs inline mismatches (git-fixes)\n- arm64: Mark kernel as tainted on SAE and SError panic (git-fixes)\n- arm64: Restrict pagetable teardown to avoid false warning (git-fixes)\n- arm64: config: Make tpm_tis_spi module build-in (bsc#1246896)\n- arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD (git-fixes)\n- arm64: dts: add big-endian property back into watchdog node (git-fixes)\n- arm64: dts: apple: Add ethernet0 alias for J375 template (git-fixes)\n- arm64: dts: apple: t8103-j457: Fix PCIe ethernet iommu-map (git-fixes)\n- arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename (git-fixes)\n- arm64: dts: exynos: gs101: Add \u0027local-timer-stop\u0027 to cpuidle nodes (git-fixes)\n- arm64: dts: exynos: gs101: ufs: add dma-coherent property (git-fixes)\n- arm64: dts: freescale: imx8mm-verdin: Keep LDO5 always on (git-fixes)\n- arm64: dts: freescale: imx93-tqma9352: Limit BUCK2 to 600mV (git-fixes)\n- arm64: dts: imx8mm-beacon: Fix HS400 USDHC clock speed (git-fixes)\n- arm64: dts: imx8mm-beacon: Fix RTC capacitive load (git-fixes)\n- arm64: dts: imx8mm-beacon: Set SAI5 MCLK direction to output for HDMI (git-fixes)\n- arm64: dts: imx8mm-venice-gw700x: Increase HS400 USDHC clock speed (git-fixes)\n- arm64: dts: imx8mm-venice-gw7901: Increase HS400 USDHC clock speed (git-fixes)\n- arm64: dts: imx8mm-venice-gw7902: Increase HS400 USDHC clock speed (git-fixes)\n- arm64: dts: imx8mm-venice-gw7903: Increase HS400 USDHC clock speed (git-fixes)\n- arm64: dts: imx8mm-venice-gw7904: Increase HS400 USDHC clock speed (git-fixes)\n- arm64: dts: imx8mn-beacon: Fix HS400 USDHC clock speed (git-fixes)\n- arm64: dts: imx8mn-beacon: Fix RTC capacitive load (git-fixes)\n- arm64: dts: imx8mn-beacon: Set SAI5 MCLK direction to output for HDMI (git-fixes)\n- arm64: dts: imx8mn-venice-gw7902: Increase HS400 USDHC clock speed (git-fixes)\n- arm64: dts: imx8mp-beacon: Fix RTC capacitive load (git-fixes)\n- arm64: dts: imx8mp-tqma8mpql: fix LDO5 power off (git-fixes)\n- arm64: dts: imx8mp-venice-gw702x: Increase HS400 USDHC clock speed (git-fixes)\n- arm64: dts: imx8mp-venice-gw71xx: fix TPM SPI frequency (git-fixes)\n- arm64: dts: imx8mp-venice-gw72xx: fix TPM SPI frequency (git-fixes)\n- arm64: dts: imx8mp-venice-gw73xx: fix TPM SPI frequency (git-fixes)\n- arm64: dts: imx8mp-venice-gw74xx: fix TPM SPI frequency (git-fixes)\n- arm64: dts: imx8mp: Correct thermal sensor index (git-fixes)\n- arm64: dts: imx8mp: Fix missing microSD slot vqmmc on DH electronics (git-fixes)\n- arm64: dts: imx8mp: Fix missing microSD slot vqmmc on Data Modul (git-fixes)\n- arm64: dts: imx93-kontron: Fix GPIO for panel regulator (git-fixes)\n- arm64: dts: imx93-kontron: Fix USB port assignment (git-fixes)\n- arm64: dts: imx95: Correct the DMA interrupter number of pcie0_ep (git-fixes)\n- arm64: dts: imx95: Correct the lpuart7 and lpuart8 srcid (git-fixes)\n- arm64: dts: marvell: cn9132-clearfog: disable eMMC high-speed modes (git-fixes)\n- arm64: dts: marvell: cn9132-clearfog: fix multi-lane pci x2 and x4 (git-fixes)\n- arm64: dts: rockchip: Add cd-gpios for sdcard detect on Cool Pi 4B (git-fixes).\n- arm64: dts: rockchip: Add cd-gpios for sdcard detect on Cool Pi CM5 (git-fixes)\n- arm64: dts: rockchip: Add vcc-supply to SPI flash on (git-fixes)\n- arm64: dts: rockchip: Add vcc-supply to SPI flash on rk3566-rock3c (git-fixes)\n- arm64: dts: rockchip: Fix Bluetooth interrupts flag on Neardi LBA3368 (git-fixes)\n- arm64: dts: rockchip: Fix the headphone detection on the orangepi 5 (git-fixes)\n- arm64: dts: rockchip: Move SHMEM memory to reserved memory on rk3588 (git-fixes)\n- arm64: dts: rockchip: Update eMMC for NanoPi R5 series (git-fixes)\n- arm64: dts: rockchip: disable unrouted USB controllers and PHY on (git-fixes)\n- arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma (git-fixes)\n- arm64: dts: rockchip: fix endpoint dtc warning for PX30 ISP (git-fixes)\n- arm64: dts: rockchip: fix internal USB hub instability on RK3399 Puma (git-fixes)\n- arm64: dts: rockchip: use cs-gpios for spi1 on ringneck (git-fixes)\n- arm64: dts: st: fix timer used for ticks (git-fixes)\n- arm64: ftrace: fix unreachable PLT for ftrace_caller in init_module (git-fixes)\n- arm64: map [_text, _stext) virtual address range (git-fixes)\n- arm64: mte: Do not flag the zero page as PG_mte_tagged (git-fixes)\n- arm64: poe: Handle spurious Overlay faults (git-fixes)\n- arm64: rust: clean Rust 1.85.0 warning using softfloat target (git-fixes)\n- arm64: stacktrace: Check kretprobe_find_ret_addr() return value (git-fixes)\n- arm64: tegra: Add uartd serial alias for Jetson TX1 module (git-fixes)\n- arm64: tegra: Drop remaining serial clock-names and reset-names (git-fixes)\n- arm64: tegra: Resize aperture for the IGX PCIe C5 slot (git-fixes)\n- arm64: tegra: p2597: Fix gpio for vdd-1v8-dis regulator (git-fixes)\n- arm64: zynqmp: add clock-output-names property in clock nodes (git-fixes)\n- ata: ahci: Disable DIPM if host lacks support (stable-fixes).\n- ata: ahci: Disallow LPM policy control if not supported (stable-fixes).\n- ata: libata-sata: Add link_power_management_supported sysfs attribute (git-fixes).\n- ata: libata-sata: Disallow changing LPM state if not supported (stable-fixes).\n- ata: libata-scsi: Fix CDL control (git-fixes).\n- audit,module: restore audit logging in load failure case (git-fixes).\n- ax25: properly unshare skbs in ax25_kiss_rcv() (git-fixes).\n- batman-adv: fix OOB read/write in network-coding decode (git-fixes).\n- benet: fix BUG when creating VFs (git-fixes).\n- block: Introduce bio_needs_zone_write_plugging() (git-fixes).\n- block: Make REQ_OP_ZONE_FINISH a write operation (git-fixes, bsc#1249552).\n- block: ensure discard_granularity is zero when discard is not supported (git-fixes).\n- block: fix kobject leak in blk_unregister_queue (git-fixes).\n- block: mtip32xx: Fix usage of dma_map_sg() (git-fixes).\n- block: sanitize chunk_sectors for atomic write limits (git-fixes).\n- bnxt_en: Add a helper function to configure MRU and RSS (git-fixes).\n- bnxt_en: Adjust TX rings if reservation is less than requested (git-fixes).\n- bnxt_en: Fix DCB ETS validation (git-fixes).\n- bnxt_en: Fix memory corruption when FW resources change during ifdown (git-fixes).\n- bnxt_en: Fix stats context reservation logic (git-fixes).\n- bnxt_en: Flush FW trace before copying to the coredump (git-fixes).\n- bnxt_en: Update MRU and RSS table of RSS contexts on queue reset (git-fixes).\n- bnxt_en: eliminate the compile warning in bnxt_request_irq due to CONFIG_RFS_ACCEL (git-fixes).\n- bpf, arm64: Call bpf_jit_binary_pack_finalize() in bpf_jit_free() (git-fixes)\n- bpf, arm64: Fix fp initialization for exception boundary (git-fixes)\n- bpf, docs: Fix broken link to renamed bpf_iter_task_vmas.c (git-fixes).\n- bpf, sockmap: Fix psock incorrectly pointing to sk (git-fixes).\n- bpf: Adjust free target to avoid global starvation of LRU map (git-fixes).\n- bpf: Allow XDP dev-bound programs to perform XDP_REDIRECT into maps (git-fixes).\n- bpf: Avoid RCU context warning when unpinning htab with internal structs (git-fixes).\n- bpf: Check link_create.flags parameter for multi_kprobe (git-fixes).\n- bpf: Check link_create.flags parameter for multi_uprobe (git-fixes).\n- bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} (git-fixes).\n- bpf: Fix uninitialized values in BPF_{CORE,PROBE}_READ (git-fixes).\n- bpf: Forget ranges when refining tnum after JSET (git-fixes).\n- bpf: Make reg_not_null() true for CONST_PTR_TO_MAP (git-fixes).\n- bpf: Only fails the busy counter check in bpf_cgrp_storage_get if it creates storage (git-fixes).\n- bpf: Reject %p% format string in bprintf-like helpers (git-fixes).\n- bpf: Reject attaching fexit/fmod_ret to __noreturn functions (git-fixes).\n- bpf: Reject narrower access to pointer ctx fields (git-fixes).\n- bpf: Return prog btf_id without capable check (git-fixes).\n- bpf: Use preempt_count() directly in bpf_send_signal_common() (git-fixes).\n- bpf: Use proper type to calculate bpf_raw_tp_null_args.mask index (git-fixes).\n- bpf: fix possible endless loop in BPF map iteration (git-fixes).\n- btrfs: abort transaction during log replay if walk_log_tree() failed (git-fixes).\n- btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() (git-fixes).\n- btrfs: add assertions and comment about path expectations to btrfs_cross_ref_exist() (git-fixes).\n- btrfs: add debug build only WARN (bsc#1249038).\n- btrfs: add function comment for check_committed_ref() (git-fixes).\n- btrfs: always abort transaction on failure to add block group to free space tree (git-fixes).\n- btrfs: avoid load/store tearing races when checking if an inode was logged (git-fixes).\n- btrfs: avoid redundant call to get inline ref type at check_committed_ref() (git-fixes).\n- btrfs: avoid starting new transaction when cleaning qgroup during subvolume drop (git-fixes).\n- btrfs: clear dirty status from extent buffer on error at insert_new_root() (git-fixes).\n- btrfs: codify pattern for adding block_group to bg_list (git-fixes).\n- btrfs: convert ASSERT(0) with handled errors to DEBUG_WARN() (bsc#1249038).\n- btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling (git-fixes).\n- btrfs: correctly escape subvol in btrfs_show_options() (git-fixes).\n- btrfs: do not allow relocation of partially dropped subvolumes (bsc#1249540).\n- btrfs: do not ignore inode missing when replaying log tree (git-fixes).\n- btrfs: do not output error message if a qgroup has been already cleaned up (git-fixes).\n- btrfs: do not return VM_FAULT_SIGBUS on failure to set delalloc for mmap write (bsc#1247949).\n- btrfs: do not silently ignore unexpected extent type when replaying log (git-fixes).\n- btrfs: do not skip remaining extrefs if dir not found during log replay (git-fixes).\n- btrfs: enhance ASSERT() to take optional format string (bsc#1249038).\n- btrfs: error on missing block group when unaccounting log tree extent buffers (git-fixes).\n- btrfs: exit after state split error at set_extent_bit() (git-fixes).\n- btrfs: explicitly ref count block_group on new_bgs list (bsc#1243068)\n- btrfs: fix -ENOSPC mmap write failure on NOCOW files/extents (bsc#1247949).\n- btrfs: fix assertion when building free space tree (git-fixes).\n- btrfs: fix corruption reading compressed range when block size is smaller than page size (git-fixes).\n- btrfs: fix data overwriting bug during buffered write when block size \u0026lt; page size (git-fixes).\n- btrfs: fix data race when accessing the inode\u0027s disk_i_size at btrfs_drop_extents() (git-fixes).\n- btrfs: fix incorrect log message for nobarrier mount option (git-fixes).\n- btrfs: fix inode lookup error handling during log replay (git-fixes).\n- btrfs: fix invalid extref key setup when replaying dentry (git-fixes).\n- btrfs: fix invalid inode pointer after failure to create reloc inode (git-fixes).\n- btrfs: fix invalid inode pointer dereferences during log replay (git-fixes).\n- btrfs: fix iteration bug in __qgroup_excl_accounting() (git-fixes).\n- btrfs: fix log tree replay failure due to file with 0 links and extents (git-fixes).\n- btrfs: fix missing error handling when searching for inode refs during log replay (git-fixes).\n- btrfs: fix non-empty delayed iputs list on unmount due to async workers (git-fixes).\n- btrfs: fix printing of mount info messages for NODATACOW/NODATASUM (git-fixes).\n- btrfs: fix race between logging inode and checking if it was logged before (git-fixes).\n- btrfs: fix race between setting last_dir_index_offset and inode logging (git-fixes).\n- btrfs: fix squota compressed stats leak (git-fixes).\n- btrfs: fix ssd_spread overallocation (git-fixes).\n- btrfs: fix subvolume deletion lockup caused by inodes xarray race (git-fixes).\n- btrfs: fix the inode leak in btrfs_iget() (git-fixes).\n- btrfs: fix two misuses of folio_shift() (git-fixes).\n- btrfs: fix wrong length parameter for btrfs_cleanup_ordered_extents() (git-fixes).\n- btrfs: handle unaligned EOF truncation correctly for subpage cases (bsc#1249038).\n- btrfs: initialize inode::file_extent_tree after i_mode has been set (git-fixes).\n- btrfs: make btrfs_discard_workfn() block_group ref explicit (bsc#1243068)\n- btrfs: make btrfs_iget() return a btrfs inode instead (git-fixes).\n- btrfs: make btrfs_iget_path() return a btrfs inode instead (git-fixes).\n- btrfs: move transaction aborts to the error site in add_block_group_free_space() (git-fixes).\n- btrfs: pass a btrfs_inode to fixup_inode_link_count() (git-fixes).\n- btrfs: pass struct btrfs_inode to btrfs_defrag_file() (git-fixes).\n- btrfs: pass struct btrfs_inode to btrfs_double_mmap_lock() (git-fixes).\n- btrfs: pass struct btrfs_inode to btrfs_double_mmap_unlock() (git-fixes).\n- btrfs: pass struct btrfs_inode to btrfs_extent_same_range() (git-fixes).\n- btrfs: pass struct btrfs_inode to btrfs_fill_inode() (git-fixes).\n- btrfs: pass struct btrfs_inode to btrfs_iget_locked() (git-fixes).\n- btrfs: pass struct btrfs_inode to btrfs_inode_inherit_props() (git-fixes).\n- btrfs: pass struct btrfs_inode to btrfs_inode_type() (git-fixes).\n- btrfs: pass struct btrfs_inode to btrfs_load_inode_props() (git-fixes).\n- btrfs: pass struct btrfs_inode to btrfs_read_locked_inode() (git-fixes).\n- btrfs: pass struct btrfs_inode to can_nocow_extent() (git-fixes).\n- btrfs: pass struct btrfs_inode to clone_copy_inline_extent() (git-fixes).\n- btrfs: pass struct btrfs_inode to extent_range_clear_dirty_for_io() (git-fixes).\n- btrfs: pass struct btrfs_inode to fill_stack_inode_item() (git-fixes).\n- btrfs: pass struct btrfs_inode to new_simple_dir() (git-fixes).\n- btrfs: pass true to btrfs_delalloc_release_space() at btrfs_page_mkwrite() (bsc#1247949).\n- btrfs: propagate last_unlink_trans earlier when doing a rmdir (git-fixes).\n- btrfs: props: switch prop_handler::apply to struct btrfs_inode (git-fixes).\n- btrfs: props: switch prop_handler::extract to struct btrfs_inode (git-fixes).\n- btrfs: push cleanup into btrfs_read_locked_inode() (git-fixes).\n- btrfs: qgroup: fix qgroup create ioctl returning success after quotas disabled (git-fixes).\n- btrfs: qgroup: fix race between quota disable and quota rescan ioctl (git-fixes).\n- btrfs: qgroup: remove no longer used fs_info-\u003eqgroup_ulist (git-fixes).\n- btrfs: qgroup: set quota enabled bit if quota disable fails flushing reservations (git-fixes).\n- btrfs: record new subvolume in parent dir earlier to avoid dir logging races (git-fixes).\n- btrfs: remove conditional path allocation in btrfs_read_locked_inode() (git-fixes).\n- btrfs: remove no longer needed strict argument from can_nocow_extent() (git-fixes).\n- btrfs: remove redundant path release when replaying a log tree (git-fixes).\n- btrfs: remove the snapshot check from check_committed_ref() (git-fixes).\n- btrfs: restore mount option info messages during mount (git-fixes).\n- btrfs: return a btrfs_inode from btrfs_iget_logging() (git-fixes).\n- btrfs: return a btrfs_inode from read_one_inode() (git-fixes).\n- btrfs: return any hit error from extent_writepage_io() (git-fixes).\n- btrfs: send: remove unnecessary inode lookup at send_encoded_inline_extent() (git-fixes).\n- btrfs: simplify arguments for btrfs_cross_ref_exist() (git-fixes).\n- btrfs: simplify early error checking in btrfs_page_mkwrite() (bsc#1247949).\n- btrfs: simplify error detection flow during log replay (git-fixes).\n- btrfs: simplify return logic at check_committed_ref() (git-fixes).\n- btrfs: subpage: fix the bitmap dump of the locked flags (git-fixes).\n- btrfs: tests: fix chunk map leak after failure to add it to the tree (git-fixes).\n- btrfs: tree-checker: fix the incorrect inode ref size check (git-fixes).\n- btrfs: unfold transaction aborts when replaying log trees (git-fixes).\n- btrfs: unify ordering of btrfs_key initializations (git-fixes).\n- btrfs: update superblock\u0027s device bytes_used when dropping chunk (git-fixes).\n- btrfs: use a single variable to track return value at btrfs_page_mkwrite() (bsc#1247949).\n- btrfs: use btrfs_record_snapshot_destroy() during rmdir (git-fixes).\n- btrfs: use filemap_get_folio() helper (git-fixes).\n- btrfs: use struct btrfs_inode inside btrfs_get_name() (git-fixes).\n- btrfs: use struct btrfs_inode inside btrfs_get_parent() (git-fixes).\n- btrfs: use struct btrfs_inode inside btrfs_remap_file_range() (git-fixes).\n- btrfs: use struct btrfs_inode inside btrfs_remap_file_range_prep() (git-fixes).\n- btrfs: use struct btrfs_inode inside create_pending_snapshot() (git-fixes).\n- btrfs: use verbose ASSERT() in volumes.c (bsc#1249038).\n- build_bug.h: Add KABI assert (bsc#1249186).\n- bus: firewall: Fix missing static inline annotations for stubs (git-fixes).\n- bus: fsl-mc: Check return value of platform_get_resource() (git-fixes).\n- bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint() (git-fixes).\n- bus: mhi: ep: Fix chained transfer handling in read path (git-fixes).\n- bus: mhi: host: Detect events pointing to unexpected TREs (git-fixes).\n- bus: mhi: host: Do not use uninitialized \u0027dev\u0027 pointer in mhi_init_irq_setup() (git-fixes).\n- bus: mhi: host: pci_generic: Fix the modem name of Foxconn T99W640 (git-fixes).\n- can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes).\n- can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled (stable-fixes).\n- can: hi311x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes).\n- can: j1939: implement NETDEV_UNREGISTER notification handler (git-fixes).\n- can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails (git-fixes).\n- can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed (git-fixes).\n- can: kvaser_pciefd: Store device channel index (git-fixes).\n- can: kvaser_usb: Assign netdev.dev_port based on device channel index (git-fixes).\n- can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow (git-fixes).\n- can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode (git-fixes).\n- can: peak_usb: fix USB FD devices potential malfunction (git-fixes).\n- can: peak_usb: fix shift-out-of-bounds issue (git-fixes).\n- can: rcar_can: rcar_can_resume(): fix s2ram with PSCI (stable-fixes).\n- can: rcar_canfd: Fix controller mode setting (stable-fixes).\n- can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow (git-fixes).\n- can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB (git-fixes).\n- cdc-acm: fix race between initial clearing halt and open (git-fixes).\n- cdc_ncm: Flag Intel OEM version of Fibocom L850-GL as WWAN (stable-fixes).\n- cdx: Fix off-by-one error in cdx_rpmsg_probe() (git-fixes).\n- cgroup/cpuset: Fix a partition error with CPU hotplug (bsc#1241166).\n- cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key (bsc#1241166).\n- cgroup: Add compatibility option for content of /proc/cgroups (jsc#PED-12405).\n- cgroup: Print message when /proc/cgroups is read on v2-only system (jsc#PED-12405).\n- cgroup: llist: avoid memory tears for llist_node (bsc#1247963).\n- cgroup: make css_rstat_updated nmi safe (bsc#1247963).\n- cgroup: remove per-cpu per-subsystem locks (bsc#1247963).\n- cgroup: support to enable nmi-safe css_rstat_updated (bsc#1247963).\n- char: misc: Fix improper and inaccurate error code returned by misc_init() (stable-fixes).\n- clk: at91: peripheral: fix return value (git-fixes).\n- clk: at91: sam9x7: update pll clk ranges (git-fixes).\n- clk: clk-axi-clkgen: fix fpfd_max frequency for zynq (git-fixes).\n- clk: davinci: Add NULL check in davinci_lpsc_clk_register() (git-fixes).\n- clk: imx95-blk-ctl: Fix synchronous abort (git-fixes).\n- clk: mediatek: clk-mux: Do not pass flags to clk_mux_determine_rate_flags() (git-fixes).\n- clk: mediatek: mt8195-infra_ao: Fix parent for infra_ao_hdmi_26m (git-fixes).\n- clk: qcom: common: Fix NULL vs IS_ERR() check in qcom_cc_icc_register() (git-fixes).\n- clk: qcom: gcc-ipq8074: fix broken freq table for nss_port6_tx_clk_src (git-fixes).\n- clk: qcom: tcsrcc-x1e80100: Set the bi_tcxo as parent to eDP refclk (git-fixes).\n- clk: renesas: cpg-mssr: Fix memory leak in cpg_mssr_reserved_init() (git-fixes).\n- clk: renesas: rzv2h: Fix missing CLK_SET_RATE_PARENT flag for ddiv clocks (git-fixes).\n- clk: samsung: exynos850: fix a comment (git-fixes).\n- clk: samsung: gs101: fix CLK_DOUT_CMU_G3D_BUSD (git-fixes).\n- clk: samsung: gs101: fix alternate mout_hsi0_usb20_ref parent clock (git-fixes).\n- clk: sunxi-ng: v3s: Fix de clock definition (git-fixes).\n- clk: tegra: do not overallocate memory for bpmp clocks (git-fixes).\n- clk: thead: th1520-ap: Correctly refer the parent of osc_12m (git-fixes).\n- clk: xilinx: vcu: unregister pll_post only if registered correctly (git-fixes).\n- comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() (git-fixes).\n- comedi: Make insn_rw_emulate_bits() do insn-\u003en samples (git-fixes).\n- comedi: fix race between polling and detaching (git-fixes).\n- comedi: pcl726: Prevent invalid irq number (git-fixes).\n- compiler-clang.h: define __SANITIZE_*__ macros only when undefined (stable-fixes).\n- compiler: remove __ADDRESSABLE_ASM{_STR,}() again (git-fixes).\n- config.sh: SLFO 1.2 branched in IBS\n- config: arm64: default: enable mtu3 dual-role support for MediaTek platforms (bsc#1245206)\n- coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes).\n- cpu: Define attack vectors (git-fixes).\n- cpufreq/amd-pstate: Fix a regression leading to EPP 0 after resume (git-fixes).\n- cpufreq/amd-pstate: Fix setting of CPPC.min_perf in active mode for performance governor (git-fixes).\n- cpufreq/sched: Explicitly synchronize limits_changed flag (git-fixes)\n- cpufreq/sched: Fix the usage of CPUFREQ_NEED_UPDATE_LIMITS (git-fixes)\n- cpufreq: Add SM8650 to cpufreq-dt-platdev blocklist (stable-fixes).\n- cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay (stable-fixes).\n- cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag (stable-fixes).\n- cpufreq: Exit governor when failed to start old governor (stable-fixes).\n- cpufreq: Init policy-\u003erwsem before it may be possibly used (git-fixes).\n- cpufreq: Initialize cpufreq-based frequency-invariance later (git-fixes).\n- cpufreq: Initialize cpufreq-based invariance before subsys (git-fixes).\n- cpufreq: Make drivers using CPUFREQ_ETERNAL specify transition latency (stable-fixes git-fixes).\n- cpufreq: Reference count policy in cpufreq_update_limits() (git-fixes).\n- cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() (stable-fixes).\n- cpufreq: armada-8k: make both cpu masks static (git-fixes).\n- cpufreq: cppc: Fix invalid return value in .get() callback (git-fixes).\n- cpufreq: governor: Fix negative \u0027idle_time\u0027 handling in dbs_update() (git-fixes).\n- cpufreq: intel_pstate: Add Granite Rapids support in no-HWP mode (stable-fixes).\n- cpufreq: intel_pstate: Always use HWP_DESIRED_PERF in passive mode (git-fixes).\n- cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (git-fixes).\n- cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode (git-fixes).\n- cpufreq: mediatek: fix device leak on probe failure (git-fixes).\n- cpufreq: scmi: Account for malformed DT in scmi_dev_used_by_cpus() (git-fixes).\n- cpufreq: scmi: Skip SCMI devices that are not used by the CPUs (stable-fixes).\n- cpufreq: scpi: compare kHz instead of Hz (git-fixes).\n- cpufreq: sun50i: prevent out-of-bounds access (git-fixes).\n- cpufreq: tegra186: Set target frequency for all cpus in policy (git-fixes).\n- cpufreq: tegra186: Share policy per cluster (stable-fixes).\n- cpupower: Fix a bug where the -t option of the set subcommand was not working (stable-fixes).\n- crypto: af_alg - Set merge to zero early in af_alg_sendmsg (git-fixes).\n- crypto: arm/aes-neonbs - work around gcc-15 warning (git-fixes).\n- crypto: aspeed - Fix dma_unmap_sg() direction (git-fixes).\n- crypto: atmel - Fix dma_unmap_sg() direction (git-fixes).\n- crypto: caam - Prevent crash on suspend with iMX8QM / iMX8ULP (git-fixes).\n- crypto: ccp - Add missing bootloader info reg for pspv6 (stable-fixes).\n- crypto: ccp - Fix crash when rebind ccp device for ccp.ko (git-fixes).\n- crypto: ccp - Fix locking on alloc failure handling (git-fixes).\n- crypto: essiv - Check ssize for decryption and in-place encryption (git-fixes).\n- crypto: hisilicon - re-enable address prefetch after device resuming (git-fixes).\n- crypto: hisilicon/hpre - fix dma unmap sequence (stable-fixes).\n- crypto: hisilicon/qm - check whether the input function and PF are on the same device (git-fixes).\n- crypto: hisilicon/qm - set NULL to qm-\u003edebug.qm_diff_regs (git-fixes).\n- crypto: hisilicon/zip - remove unnecessary validation for high-performance mode configurations (git-fixes).\n- crypto: img-hash - Fix dma_unmap_sg() nents value (git-fixes).\n- crypto: inside-secure - Fix `dma_unmap_sg()` nents value (git-fixes).\n- crypto: jitter - fix intermediary handling (stable-fixes).\n- crypto: keembay - Add missing check after sg_nents_for_len() (git-fixes).\n- crypto: keembay - Fix dma_unmap_sg() nents value (git-fixes).\n- crypto: marvell/cesa - Fix engine load inaccuracy (git-fixes).\n- crypto: octeontx2 - Call strscpy() with correct size argument (git-fixes).\n- crypto: octeontx2 - Fix address alignment issue on ucode loading (stable-fixes).\n- crypto: octeontx2 - Fix address alignment on CN10K A0/A1 and OcteonTX2 (stable-fixes).\n- crypto: octeontx2 - Fix address alignment on CN10KB and CN10KA-B0 (stable-fixes).\n- crypto: octeontx2 - add timeout for load_fvc completion poll (stable-fixes).\n- crypto: qat - allow enabling VFs in the absence of IOMMU (git-fixes).\n- crypto: qat - disable ZUC-256 capability for QAT GEN5 (git-fixes).\n- crypto: qat - fix DMA direction for compression on GEN2 devices (git-fixes).\n- crypto: qat - fix seq_file position update in adf_ring_next() (git-fixes).\n- crypto: qat - fix state restore for banks with exceptions (git-fixes).\n- crypto: qat - flush misc workqueue during device shutdown (git-fixes).\n- crypto: qat - lower priority for skcipher and aead algorithms (stable-fixes).\n- crypto: qat - use unmanaged allocation for dc_data (git-fixes).\n- crypto: rng - Ensure set_ent is always present (git-fixes).\n- crypto: rockchip - Fix dma_unmap_sg() nents value (git-fixes).\n- crypto: sun8i-ce - fix nents passed to dma_unmap_sg() (git-fixes).\n- devlink: Add support for u64 parameters (jsc#PED-13331).\n- devlink: avoid param type value translations (jsc#PED-13331).\n- devlink: define enum for attr types of dynamic attributes (jsc#PED-13331).\n- devlink: introduce devlink_nl_put_u64() (jsc#PED-13331).\n- devlink: let driver opt out of automatic phys_port_name generation (git-fixes).\n- dm-mpath: do not print the \"loaded\" message if registering fails (git-fixes).\n- dm-stripe: limit chunk_sectors to the stripe size (git-fixes).\n- dm-table: fix checking for rq stackable devices (git-fixes).\n- dm: Check for forbidden splitting of zone write operations (git-fixes).\n- dm: split write BIOs on zone boundaries when zone append is not emulated (git-fixes).\n- dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted (stable-fixes).\n- dmaengine: Fix dma_async_tx_descriptor-\u003etx_submit documentation (git-fixes).\n- dmaengine: dw-edma: Drop unused dchan2dev() and chan2dev() (git-fixes).\n- dmaengine: dw: dmamux: Fix device reference leak in rzn1_dmamux_route_allocate (git-fixes).\n- dmaengine: fsl-dpaa2-qdma: Drop unused mc_enc() (git-fixes).\n- dmaengine: idxd: Fix double free in idxd_setup_wqs() (git-fixes).\n- dmaengine: idxd: Fix refcount underflow on module unload (git-fixes).\n- dmaengine: idxd: Remove improper idxd_free (git-fixes).\n- dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status() (git-fixes).\n- dmaengine: mmp: Fix again Wvoid-pointer-to-enum-cast warning (git-fixes).\n- dmaengine: mv_xor: Fix missing check after DMA map and missing unmap (git-fixes).\n- dmaengine: nbpfaxi: Add missing check after DMA map (git-fixes).\n- dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees (git-fixes).\n- dmaengine: qcom: gpi: Drop unused gpi_write_reg_field() (git-fixes).\n- dmaengine: stm32-dma: configure next sg only if there are more than 2 sgs (stable-fixes).\n- dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (git-fixes).\n- docs: admin-guide: update to current minimum pipe size default (git-fixes).\n- dpll: Add basic Microchip ZL3073x support (jsc#PED-13331).\n- dpll: Make ZL3073X invisible (jsc#PED-13331).\n- dpll: zl3073x: Add support to get/set frequency on pins (jsc#PED-13331).\n- dpll: zl3073x: Add support to get/set priority on input pins (jsc#PED-13331).\n- dpll: zl3073x: Fetch invariants during probe (jsc#PED-13331).\n- dpll: zl3073x: Fix build failure (jsc#PED-13331).\n- dpll: zl3073x: Implement input pin selection in manual mode (jsc#PED-13331).\n- dpll: zl3073x: Implement input pin state setting in automatic mode (jsc#PED-13331).\n- dpll: zl3073x: Read DPLL types and pin properties from system firmware (jsc#PED-13331).\n- dpll: zl3073x: Register DPLL devices and pins (jsc#PED-13331).\n- dpll: zl3073x: ZL3073X_I2C and ZL3073X_SPI should depend on NET (jsc#PED-13331).\n- driver core/PM: Set power.no_callbacks along with power.no_pm (stable-fixes).\n- drivers/base/node: fix double free in register_one_node() (git-fixes).\n- drivers/base/node: handle error properly in register_one_node() (git-fixes).\n- drivers: base: handle module_kobject creation (git-fixes).\n- drm/amd : Update MES API header file for v11 \u0026 v12 (stable-fixes).\n- drm/amd/amdgpu: Declare isp firmware binary file (stable-fixes).\n- drm/amd/amdgpu: Fix missing error return on kzalloc failure (git-fixes).\n- drm/amd/amdgpu: Implement MES suspend/resume gang functionality for v12 (bsc#1243112).\n- drm/amd/amdgpu: disable hwmon power1_cap* for gfx 11.0.3 on vf mode (stable-fixes).\n- drm/amd/display: Add NULL check for stream before dereference in \u0027dm_vupdate_high_irq\u0027 (bsc#1243112).\n- drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs (git-fixes).\n- drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() (git-fixes).\n- drm/amd/display: Add primary plane to commits for correct VRR handling (stable-fixes).\n- drm/amd/display: Adjust DCE 8-10 clock, do not overclock by 15% (git-fixes).\n- drm/amd/display: Allow DCN301 to clear update flags (git-fixes).\n- drm/amd/display: Allow RX6xxx \u0026 RX7700 to invoke amdgpu_irq_get/put (git-fixes).\n- drm/amd/display: Avoid a NULL pointer dereference (stable-fixes).\n- drm/amd/display: Avoid configuring PSR granularity if PSR-SU not supported (stable-fixes).\n- drm/amd/display: Avoid trying AUX transactions on disconnected ports (stable-fixes).\n- drm/amd/display: Clear the CUR_ENABLE register on DCN314 w/out DPP PG (stable-fixes).\n- drm/amd/display: Default IPS to RCG_IN_ACTIVE_IPS2_IN_OFF (git-fixes).\n- drm/amd/display: Disable CRTC degamma LUT for DCN401 (stable-fixes).\n- drm/amd/display: Disable DPCD Probe Quirk (bsc#1248121).\n- drm/amd/display: Disable dsc_power_gate for dcn314 by default (stable-fixes).\n- drm/amd/display: Disable scaling on DCE6 for now (git-fixes).\n- drm/amd/display: Do not check for NULL divisor in fixpt code (git-fixes).\n- drm/amd/display: Do not overclock DCE 6 by 15% (git-fixes).\n- drm/amd/display: Do not overwrite dce60_clk_mgr (git-fixes).\n- drm/amd/display: Do not print errors for nonexistent connectors (git-fixes).\n- drm/amd/display: Do not warn when missing DCE encoder caps (stable-fixes).\n- drm/amd/display: Enable Dynamic DTBCLK Switch (bsc#1243112).\n- drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs (stable-fixes).\n- drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs (stable-fixes).\n- drm/amd/display: Fix \u0027failed to blank crtc!\u0027 (stable-fixes).\n- drm/amd/display: Fix DP audio DTO1 clock source on DCE 6 (stable-fixes).\n- drm/amd/display: Fix Xorg desktop unresponsive on Replay panel (stable-fixes).\n- drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 (git-fixes).\n- drm/amd/display: Fix mismatch type comparison (stable-fixes).\n- drm/amd/display: Fix vupdate_offload_work doc (bsc#1243112).\n- drm/amd/display: Free memory allocation (stable-fixes).\n- drm/amd/display: Init DCN35 clocks from pre-os HW values (git-fixes).\n- drm/amd/display: Initialize mode_select to 0 (stable-fixes).\n- drm/amd/display: Only finalize atomic_obj if it was initialized (stable-fixes).\n- drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 (git-fixes).\n- drm/amd/display: Properly disable scaling on DCE6 (git-fixes).\n- drm/amd/display: Remove redundant semicolons (git-fixes).\n- drm/amd/display: Separate set_gsl from set_gsl_source_select (stable-fixes).\n- drm/amd/display: Update DMCUB loading sequence for DCN3.5 (stable-fixes).\n- drm/amd/display: add workaround flag to link to force FFE preset (stable-fixes).\n- drm/amd/display: fix a Null pointer dereference vulnerability (stable-fixes).\n- drm/amd/display: fix dmub access race condition (bsc#1243112).\n- drm/amd/display: fix initial backlight brightness calculation (git-fixes).\n- drm/amd/display: limit clear_update_flags to dcn32 and above (stable-fixes).\n- drm/amd/display: more liberal vmin/vmax update for freesync (bsc#1243112).\n- drm/amd/display: remove output_tf_change flag (git-fixes).\n- drm/amd/display: use udelay rather than fsleep (git-fixes).\n- drm/amd/include : MES v11 and v12 API header update (stable-fixes).\n- drm/amd/include : Update MES v12 API for fence update (stable-fixes).\n- drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value (git-fixes).\n- drm/amd/pm: Adjust si_upload_smc_data register programming (v3) (git-fixes).\n- drm/amd/pm: Disable MCLK switching with non-DC at 120 Hz+ (v2) (git-fixes).\n- drm/amd/pm: Disable SCLK switching on Oland with high pixel clocks (v3) (git-fixes).\n- drm/amd/pm: Disable ULV even if unsupported (v3) (git-fixes).\n- drm/amd/pm: Fix si_upload_smc_data (v3) (git-fixes).\n- drm/amd/pm: Treat zero vblank time as too short in si_dpm (v3) (git-fixes).\n- drm/amd/pm: fix null pointer access (stable-fixes).\n- drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual (stable-fixes).\n- drm/amd: Avoid evicting resources at S5 (bsc#1243112).\n- drm/amd: Check whether secure display TA loaded successfully (bsc#1243112).\n- drm/amd: Fix hybrid sleep (bsc#1243112).\n- drm/amd: Only restore cached manual clock settings in restore if OD enabled (bsc#1243112).\n- drm/amd: Restore cached manual clock settings during resume (bsc#1243112).\n- drm/amd: Restore cached power limit during resume (stable-fixes).\n- drm/amdgpu/discovery: fix fw based ip discovery (git-fixes).\n- drm/amdgpu/discovery: optionally use fw based ip discovery (stable-fixes).\n- drm/amdgpu/gfx10: fix KGQ reset sequence (git-fixes).\n- drm/amdgpu/gfx10: fix kiq locking in KCQ reset (git-fixes).\n- drm/amdgpu/gfx9.4.3: fix kiq locking in KCQ reset (git-fixes).\n- drm/amdgpu/gfx9: fix kiq locking in KCQ reset (git-fixes).\n- drm/amdgpu/mes11: implement detect and reset callback (bsc#1243112).\n- drm/amdgpu/mes12: implement detect and reset callback (bsc#1243112).\n- drm/amdgpu/mes: add front end for detect and reset hung queue (bsc#1243112).\n- drm/amdgpu/mes: add missing locking in helper functions (stable-fixes).\n- drm/amdgpu/mes: enable compute pipes across all MEC (git-fixes).\n- drm/amdgpu/mes: optimize compute loop handling (stable-fixes).\n- drm/amdgpu/swm14: Update power limit logic (stable-fixes).\n- drm/amdgpu/vcn4: Fix IB parsing with multiple engine info packages (stable-fixes).\n- drm/amdgpu/vcn: Allow limiting ctx to instance 0 for AV1 at any time (stable-fixes).\n- drm/amdgpu/vcn: fix ref counting for ring based profile handling (git-fixes).\n- drm/amdgpu/vpe: cancel delayed work in hw_fini (bsc#1243112).\n- drm/amdgpu: Add additional DCE6 SCL registers (git-fixes).\n- drm/amdgpu: Avoid extra evict-restore process (stable-fixes).\n- drm/amdgpu: Avoid rma causes GPU duplicate reset (bsc#1243112).\n- drm/amdgpu: Enable MES lr_compute_wa by default (stable-fixes).\n- drm/amdgpu: Fix allocating extra dwords for rings (v2) (git-fixes).\n- drm/amdgpu: Fix for GPU reset being blocked by KIQ I/O (bsc#1243112).\n- drm/amdgpu: Increase reset counter only on success (stable-fixes).\n- drm/amdgpu: Initialize data to NULL in imu_v12_0_program_rlc_ram() (git-fixes).\n- drm/amdgpu: Power up UVD 3 for FW validation (v2) (git-fixes).\n- drm/amdgpu: Remove nbiov7.9 replay count reporting (git-fixes).\n- drm/amdgpu: Report individual reset error (bsc#1243112).\n- drm/amdgpu: Reset the clear flag in buddy during resume (git-fixes).\n- drm/amdgpu: Update external revid for GC v9.5.0 (stable-fixes).\n- drm/amdgpu: VCN v5_0_1 to prevent FW checking RB during DPG pause (stable-fixes).\n- drm/amdgpu: add kicker fws loading for gfx11/smu13/psp13 (stable-fixes).\n- drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities (stable-fixes).\n- drm/amdgpu: do not resume device in thaw for normal hibernation (bsc#1243112).\n- drm/amdgpu: drop hw access in non-DC audio fini (stable-fixes).\n- drm/amdgpu: fix a memory leak in fence cleanup when unloading (git-fixes).\n- drm/amdgpu: fix incorrect vm flags to map bo (git-fixes).\n- drm/amdgpu: fix link error for !PM_SLEEP (bsc#1243112).\n- drm/amdgpu: fix task hang from failed job submission during process kill (git-fixes).\n- drm/amdgpu: fix vram reservation issue (git-fixes).\n- drm/amdgpu: remove the redeclaration of variable i (git-fixes).\n- drm/amdgpu: update mmhub 3.0.1 client id mappings (stable-fixes).\n- drm/amdgpu: update mmhub 4.1.0 client id mappings (stable-fixes).\n- drm/amdkfd: Destroy KFD debugfs after destroy KFD wq (stable-fixes).\n- drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl() (git-fixes).\n- drm/amdkfd: Fix mmap write lock not release (bsc#1243112).\n- drm/ast: Use msleep instead of mdelay for edid read (git-fixes).\n- drm/bridge: fix OF node leak (git-fixes).\n- drm/bridge: it6505: select REGMAP_I2C (git-fixes).\n- drm/bridge: ti-sn65dsi86: Remove extra semicolon in ti_sn_bridge_probe() (git-fixes).\n- drm/bridge: ti-sn65dsi86: fix REFCLK setting (git-fixes).\n- drm/cirrus-qemu: Fix pitch programming (git-fixes).\n- drm/connector: hdmi: Evaluate limited range after computing format (git-fixes).\n- drm/dp: Add an EDID quirk for the DPCD register access probe (bsc#1248121).\n- drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS (stable-fixes).\n- drm/dp: Change AUX DPCD probe address from LANE0_1_STATUS to TRAINING_PATTERN_SET (bsc#1248121).\n- drm/edid: Add support for quirks visible to DRM core and drivers (bsc#1248121).\n- drm/edid: Define the quirks in an enum list (bsc#1248121).\n- drm/format-helper: Add conversion from XRGB8888 to BGR888 (stable-fixes).\n- drm/gem: Internally test import_attach for imported objects (git-fixes).\n- drm/gem: Test for imported GEM buffers with helper (stable-fixes).\n- drm/gma500: Fix null dereference in hdmi teardown (git-fixes).\n- drm/hisilicon/hibmc: fix the hibmc loaded failed bug (git-fixes).\n- drm/hisilicon/hibmc: fix the i2c device resource leak when vdac init failed (git-fixes).\n- drm/hisilicon/hibmc: refactored struct hibmc_drm_private (stable-fixes).\n- drm/i915/backlight: Return immediately when scale() finds invalid parameters (stable-fixes).\n- drm/i915/ddi: change intel_ddi_init_{dp, hdmi}_connector() return type (stable-fixes).\n- drm/i915/ddi: gracefully handle errors from intel_ddi_init_hdmi_connector() (stable-fixes).\n- drm/i915/ddi: only call shutdown hooks for valid encoders (stable-fixes).\n- drm/i915/display: Fix dma_fence_wait_timeout() return value handling (git-fixes).\n- drm/i915/display: add intel_encoder_is_hdmi() (stable-fixes).\n- drm/i915/dp: Fix 2.7 Gbps DP_LINK_BW value on g4x (git-fixes).\n- drm/i915/dp_mst: Work around Thunderbolt sink disconnect after SINK_COUNT_ESI read (stable-fixes).\n- drm/i915/hdmi: add error handling in g4x_hdmi_init() (stable-fixes).\n- drm/i915/hdmi: propagate errors from intel_hdmi_init_connector() (stable-fixes).\n- drm/i915/icl+/tc: Cache the max lane count value (stable-fixes).\n- drm/i915/icl+/tc: Convert AUX powered WARN to a debug message (stable-fixes).\n- drm/i915/power: fix size for for_each_set_bit() in abox iteration (git-fixes).\n- drm/imagination: Clear runtime PM errors while resetting the GPU (stable-fixes).\n- drm/mediatek: Add error handling for old state CRTC in atomic_disable (git-fixes).\n- drm/mediatek: Fix device/node reference count leaks in mtk_drm_get_all_drm_priv (git-fixes).\n- drm/mediatek: fix potential OF node use-after-free (git-fixes).\n- drm/msm/dp: account for widebus and yuv420 during mode validation (git-fixes).\n- drm/msm/dpu: Fill in min_prefill_lines for SC8180X (git-fixes).\n- drm/msm/dpu: fix incorrect type for ret (git-fixes).\n- drm/msm/kms: move snapshot init earlier in KMS init (git-fixes).\n- drm/msm: Add error handling for krealloc in metadata setup (stable-fixes).\n- drm/msm: Defer fd_install in SUBMIT ioctl (git-fixes).\n- drm/msm: update the high bitfield of certain DSI registers (git-fixes).\n- drm/msm: use trylock for debugfs (stable-fixes).\n- drm/nouveau/disp: Always accept linear modifier (git-fixes).\n- drm/nouveau/gsp: fix potential leak of memory used during acpi init (git-fixes).\n- drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor() (git-fixes).\n- drm/nouveau: fix bad ret code in nouveau_bo_move_prep (git-fixes).\n- drm/nouveau: fix error path in nvkm_gsp_fwsec_v2 (git-fixes).\n- drm/nouveau: fix typos in comments (git-fixes).\n- drm/nouveau: remove unused increment in gm200_flcn_pio_imem_wr (git-fixes).\n- drm/nouveau: remove unused memory target test (git-fixes).\n- drm/panel: novatek-nt35560: Fix invalid return value (git-fixes).\n- drm/panfrost: Fix panfrost device variable name in devfreq (git-fixes).\n- drm/panthor: Add missing explicit padding in drm_panthor_gpu_info (git-fixes).\n- drm/panthor: Defer scheduler entitiy destruction to queue release (git-fixes).\n- drm/panthor: Fix memory leak in panthor_ioctl_group_create() (git-fixes).\n- drm/panthor: validate group queue count (git-fixes).\n- drm/radeon/r600_cs: clean up of dead code in r600_cs (git-fixes).\n- drm/rcar-du: dsi: Fix 1/2/3 lane support (git-fixes).\n- drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed (git-fixes).\n- drm/sched: Remove optimization that causes hang when killing dependent jobs (git-fixes).\n- drm/simpledrm: Do not upcast in release helpers (git-fixes).\n- drm/tests: Fix endian warning (git-fixes).\n- drm/ttm: Respect the shrinker core free target (stable-fixes).\n- drm/ttm: Should to return the evict error (stable-fixes).\n- drm/vmwgfx: Fix Host-Backed userspace on Guest-Backed kernel (git-fixes).\n- drm/vmwgfx: Fix Use-after-free in validation (git-fixes).\n- drm/vmwgfx: Fix a null-ptr access in the cursor snooper (git-fixes).\n- drm/vmwgfx: Fix copy-paste typo in validation (git-fixes).\n- drm/xe/bmg: Add new PCI IDs (stable-fixes).\n- drm/xe/bmg: Add one additional PCI ID (stable-fixes).\n- drm/xe/bmg: Update Wa_22019338487 (git-fixes).\n- drm/xe/gsc: do not flush the GSC worker from the reset path (git-fixes).\n- drm/xe/hw_engine_group: Fix double write lock release in error path (git-fixes).\n- drm/xe/mocs: Initialize MOCS index early (stable-fixes).\n- drm/xe/pf: Move VFs reprovisioning to worker (stable-fixes).\n- drm/xe/pf: Prepare to stop SR-IOV support prior GT reset (git-fixes).\n- drm/xe/pf: Sanitize VF scratch registers on FLR (stable-fixes).\n- drm/xe/tile: Release kobject for the failure path (git-fixes).\n- drm/xe/uapi: Correct sync type definition in comments (git-fixes).\n- drm/xe/uapi: loosen used tracking restriction (git-fixes).\n- drm/xe/vf: Disable CSC support on VF (git-fixes).\n- drm/xe/vm: Clear the scratch_pt pointer on error (git-fixes).\n- drm/xe/xe_query: Use separate iterator while filling GT list (stable-fixes).\n- drm/xe/xe_sync: avoid race during ufence signaling (git-fixes).\n- drm/xe: Allow dropping kunit dependency as built-in (git-fixes).\n- drm/xe: Attempt to bring bos back to VRAM after eviction (git-fixes).\n- drm/xe: Carve out wopcm portion from the stolen memory (git-fixes).\n- drm/xe: Do not trigger rebind on initial dma-buf validation (git-fixes).\n- drm/xe: Ensure fixed_slice_mode gets set after ccs_mode change (git-fixes).\n- drm/xe: Fix a NULL vs IS_ERR() in xe_vm_add_compute_exec_queue() (git-fixes).\n- drm/xe: Fix build without debugfs (git-fixes).\n- drm/xe: Make dma-fences compliant with the safe access rules (stable-fixes).\n- drm/xe: Move page fault init after topology init (git-fixes).\n- drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ (git-fixes).\n- drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path (git-fixes).\n- drm: renesas: rz-du: mipi_dsi: Add min check for VCLK range (stable-fixes).\n- dt-bindings: dpll: Add DPLL device and pin (jsc#PED-13331).\n- dt-bindings: dpll: Add support for Microchip Azurite chip family (jsc#PED-13331).\n- e1000e: disregard NVM checksum on tgp when valid checksum bit is not set (git-fixes).\n- e1000e: ignore uninitialized checksum word on tgp (git-fixes).\n- efi: stmm: Fix incorrect buffer allocation method (git-fixes).\n- erofs: avoid reading more for fragment maps (git-fixes).\n- erofs: fix atomic context detection when !CONFIG_DEBUG_LOCK_ALLOC (git-fixes).\n- execmem: enforce allocation size aligment to PAGE_SIZE (git-fixes).\n- exfat: add cluster chain loop check for dir (git-fixes).\n- exfat: fdatasync flag should be same like generic_write_sync() (git-fixes).\n- ext4: fix checks for orphan inodes (bsc#1250119).\n- ext4: remove writable userspace mappings before truncating page cache (bsc#1247223).\n- fbcon: Fix OOB access in font allocation (git-fixes).\n- fbcon: Fix outdated registered_fb reference in comment (git-fixes).\n- fbcon: fix integer overflow in fbcon_do_set_font (git-fixes).\n- fbdev: Fix logic error in \"offb\" name match (git-fixes).\n- fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (stable-fixes).\n- fbdev: fix potential buffer overflow in do_register_framebuffer() (stable-fixes).\n- fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref (git-fixes).\n- fbdev: simplefb: Fix use after free in simplefb_detach_genpds() (git-fixes).\n- fgraph: Fix set_graph_notrace with setting TRACE_GRAPH_NOTRACE_BIT (git-fixes).\n- firewire: core: fix overlooked update of subsystem ABI version (git-fixes).\n- firewire: ohci: correct code comments about bus_reset tasklet (git-fixes).\n- firmware: arm_ffa: Change initcall level of ffa_init() to rootfs_initcall (stable-fixes).\n- firmware: arm_scmi: Convert to SYSTEM_SLEEP_PM_OPS (git-fixes).\n- firmware: arm_scmi: Fix up turbo frequencies selection (git-fixes).\n- firmware: arm_scmi: Mark VirtIO ready before registering scmi_virtio_driver (git-fixes).\n- firmware: arm_scmi: power_control: Ensure SCMI_SYSPOWER_IDLE is set early during resume (stable-fixes).\n- firmware: firmware: meson-sm: fix compile-test default (git-fixes).\n- firmware: meson_sm: fix device leak at probe (git-fixes).\n- firmware: tegra: Fix IVC dependency problems (stable-fixes).\n- flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read (git-fixes).\n- fs/nfs/io: make nfs_start_io_*() killable (git-fixes).\n- fs/proc/task_mmu: check p-\u003evec_buf for NULL (git-fixes).\n- fs/proc: Use inode_get_dev() for device numbers in procmap_query References: bsc#1246450\n- ftrace: Fix function profiler\u0027s filtering functionality (git-fixes).\n- ftrace: fix incorrect hash size in register_ftrace_direct() (git-fixes).\n- gfs2: Call gfs2_queue_verify_delete from gfs2_evict_inode (bsc#1247220).\n- gfs2: Clean up delete work processing (bsc#1247220).\n- gfs2: Faster gfs2_upgrade_iopen_glock wakeups (bsc#1247220).\n- gfs2: Initialize gl_no_formal_ino earlier (bsc#1247220).\n- gfs2: Minor delete_work_func cleanup (bsc#1247220).\n- gfs2: Only defer deletes when we have an iopen glock (bsc#1247220).\n- gfs2: Prevent inode creation race (2) (bsc#1247220).\n- gfs2: Prevent inode creation race (bsc#1247220).\n- gfs2: Randomize GLF_VERIFY_DELETE work delay (bsc#1247220).\n- gfs2: Rename GIF_{DEFERRED -\u003e DEFER}_DELETE (bsc#1247220).\n- gfs2: Rename dinode_demise to evict_behavior (bsc#1247220).\n- gfs2: Replace GIF_DEFER_DELETE with GLF_DEFER_DELETE (bsc#1247220).\n- gfs2: Return enum evict_behavior from gfs2_upgrade_iopen_glock (bsc#1247220).\n- gfs2: Simplify DLM_LKF_QUECVT use (bsc#1247220).\n- gfs2: Update to the evict / remote delete documentation (bsc#1247220).\n- gfs2: Use mod_delayed_work in gfs2_queue_try_to_evict (bsc#1247220).\n- gfs2: gfs2_evict_inode clarification (bsc#1247220).\n- gfs2: minor evict fix (bsc#1247220).\n- gfs2: skip if we cannot defer delete (bsc#1247220).\n- gpio: mlxbf2: use platform_get_irq_optional() (git-fixes).\n- gpio: mlxbf3: use platform_get_irq_optional() (git-fixes).\n- gpio: tps65912: check the return value of regmap_update_bits() (stable-fixes).\n- gpio: virtio: Fix config space reading (git-fixes).\n- gpio: wcd934x: check the return value of regmap_update_bits() (stable-fixes).\n- gpio: wcd934x: mark the GPIO controller as sleeping (git-fixes).\n- gpiolib: Extend software-node support to support secondary software-nodes (git-fixes).\n- gve: Fix stuck TX queue for DQ queue format (git-fixes).\n- gve: prevent ethtool ops after shutdown (git-fixes).\n- habanalabs: fix UAF in export_dmabuf() (git-fixes).\n- hid: fix I2C read buffer overflow in raw_event() for mcp2221 (stable-fixes).\n- hv_netvsc: Fix panic during namespace deletion with VF (bsc#1248111).\n- hv_netvsc: Link queues to NAPIs (git-fixes).\n- hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state (stable-fixes).\n- hwmon: (gsc-hwmon) fix fan pwm setpoint show functions (git-fixes).\n- hwmon: (mlxreg-fan) Separate methods of fan setting coming from different subsystems (git-fixes).\n- hwmon: mlxreg-fan: Prevent fans from getting stuck at 0 RPM (git-fixes).\n- hwrng: ks-sa - fix division by zero in ks_sa_rng_init (git-fixes).\n- hwrng: mtk - handle devm_pm_runtime_enable errors (git-fixes).\n- hwrng: nomadik - add ARM_AMBA dependency (git-fixes).\n- i2c: Force DLL0945 touchpad i2c freq to 100khz (stable-fixes).\n- i2c: designware: Add disabling clocks when probe fails (git-fixes).\n- i2c: designware: Add quirk for Intel Xe (stable-fixes).\n- i2c: designware: Fix clock issue when PM is disabled (git-fixes).\n- i2c: designware: Use temporary variable for struct device (stable-fixes).\n- i2c: i801: Hide Intel Birch Stream SoC TCO WDT (git-fixes).\n- i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD (git-fixes).\n- i2c: muxes: mule: Fix an error handling path in mule_i2c_mux_probe() (git-fixes).\n- i2c: omap: Add support for setting mux (stable-fixes).\n- i2c: omap: Fix an error handling path in omap_i2c_probe() (git-fixes).\n- i2c: omap: Handle omap_i2c_init() errors in omap_i2c_probe() (git-fixes).\n- i2c: omap: fix deprecated of_property_read_bool() use (git-fixes).\n- i2c: qup: jump out of the loop in case of timeout (git-fixes).\n- i2c: riic: Allow setting frequencies lower than 50KHz (git-fixes).\n- i2c: tegra: Fix reset error handling with ACPI (git-fixes).\n- i2c: tegra: Use internal reset when reset property is not available (bsc#1249143)\n- i2c: virtio: Avoid hang by using interruptible completion wait (git-fixes).\n- i3c: Fix default I2C adapter timeout value (git-fixes).\n- i3c: add missing include to internal header (stable-fixes).\n- i3c: do not fail if GETHDRCAP is unsupported (stable-fixes).\n- i3c: fix module_i3c_i2c_driver() with I3C=n (git-fixes).\n- i3c: master: Initialize ret in i3c_i2c_notifier_call() (stable-fixes).\n- i3c: master: svc: Recycle unused IBI slot (git-fixes).\n- i3c: master: svc: Use manual response for IBI events (git-fixes).\n- i40e: When removing VF MAC filters, only check PF-set MAC (git-fixes).\n- i40e: report VF tx_dropped with tx_errors instead of tx_discards (git-fixes).\n- ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof (git-fixes).\n- ice, irdma: fix an off by one in error handling code (bsc#1247712).\n- ice, irdma: move interrupts code to irdma (bsc#1247712).\n- ice/ptp: fix crosstimestamp reporting (git-fixes).\n- ice: Fix signedness bug in ice_init_interrupt_scheme() (bsc#1247712).\n- ice: Replace ice specific DSCP mapping num with a kernel define (jsc#PED-13728 jsc#PED-13762).\n- ice: check correct pointer in fwlog debugfs (git-fixes).\n- ice: count combined queues using Rx/Tx count (bsc#1247712).\n- ice: devlink PF MSI-X max and min parameter (bsc#1247712).\n- ice: do not leave device non-functional if Tx scheduler config fails (git-fixes).\n- ice: enable_rdma devlink param (bsc#1247712).\n- ice: fix NULL pointer dereference in ice_unplug_aux_dev() on reset (jsc#PED-13728).\n- ice: fix incorrect counter for buffer allocation failures (git-fixes).\n- ice: get rid of num_lan_msix field (bsc#1247712).\n- ice: init flow director before RDMA (bsc#1247712).\n- ice: remove splitting MSI-X between features (bsc#1247712).\n- ice: simplify VF MSI-X managing (bsc#1247712).\n- ice: treat dyn_allowed only as suggestion (bsc#1247712).\n- ice: use fixed adapter index for E825C embedded devices (git-fixes).\n- idpf: add PTP clock configuration (jsc#PED-13728 jsc#PED-13762).\n- idpf: add Tx timestamp capabilities negotiation (jsc#PED-13728 jsc#PED-13762).\n- idpf: add Tx timestamp flows (jsc#PED-13728 jsc#PED-13762).\n- idpf: add cross timestamping (jsc#PED-13728).\n- idpf: add flow steering support (jsc#PED-13728).\n- idpf: add initial PTP support (jsc#PED-13728 jsc#PED-13762).\n- idpf: add mailbox access to read PTP clock time (jsc#PED-13728 jsc#PED-13762).\n- idpf: add support for Rx timestamping (jsc#PED-13728 jsc#PED-13762).\n- idpf: add support for Tx refillqs in flow scheduling mode (jsc#PED-13728).\n- idpf: assign extracted ptype to struct libeth_rqe_info field (jsc#PED-13728 jsc#PED-13762).\n- idpf: change the method for mailbox workqueue allocation (jsc#PED-13728 jsc#PED-13762).\n- idpf: fix UAF in RDMA core aux dev deinitialization (jsc#PED-13728).\n- idpf: implement IDC vport aux driver MTU change handler (jsc#PED-13728 jsc#PED-13762).\n- idpf: implement RDMA vport auxiliary dev create, init, and destroy (jsc#PED-13728 jsc#PED-13762).\n- idpf: implement core RDMA auxiliary dev create, init, and destroy (jsc#PED-13728 jsc#PED-13762).\n- idpf: implement get LAN MMIO memory regions (jsc#PED-13728 jsc#PED-13762).\n- idpf: implement remaining IDC RDMA core callbacks and handlers (jsc#PED-13728 jsc#PED-13762).\n- idpf: improve when to set RE bit logic (jsc#PED-13728).\n- idpf: move virtchnl structures to the header file (jsc#PED-13728 jsc#PED-13762).\n- idpf: negotiate PTP capabilities and get PTP clock (jsc#PED-13728 jsc#PED-13762).\n- idpf: preserve coalescing settings across resets (jsc#PED-13728).\n- idpf: remove obsolete stashing code (jsc#PED-13728).\n- idpf: remove unreachable code from setting mailbox (jsc#PED-13728 jsc#PED-13762).\n- idpf: replace flow scheduling buffer ring with buffer pool (jsc#PED-13728).\n- idpf: set mac type when adding and removing MAC filters (jsc#PED-13728).\n- idpf: simplify and fix splitq Tx packet rollback error path (jsc#PED-13728).\n- idpf: stop Tx if there are insufficient buffer resources (jsc#PED-13728).\n- idpf: use reserved RDMA vectors from control plane (jsc#PED-13728 jsc#PED-13762).\n- igb: xsk: solve negative overflow of nb_pkts in zerocopy mode (git-fixes).\n- igc: disable L1.2 PCI-E link substate to avoid performance issue (git-fixes).\n- igc: fix disabling L1.2 PCI-E link substate on I226 on init (git-fixes).\n- iidc/ice/irdma: Break iidc.h into two headers (jsc#PED-13728 jsc#PED-13762).\n- iidc/ice/irdma: Rename IDC header file (jsc#PED-13728 jsc#PED-13762).\n- iidc/ice/irdma: Rename to iidc_* convention (jsc#PED-13728 jsc#PED-13762).\n- iidc/ice/irdma: Update IDC to support multiple consumers (jsc#PED-13728 jsc#PED-13762).\n- iio/adc/pac1934: fix channel disable configuration (git-fixes).\n- iio: accel: adxl355: Make timestamp 64-bit aligned using aligned_s64 (git-fixes).\n- iio: accel: fxls8962af: Fix temperature calculation (git-fixes).\n- iio: adc: ad7173: fix setting ODR in probe (git-fixes).\n- iio: adc: ad7266: Fix potential timestamp alignment issue (git-fixes).\n- iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement (stable-fixes).\n- iio: adc: ad7768-1: Fix insufficient alignment of timestamp (git-fixes).\n- iio: adc: ad_sigma_delta: change to buffer predisable (git-fixes).\n- iio: adc: ad_sigma_delta: do not overallocate scan buffer (stable-fixes).\n- iio: adc: dln2: Use aligned_s64 for timestamp (git-fixes).\n- iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] (stable-fixes).\n- iio: adc: max1363: Reorder mode_list[] entries (stable-fixes).\n- iio: chemical: pms7003: use aligned_s64 for timestamp (git-fixes).\n- iio: chemical: sps30: use aligned_s64 for timestamp (git-fixes).\n- iio: common: st_sensors: Fix use of uninitialize device structs (stable-fixes).\n- iio: consumers: Fix handling of negative channel scale in iio_convert_raw_to_processed() (git-fixes).\n- iio: consumers: Fix offset handling in iio_convert_raw_to_processed() (git-fixes).\n- iio: dac: ad5360: use int type to store negative error codes (git-fixes).\n- iio: dac: ad5421: use int type to store negative error codes (git-fixes).\n- iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE (git-fixes).\n- iio: frequency: adf4350: Fix prescaler usage (git-fixes).\n- iio: hid-sensor-prox: Fix incorrect OFFSET calculation (git-fixes).\n- iio: hid-sensor-prox: Restore lost scale assignments (git-fixes).\n- iio: imu: bno055: fix OOB access of hw_xlate array (git-fixes).\n- iio: imu: inv_icm42600: Convert to uXX and sXX integer types (stable-fixes).\n- iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume (git-fixes).\n- iio: imu: inv_icm42600: change invalid data error to -EBUSY (git-fixes).\n- iio: imu: inv_icm42600: fix spi burst write not supported (git-fixes).\n- iio: imu: inv_icm42600: switch timestamp type from int64_t __aligned(8) to aligned_s64 (stable-fixes).\n- iio: imu: inv_icm42600: use = { } instead of memset() (stable-fixes).\n- iio: light: Use aligned_s64 instead of open coding alignment (stable-fixes).\n- iio: light: as73211: Ensure buffer holes are zeroed (git-fixes).\n- iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe() (git-fixes).\n- iio: pressure: mprls0025pa: use aligned_s64 for timestamp (git-fixes).\n- iio: proximity: isl29501: fix buffered read on big-endian systems (git-fixes).\n- iio: temperature: maxim_thermocouple: use DMA-safe buffer for spi_read() (git-fixes).\n- iio: xilinx-ams: Fix AMS_ALARM_THR_DIRECT_MASK (git-fixes).\n- iio: xilinx-ams: Unmask interrupts after updating alarms (git-fixes).\n- integrity/platform_certs: Allow loading of keys in the static key management mode (jsc#PED-13345 jsc#PED-13343).\n- intel_idle: Provide the default enter_dead() handler (jsc#PED-13815).\n- intel_idle: Rescan \"dead\" SMT siblings during initialization (jsc#PED-13815).\n- intel_idle: Use subsys_initcall_sync() for initialization (jsc#PED-13815).\n- interconnect: qcom: sc8180x: specify num_nodes (git-fixes).\n- interconnect: qcom: sc8280xp: specify num_links for qnm_a1noc_cfg (git-fixes).\n- io_uring/rw: do not mask in f_iocb_flags (jsc#PED-12882 bsc#1237542). Drop blacklisting.\n- io_uring: expose read/write attribute capability (jsc#PED-12882 bsc#1237542).\n- io_uring: fix potential page leak in io_sqe_buffer_register() (git-fixes).\n- iommu/amd: Enable PASID and ATS capabilities in the correct order (git-fixes).\n- iommu/amd: Fix alias device DTE setting (git-fixes).\n- iommu/amd: Fix geometry.aperture_end for V2 tables (git-fixes).\n- iommu/arm-smmu-qcom: Add SM6115 MDSS compatible (git-fixes).\n- iommu/arm-smmu-v3: Fix smmu_domain-\u003enr_ats_masters decrement (git-fixes).\n- iommu/tegra241-cmdqv: Read SMMU IDR1.CMDQS instead of hardcoding (git-fixes).\n- iommu/vt-d: Disallow dirty tracking if incoherent page walk (git-fixes).\n- iommu/vt-d: Fix __domain_mapping()\u0027s usage of switch_to_super_page() (git-fixes).\n- iommu/vt-d: Fix missing PASID in dev TLB flush with cache_tag_flush_all (git-fixes).\n- iommu/vt-d: Fix possible circular locking dependency (git-fixes).\n- iommu/vt-d: Fix system hang on reboot -f (git-fixes).\n- iommu/vt-d: PRS isn\u0027t usable if PDS isn\u0027t supported (git-fixes).\n- iommu: Handle race with default domain setup (git-fixes).\n- iosys-map: Fix undefined behavior in iosys_map_clear() (git-fixes).\n- ipmi: Fix strcpy source and destination the same (stable-fixes).\n- ipmi: Use dev_warn_ratelimited() for incorrect message warnings (stable-fixes).\n- ipv6: annotate data-races around rt-\u003efib6_nsiblings (git-fixes).\n- ipv6: fix possible infinite loop in fib6_info_uses_dev() (git-fixes).\n- ipv6: prevent infinite loop in rt6_nlmsg_size() (git-fixes).\n- ipv6: reject malicious packets in ipv6_gso_segment() (git-fixes).\n- ipvs: Fix clamp() of ip_vs_conn_tab on small memory systems (git-fixes).\n- irdma: free iwdev-\u003erf after removing MSI-X (bsc#1247712).\n- isolcpus: add missing hunk back (bsc#1236897 bsc#1249206).\n- iwlwifi: Add missing check for alloc_ordered_workqueue (git-fixes).\n- ixgbe: fix ixgbe_orom_civd_info struct layout (bsc#1245410).\n- ixgbe: prevent from unwanted interface name changes (git-fixes).\n- ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc (git-fixes).\n- kABI fix after Add TDX support for vSphere (jsc#PED-13302).\n- kABI fix after KVM: SVM: Fix SNP AP destroy race with VMRUN (git-fixes).\n- kABI fix after KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest (git-fixes).\n- kABI fix after KVM: x86: Convert vcpu_run()\u0027s immediate exit param into a generic bitmap (git-fixes).\n- kABI fix after vhost: Reintroduce kthread API and add mode selection (git-fixes).\n- kABI workaround for \"drm/dp: Add an EDID quirk for the DPCD register access probe\" (bsc#1248121).\n- kABI workaround for amd_sfh (git-fixes).\n- kABI workaround for drm_gem.h (git-fixes).\n- kABI workaround for struct mtk_base_afe changes (git-fixes).\n- kABI: Fix the module::name type in audit_context (git-fixes).\n- kABI: PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (git-fixes).\n- kABI: arm64: ftrace: Restore struct mod_arch_specific layout (git-fixes).\n- kABI: fix for struct devlink_port_attrs: move new member to the end (git-fixes).\n- kABI: netfilter: supress warnings for nft_set_ops (git-fixes).\n- kABI: x86/sev: Use TSC_FACTOR for Secure TSC frequency calculation (git-fixes).\n- kabi/severities: ignore kABI compatibility in iio inv_icm42600 drivers They are used only locally\n- kabi/severities: ignore two unused/dropped symbols from MEI\n- kabi: Hide adding of u64 to devlink_param_type (jsc#PED-12745).\n- kabi: Restore layout of parallel_data (bsc1248343).\n- kabi: restore layout of struct cgroup_rstat_cpu (bsc#1247963).\n- kasan: use vmalloc_dump_obj() for vmalloc error reports (git-fixes).\n- kbuild/modpost: Continue processing all unresolved symbols when KLP_SYM_RELA is found (bsc#1218644, bsc#1250655).\n- kbuild: rust: add rustc-min-version support function (git-fixes)\n- kernel-binary: Another installation ordering fix (bsc#1241353).\n- kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346)\n- kernel: globalize lookup_or_create_module_kobject() (stable-fixes).\n- kernel: param: rename locate_module_kobject (stable-fixes).\n- leds: flash: leds-qcom-flash: Fix registry access after re-bind (git-fixes).\n- leds: flash: leds-qcom-flash: Update torch current clamp setting (git-fixes).\n- leds: leds-lp50xx: Handle reg to get correct multi_index (stable-fixes).\n- leds: leds-lp55xx: Use correct address for memory programming (git-fixes).\n- lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() (bsc#1236897).\n- libbpf: Add identical pointer detection to btf_dedup_is_equiv() (git-fixes).\n- libeth: move idpf_rx_csum_decoded and idpf_rx_extracted (jsc#PED-13728 jsc#PED-13762).\n- livepatch: Add stack_order sysfs attribute (poo#187320).\n- loop: use kiocb helpers to fix lockdep warning (git-fixes).\n- lpfc: do not use file-\u003ef_path.dentry for comparisons (bsc#1250519).\n- mISDN: Fix memory leak in dsp_hwec_enable() (git-fixes).\n- mISDN: hfcpci: Fix warning when deleting uninitialized timer (git-fixes).\n- mailbox: Not protect module_put with spin_lock_irqsave (stable-fixes).\n- mailbox: mtk-cmdq: Remove pm_runtime APIs from cmdq_mbox_send_data() (git-fixes).\n- mailbox: pcc: Always clear the platform ack interrupt first (stable-fixes).\n- mailbox: pcc: Fix the possible race in updation of chan_in_use flag (stable-fixes).\n- mailbox: pcc: Use acpi_os_ioremap() instead of ioremap() (stable-fixes).\n- mailbox: zynqmp-ipi: Fix SGI cleanup on unbind (git-fixes).\n- mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop (git-fixes).\n- mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes (git-fixes).\n- mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call (git-fixes).\n- maple_tree: fix MAPLE_PARENT_RANGE32 and parent pointer docs (git-fixes).\n- maple_tree: fix status setup on restore to active (git-fixes).\n- maple_tree: fix testing for 32 bit builds (git-fixes).\n- mctp: no longer rely on net-\u003edev_index_head (git-fixes).\n- md/raid1,raid10: strip REQ_NOWAIT from member bios (git-fixes).\n- md: allow removing faulty rdev during resync (git-fixes).\n- md: dm-zoned-target: Initialize return variable r to avoid uninitialized use (git-fixes).\n- md: make rdev_addable usable for rcu mode (git-fixes).\n- media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove (git-fixes).\n- media: cec: extron-da-hd-4k-plus: drop external-module make commands (git-fixes).\n- media: cx18: Add missing check after DMA map (git-fixes).\n- media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() (stable-fixes).\n- media: dvb-frontends: w7090p: fix null-ptr-deref in\n w7090p_tuner_write_serpar and w7090p_tuner_read_serpar (stable-fixes).\n- media: gspca: Add bounds checking to firmware parser (git-fixes).\n- media: hi556: Fix reset GPIO timings (stable-fixes).\n- media: hi556: correct the test pattern configuration (git-fixes).\n- media: i2c: mt9v111: fix incorrect type for ret (git-fixes).\n- media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe (git-fixes).\n- media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() (git-fixes).\n- media: ipu-bridge: Add _HID for OV5670 (stable-fixes).\n- media: ipu6: isys: Use correct pads for xlate_streams() (git-fixes).\n- media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls (git-fixes).\n- media: lirc: Fix error handling in lirc_register() (git-fixes).\n- media: mc: Fix MUST_CONNECT handling for pads with no links (git-fixes).\n- media: mt9m114: Fix deadlock in get_frame_interval/set_frame_interval (git-fixes).\n- media: ov2659: Fix memory leaks in ov2659_probe() (git-fixes).\n- media: pci: ivtv: Add missing check after DMA map (git-fixes).\n- media: pci: mg4b: fix uninitialized iio scan data (git-fixes).\n- media: pisp_be: Fix pm_runtime underrun in probe (git-fixes).\n- media: qcom: camss: cleanup media device allocated resource on error path (git-fixes).\n- media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() (git-fixes).\n- media: rc: fix races with imon_disconnect() (git-fixes).\n- media: rj54n1cb0c: Fix memleak in rj54n1_probe() (git-fixes).\n- media: s5p-mfc: remove an unused/uninitialized variable (git-fixes).\n- media: st-delta: avoid excessive stack usage (git-fixes).\n- media: tc358743: Check I2C succeeded during probe (stable-fixes).\n- media: tc358743: Increase FIFO trigger level to 374 (stable-fixes).\n- media: tc358743: Return an appropriate colorspace from tc358743_set_fmt (stable-fixes).\n- media: ti: j721e-csi2rx: Fix source subdev link creation (git-fixes).\n- media: ti: j721e-csi2rx: Use devm_of_platform_populate (git-fixes).\n- media: ti: j721e-csi2rx: fix list_del corruption (git-fixes).\n- media: tuner: xc5000: Fix use-after-free in xc5000_release (git-fixes).\n- media: usb: hdpvr: disable zero-length read messages (stable-fixes).\n- media: usbtv: Lock resolution while streaming (git-fixes).\n- media: uvcvideo: Add quirk for HP Webcam HD 2300 (stable-fixes).\n- media: uvcvideo: Do not mark valid metadata as invalid (git-fixes).\n- media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() (git-fixes).\n- media: uvcvideo: Fix bandwidth issue for Alcor camera (stable-fixes).\n- media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID (git-fixes).\n- media: uvcvideo: Rollback non processed entities on error (git-fixes).\n- media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control (stable-fixes).\n- media: v4l2-ctrls: Do not reset handler\u0027s error in v4l2_ctrl_handler_free() (git-fixes).\n- media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check (git-fixes).\n- media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() (git-fixes).\n- media: v4l2: Add support for NV12M tiled variants to v4l2_format_info() (git-fixes).\n- media: venus: Add a check for packet size after reading from shared memory (git-fixes).\n- media: venus: Fix MSM8998 frequency table (git-fixes).\n- media: venus: Fix OOB read due to missing payload bound check (git-fixes).\n- media: venus: firmware: Use correct reset sequence for IRIS2 (git-fixes).\n- media: venus: hfi: explicitly release IRQ during teardown (git-fixes).\n- media: venus: protect against spurious interrupts during probe (git-fixes).\n- media: venus: vdec: Clamp param smaller than 1fps and bigger than 240 (git-fixes).\n- media: venus: venc: Clamp param smaller than 1fps and bigger than 240 (git-fixes).\n- media: verisilicon: Fix AV1 decoder clock frequency (git-fixes).\n- media: vivid: fix wrong pixel_array control size (git-fixes).\n- media: zoran: Remove zoran_fh structure (git-fixes).\n- mei: bus: Check for still connected devices in mei_cl_bus_dev_release() (stable-fixes).\n- mei: vsc: Destroy mutex after freeing the IRQ (git-fixes).\n- mei: vsc: Do not re-init VSC from mei_vsc_hw_reset() on stop (git-fixes).\n- mei: vsc: Drop unused vsc_tp_request_irq() and vsc_tp_free_irq() (stable-fixes).\n- mei: vsc: Event notifier fixes (git-fixes).\n- mei: vsc: Fix \"BUG: Invalid wait context\" lockdep error (git-fixes).\n- mei: vsc: Run event callback from a workqueue (git-fixes).\n- mei: vsc: Unset the event callback on remove and probe errors (git-fixes).\n- memory: mtk-smi: Add ostd setting for mt8186 (git-fixes).\n- memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe (git-fixes).\n- memstick: Fix deadlock by moving removing flag earlier (git-fixes).\n- mfd: axp20x: Set explicit ID for AXP313 regulator (stable-fixes).\n- mfd: cros_ec: Separate charge-control probing from USB-PD (git-fixes).\n- mfd: exynos-lpass: Fix another error handling path in exynos_lpass_probe() (git-fixes).\n- mfd: rz-mtu3: Fix MTU5 NFCR register offset (git-fixes).\n- mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() (git-fixes).\n- microchip: lan865x: Fix LAN8651 autoloading (git-fixes).\n- microchip: lan865x: Fix module autoloading (git-fixes).\n- microchip: lan865x: fix missing Timer Increment config for Rev.B0/B1 (git-fixes).\n- microchip: lan865x: fix missing netif_start_queue() call on device open (git-fixes).\n- misc: fastrpc: Fix fastrpc_map_lookup operation (git-fixes).\n- misc: fastrpc: Save actual DMA size in fastrpc_map structure (git-fixes).\n- misc: fastrpc: Skip reference for DMA handles (git-fixes).\n- misc: fastrpc: fix possible map leak in fastrpc_put_args (git-fixes).\n- misc: genwqe: Fix incorrect cmd field being reported in error (git-fixes).\n- misc: pci_endpoint_test: Fix \u0027irq_type\u0027 to convey the correct type (git-fixes).\n- misc: pci_endpoint_test: Give disabled BARs a distinct error code (stable-fixes).\n- misc: rtsx: usb: Ensure mmc child device is active when card is present (git-fixes).\n- mm/damon/core: avoid destroyed target reference from DAMOS quota (git-fixes).\n- mm/damon/core: prevent unnecessary overflow in damos_set_effective_quota() (git-fixes).\n- mm/damon/core: set quota-\u003echarged_from to jiffies at first charge window (git-fixes).\n- mm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters() (git-fixes).\n- mm/damon/ops-common: ignore migration request to invalid nodes (git-fixes).\n- mm/damon/reclaim: avoid divide-by-zero in damon_reclaim_apply_parameters() (git-fixes).\n- mm/damon/sysfs: fix use-after-free in state_show() (git-fixes).\n- mm/memory-failure: fix redundant updates for already poisoned pages (bsc#1250087).\n- mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() (git-fixes)\n- mm/userfaultfd: fix kmap_local LIFO ordering for CONFIG_HIGHPTE (git-fixes).\n- mm: close theoretical race where stale TLB entries could linger (git-fixes).\n- mm: fault in complete folios instead of individual pages for tmpfs (git-fixes).\n- mm: fix the inaccurate memory statistics issue for users (bsc#1244723).\n- mm: introduce and use {pgd,p4d}_populate_kernel() (git-fixes).\n- mm: khugepaged: fix call hpage_collapse_scan_file() for anonymous vma (git-fixes).\n- mm: memory-tiering: fix PGPROMOTE_CANDIDATE counting (bsc#1245630).\n- mm: memory-tiering: fix PGPROMOTE_CANDIDATE counting - kabi (bsc#1245630).\n- mm: move page table sync declarations to linux/pgtable.h (git-fixes).\n- mm: swap: fix potential buffer overflow in setup_clusters() (git-fixes).\n- mmc: core: Fix variable shadowing in mmc_route_rpmb_frames() (git-fixes).\n- mmc: mvsdio: Fix dma_unmap_sg() nents value (git-fixes).\n- mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() (stable-fixes).\n- mmc: sdhci-cadence: add Mobileye eyeQ support (stable-fixes).\n- mmc: sdhci-msm: Ensure SD card power isn\u0027t ON when card removed (stable-fixes).\n- mmc: sdhci-of-arasan: Ensure CD logic stabilization before power-up (stable-fixes).\n- mmc: sdhci-of-arasan: Support for emmc hardware reset (stable-fixes).\n- mmc: sdhci-pci-gli: Add a new function to simplify the code (git-fixes).\n- mmc: sdhci-pci-gli: GL9763e: Mask the replay timer timeout of AER (git-fixes).\n- mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency (git-fixes).\n- mmc: sdhci_am654: Disable HS400 for AM62P SR1.0 and SR1.1 (git-fixes).\n- module: Fix memory deallocation on error path in move_module() (git-fixes).\n- module: Prevent silent truncation of module name in delete_module(2) (git-fixes).\n- module: Remove unnecessary +1 from last_unloaded_module::name size (git-fixes).\n- module: Restore the moduleparam prefix length check (git-fixes).\n- most: core: Drop device reference after usage in get_channel() (git-fixes).\n- mptcp: fix spurious wake-up on under memory pressure (git-fixes).\n- mtd: fix possible integer overflow in erase_xfer() (git-fixes).\n- mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing (git-fixes).\n- mtd: rawnand: atmel: Fix dma_mapping_error() address (git-fixes).\n- mtd: rawnand: atmel: Fix error handling path in atmel_nand_controller_add_nands (git-fixes).\n- mtd: rawnand: atmel: set pmecc data setup time (git-fixes).\n- mtd: rawnand: fsmc: Add missing check after DMA map (git-fixes).\n- mtd: rawnand: omap2: fix device leak on probe failure (git-fixes).\n- mtd: rawnand: qcom: Fix last codeword read in qcom_param_page_type_exec() (git-fixes).\n- mtd: rawnand: renesas: Add missing check after DMA map (git-fixes).\n- mtd: rawnand: rockchip: Add missing check after DMA map (git-fixes).\n- mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer (git-fixes).\n- mtd: rawnand: stm32_fmc2: fix ECC overwrite (git-fixes).\n- mtd: spi-nor: Fix spi_nor_try_unlock_all() (git-fixes).\n- mtd: spi-nor: spansion: Fixup params-\u003eset_4byte_addr_mode for SEMPER (git-fixes).\n- mtd: spinand: propagate spinand_wait() errors from spinand_write_page() (git-fixes).\n- mwl8k: Add missing check after DMA map (git-fixes).\n- neighbour: Fix null-ptr-deref in neigh_flush_dev() (git-fixes).\n- net/mlx5: Base ECVF devlink port attrs from 0 (git-fixes).\n- net/mlx5: CT: Use the correct counter offset (git-fixes).\n- net/mlx5: Check device memory pointer before usage (git-fixes).\n- net/mlx5: Correctly set gso_segs when LRO is used (git-fixes).\n- net/mlx5: Correctly set gso_size when LRO is used (git-fixes).\n- net/mlx5: E-Switch, Fix peer miss rules to use peer eswitch (git-fixes).\n- net/mlx5: Fix lockdep assertion on sync reset unload event (git-fixes).\n- net/mlx5: Fix memory leak in cmd_exec() (git-fixes).\n- net/mlx5: HWS, Fix memory leak in hws_action_get_shared_stc_nic error flow (git-fixes).\n- net/mlx5: HWS, Fix pattern destruction in mlx5hws_pat_get_pattern error path (git-fixes).\n- net/mlx5: HWS, fix bad parameter in CQ creation (git-fixes).\n- net/mlx5: Nack sync reset when SFs are present (git-fixes).\n- net/mlx5: Prevent flow steering mode changes in switchdev mode (git-fixes).\n- net/mlx5: Reload auxiliary drivers on fw_activate (git-fixes).\n- net/mlx5e: Add new prio for promiscuous mode (git-fixes).\n- net/mlx5e: Clear Read-Only port buffer size in PBMC before update (git-fixes).\n- net/mlx5e: Preserve shared buffer capacity during headroom updates (git-fixes).\n- net/mlx5e: Remove skb secpath if xfrm state is not found (git-fixes).\n- net/mlx5e: Set local Xoff after FW update (git-fixes).\n- net/mlx5e: Update and set Xon/Xoff upon MTU set (git-fixes).\n- net/mlx5e: Update and set Xon/Xoff upon port speed set (git-fixes).\n- net/packet: fix a race in packet_set_ring() and packet_notifier() (git-fixes).\n- net/sched: Restrict conditions for adding duplicating netems to qdisc tree (git-fixes).\n- net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing (git-fixes).\n- net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (git-fixes).\n- net/sched: taprio: enforce minimum value for picos_per_byte (git-fixes).\n- net/smc: check sndbuf_space again after NOSPACE flag is set in smc_poll (git-fixes).\n- net: 802: LLC+SNAP OID:PID lookup on start of skb data (git-fixes).\n- net: dsa: restore dsa_software_vlan_untag() ability to operate on VLAN-untagged traffic (git-fixes).\n- net: dsa: tag_ocelot_8021q: fix broken reception (git-fixes).\n- net: hsr: fix fill_frame_info() regression vs VLAN packets (git-fixes).\n- net: hsr: fix hsr_init_sk() vs network/transport headers (git-fixes).\n- net: hv_netvsc: fix loss of early receive events from host during channel open (git-fixes).\n- net: ieee8021q: fix insufficient table-size assertion (stable-fixes).\n- net: llc: reset skb-\u003etransport_header (git-fixes).\n- net: mana: Add handler for hardware servicing events (bsc#1245730).\n- net: mana: Add speed support in mana_get_link_ksettings (bsc#1245726).\n- net: mana: Add support for net_shaper_ops (bsc#1245726).\n- net: mana: Allocate MSI-X vectors dynamically (bsc#1245457).\n- net: mana: Allow irq_setup() to skip cpus for affinity (bsc#1245457).\n- net: mana: Expose additional hardware counters for drop and TC via ethtool (bsc#1245729).\n- net: mana: Fix build errors when CONFIG_NET_SHAPER is disabled (gix-fixes).\n- net: mana: Fix potential deadlocks in mana napi ops (bsc#1245726).\n- net: mana: Handle Reset Request from MANA NIC (bsc#1245728).\n- net: mana: Handle unsupported HWC commands (bsc#1245726).\n- net: mana: Set tx_packets to post gso processing packet count (bsc#1245731).\n- net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754).\n- net: mana: explain irq_setup() algorithm (bsc#1245457).\n- net: mana: fix spelling for mana_gd_deregiser_irq() (git-fixes).\n- net: mctp: handle skb cleanup on sock_queue failures (git-fixes).\n- net: mdio: mdio-bcm-unimac: Correct rate fallback logic (git-fixes).\n- net: nfc: nci: Add parameter validation for packet data (git-fixes).\n- net: page_pool: allow enabling recycling late, fix false positive warning (git-fixes).\n- net: phy: bcm54811: PHY initialization (stable-fixes).\n- net: phy: fix phy_uses_state_machine() (git-fixes).\n- net: phy: micrel: Add ksz9131_resume() (stable-fixes).\n- net: phy: micrel: fix KSZ8081/KSZ8091 cable test (git-fixes).\n- net: phy: smsc: add proper reset flags for LAN8710A (stable-fixes).\n- net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer (git-fixes).\n- net: rose: convert \u0027use\u0027 field to refcount_t (git-fixes).\n- net: rose: fix a typo in rose_clear_routes() (git-fixes).\n- net: rose: include node references in rose_neigh refcount (git-fixes).\n- net: rose: split remove and free operations in rose_remove_neigh() (stable-fixes).\n- net: thunderbolt: Enable end-to-end flow control also in transmit (stable-fixes).\n- net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths() (stable-fixes).\n- net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast (git-fixes).\n- net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock (git-fixes).\n- net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization (git-fixes).\n- net: usb: asix_devices: add phy_mask for ax88772 mdio bus (git-fixes).\n- net: usb: cdc-ncm: check for filtering capability (git-fixes).\n- net: usb: qmi_wwan: add Telit Cinterion FN990A w/audio composition (stable-fixes).\n- net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions (git-fixes).\n- net: usb: qmi_wwan: fix Telit Cinterion FE990A name (stable-fixes).\n- net: usb: qmi_wwan: fix Telit Cinterion FN990A name (stable-fixes).\n- net: usbnet: Avoid potential RCU stall on LINK_CHANGE event (git-fixes).\n- net: usbnet: Fix the wrong netif_carrier_on() call (git-fixes).\n- netfilter: ctnetlink: fix refcount leak on table dump (git-fixes).\n- netfilter: ctnetlink: remove refcounting in expectation dumpers (git-fixes).\n- netfilter: nf_conncount: garbage collection is not skipped when jiffies wrap around (git-fixes).\n- netfilter: nf_nat: also check reverse tuple to obtain clashing entry (git-fixes).\n- netfilter: nf_reject: do not leak dst refcount for loopback packets (git-fixes).\n- netfilter: nf_tables: Drop dead code from fill_*_info routines (git-fixes).\n- netfilter: nf_tables: adjust lockdep assertions handling (git-fixes).\n- netfilter: nf_tables: fix set size with rbtree backend (git-fixes).\n- netfilter: nf_tables: imbalance in flowtable binding (git-fixes).\n- netfilter: nft_ct: Use __refcount_inc() for per-CPU nft_ct_pcpu_template (git-fixes).\n- netfilter: nft_flow_offload: update tcp state flags under lock (git-fixes).\n- netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237).\n- netfilter: nft_set_hash: skip duplicated elements pending gc run (git-fixes).\n- netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext (git-fixes).\n- netfilter: nft_set_pipapo: prefer kvmalloc for scratch maps (git-fixes).\n- netfilter: nft_tunnel: fix geneve_opt dump (git-fixes).\n- netfilter: xtables: support arpt_mark and ipv6 optstrip for iptables-nft only builds (git-fixes).\n- netlink: fix policy dump for int with validation callback (jsc#PED-13331).\n- netlink: specs: devlink: replace underscores with dashes in names (jsc#PED-13331).\n- netpoll: prevent hanging NAPI when netcons gets enabled (git-fixes).\n- nfs/localio: add direct IO enablement with sync and async IO support (git-fixes).\n- nfs/localio: remove extra indirect nfs_to call to check {read,write}_iter (git-fixes).\n- nfsd: Fix NFSD_MAY_BYPASS_GSS and NFSD_MAY_BYPASS_GSS_ON_ROOT (git-fixes).\n- nfsd: fix access checking for NLM under XPRTSEC policies (git-fixes).\n- nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (git-fixes).\n- nouveau: fix disabling the nonstall irq due to storm code (git-fixes).\n- nvme-auth: update bi_directional flag (git-fixes).\n- nvme-fc: use lock accessing port_state and rport state (bsc#1245193 bsc#1247500).\n- nvme-pci: try function level reset on init failure (git-fixes).\n- nvme-tcp: log TLS handshake failures at error level (git-fixes).\n- nvme-tcp: send only permitted commands for secure concat (git-fixes).\n- nvme: fix PI insert on write (git-fixes).\n- nvme: fix endianness of command word prints in nvme_log_err_passthru() (git-fixes).\n- nvme: fix inconsistent RCU list manipulation in nvme_ns_add_to_ctrl_list() (git-fixes).\n- nvme: fix misaccounting of nvme-mpath inflight I/O (git-fixes).\n- nvmet-fc: avoid scheduling association deletion twice (bsc#1245193 bsc#1247500).\n- nvmet-fc: move lsop put work to nvmet_fc_ls_req_op (bsc#1245193 bsc#1247500).\n- nvmet-fcloop: call done callback even when remote port is gone (bsc#1245193 bsc#1247500).\n- nvmet-tcp: fix callback lock for TLS handshake (git-fixes).\n- nvmet: exit debugfs after discovery subsystem exits (git-fixes).\n- nvmet: initialize discovery subsys after debugfs is initialized (git-fixes).\n- nvmet: pci-epf: Do not complete commands twice if nvmet_req_init() fails (git-fixes).\n- objtool, ASoC: codecs: wcd934x: Remove potential undefined behavior in wcd934x_slim_irq_handler() (stable-fixes).\n- objtool, lkdtm: Obfuscate the do_nothing() pointer (stable-fixes).\n- objtool, regulator: rk808: Remove potential undefined behavior in rk806_set_mode_dcdc() (stable-fixes).\n- of: dynamic: Fix memleak when of_pci_add_properties() failed (git-fixes).\n- of: dynamic: Fix use after free in of_changeset_add_prop_helper() (git-fixes).\n- of: resolver: Fix device node refcount leakage in of_resolve_phandles() (git-fixes).\n- of: resolver: Simplify of_resolve_phandles() using __free() (stable-fixes).\n- of: unittest: Fix device reference count leak in of_unittest_pci_node_verify (git-fixes).\n- of: unittest: Unlock on error in unittest_data_add() (git-fixes).\n- pNFS/flexfiles: do not attempt pnfs on fatal DS errors (git-fixes).\n- pNFS: Fix disk addr range check in block/scsi layout (git-fixes).\n- pNFS: Fix stripe mapping in block/scsi layout (git-fixes).\n- pNFS: Fix uninited ptr deref in block/scsi layout (git-fixes).\n- pNFS: Handle RPC size limit for layoutcommits (git-fixes).\n- percpu: fix race on alloc failed warning limit (git-fixes).\n- perf bpf-event: Fix use-after-free in synthesis (git-fixes).\n- perf bpf-utils: Constify bpil_array_desc (git-fixes).\n- perf bpf-utils: Harden get_bpf_prog_info_linear (git-fixes).\n- perf dso: Add missed dso__put to dso__load_kcore (git-fixes).\n- perf hwmon_pmu: Avoid shortening hwmon PMU name (git-fixes).\n- perf parse-events: Set default GH modifier properly (git-fixes).\n- perf record: Cache build-ID of hit DSOs only (git-fixes).\n- perf sched: Fix memory leaks for evsel-\u003epriv in timehist (git-fixes).\n- perf sched: Fix memory leaks in \u0027perf sched latency\u0027 (git-fixes).\n- perf sched: Fix memory leaks in \u0027perf sched map\u0027 (git-fixes).\n- perf sched: Fix thread leaks in \u0027perf sched timehist\u0027 (git-fixes).\n- perf sched: Free thread-\u003epriv using priv_destructor (git-fixes).\n- perf sched: Make sure it frees the usage string (git-fixes).\n- perf sched: Use RC_CHK_EQUAL() to compare pointers (git-fixes).\n- perf symbol-minimal: Fix ehdr reading in filename__read_build_id (git-fixes).\n- perf test: Fix a build error in x86 topdown test (git-fixes).\n- perf tests bp_account: Fix leaked file descriptor (git-fixes).\n- perf tools: Remove libtraceevent in .gitignore (git-fixes).\n- perf topdown: Use attribute to see an event is a topdown metic or slots (git-fixes).\n- perf trace: Remove --map-dump documentation (git-fixes).\n- phy: fsl-imx8mq-usb: fix phy_tx_vboost_level_from_property() (git-fixes).\n- phy: mscc: Fix parsing of unicast frames (git-fixes).\n- phy: mscc: Fix timestamping for vsc8584 (git-fixes).\n- phy: qcom: phy-qcom-m31: Update IPQ5332 M31 USB phy initialization sequence (git-fixes).\n- phy: qualcomm: phy-qcom-eusb2-repeater: Do not zero-out registers (git-fixes).\n- phy: qualcomm: phy-qcom-eusb2-repeater: fix override properties (git-fixes).\n- phy: rockchip-pcie: Properly disable TEST_WRITE strobe signal (stable-fixes).\n- phy: rockchip: naneng-combphy: Enable U3 OTG port for RK3568 (git-fixes).\n- phy: rockchip: samsung-hdptx: Do no set rk_hdptx_phy-\u003erate in case of errors (git-fixes).\n- phy: rockchip: samsung-hdptx: Fix clock ratio setup (git-fixes).\n- phy: tegra: xusb: fix device and OF node leak at probe (git-fixes).\n- phy: ti-pipe3: fix device leak at unbind (git-fixes).\n- phy: ti: omap-usb2: fix device leak at unbind (git-fixes).\n- pidfs: Fix memory leak in pidfd_info() (jsc#PED-13113).\n- pidfs: raise SB_I_NODEV and SB_I_NOEXEC (bsc#1249562).\n- pinctrl: STMFX: add missing HAS_IOMEM dependency (git-fixes).\n- pinctrl: berlin: fix memory leak in berlin_pinctrl_build_state() (git-fixes).\n- pinctrl: equilibrium: Remove redundant semicolons (git-fixes).\n- pinctrl: meson-gxl: add missing i2c_d pinmux (git-fixes).\n- pinctrl: renesas: Use int type to store negative error codes (git-fixes).\n- pinctrl: renesas: rzg2l: Fix invalid unsigned return in rzg3s_oen_read() (git-fixes).\n- pinctrl: samsung: Drop unused S3C24xx driver data (git-fixes).\n- pinctrl: stm32: Manage irq affinity settings (stable-fixes).\n- pinctrl: sunxi: Fix memory leak on krealloc failure (git-fixes).\n- pinmux: fix race causing mux_owner NULL with active mux_usecount (git-fixes).\n- platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() (git-fixes).\n- platform/chrome: cros_ec_sensorhub: Retries when a sensor is not ready (stable-fixes).\n- platform/chrome: cros_ec_typec: Defer probe on missing EC parent (stable-fixes).\n- platform/mellanox: mlxbf-pmc: Remove newline char from event name input (git-fixes).\n- platform/mellanox: mlxbf-pmc: Use kstrtobool() to check 0/1 input (git-fixes).\n- platform/mellanox: mlxbf-pmc: Validate event/enable input (git-fixes).\n- platform/x86/amd/hsmp: Ensure sock-\u003emetric_tbl_addr is non-NULL (git-fixes).\n- platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042 list (stable-fixes).\n- platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious 8042 quirks list (stable-fixes).\n- platform/x86/amd/pmc: Add TUXEDO IB Pro Gen10 AMD to spurious 8042 quirks list (stable-fixes).\n- platform/x86/amd/pmf: Support new ACPI ID AMDI0108 (stable-fixes).\n- platform/x86/amd: pmc: Add Lenovo Yoga 6 13ALC6 to pmc quirk list (stable-fixes).\n- platform/x86/intel-uncore-freq: Check write blocked for ELC (git-fixes).\n- platform/x86/intel: power-domains: Use topology_logical_package_id() for package ID (git-fixes).\n- platform/x86: Fix initialization order for firmware_attributes_class (git-fixes).\n- platform/x86: asus-nb-wmi: add DMI quirk for ASUS Zenbook Duo UX8406CA (stable-fixes).\n- platform/x86: asus-wmi: Fix ROG button mapping, tablet mode on ASUS ROG Z13 (stable-fixes).\n- platform/x86: asus-wmi: Re-add extra keys to ignore_key_wlan quirk (git-fixes).\n- platform/x86: asus-wmi: Remove extra keys from ignore_key_wlan quirk (git-fixes).\n- platform/x86: ideapad-laptop: Fix FnLock not remembered among boots (git-fixes).\n- platform/x86: ideapad-laptop: Fix kbd backlight not remembered among boots (git-fixes).\n- platform/x86: lg-laptop: Fix WMAB call in fan_mode_store() (git-fixes).\n- pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() (stable-fixes).\n- pm: cpupower: bench: Prevent NULL dereference on malloc failure (stable-fixes).\n- power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery (git-fixes).\n- power: supply: bq27xxx: restrict no-battery detection to bq27000 (git-fixes).\n- power: supply: cpcap-charger: Fix null check for power_supply_get_by_name (git-fixes).\n- power: supply: cw2015: Fix a alignment coding style issue (git-fixes).\n- power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set (git-fixes).\n- power: supply: max77976_charger: fix constant current reporting (git-fixes).\n- power: supply: qcom_battmgr: Add lithium-polymer entry (stable-fixes).\n- powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() (git-fixes).\n- powerpc/eeh: Export eeh_unfreeze_pe() (bsc#1215199).\n- powerpc/eeh: Make EEH driver device hotplug safe (bsc#1215199).\n- powerpc/ftrace: ensure ftrace record ops are always set for NOPs (git-fixes).\n- powerpc/ftrace: ensure ftrace record ops are always set for NOPs (jsc#PED-10909 git-fixes).\n- powerpc/kernel: Fix ppc_save_regs inclusion in build (bsc#1215199).\n- powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199).\n- powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199).\n- powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199).\n- powerpc/pseries: Correct secvar format representation for static key management (jsc#PED-13345 jsc#PED-13343).\n- powerpc/secvar: Expose secvars relevant to the key management mode (jsc#PED-13345 jsc#PED-13343).\n- powerpc64/modules: correctly iterate over stubs in setup_ftrace_ool_stubs (jsc#PED-10909 git-fixes).\n- powerpc: do not build ppc_save_regs.o always (bsc#1215199).\n- powerpc: floppy: Add missing checks after DMA map (bsc#1215199).\n- pptp: fix pptp_xmit() error path (git-fixes).\n- printk: nbcon: Allow reacquire during panic (bsc#1246688).\n- psample: adjust size if rate_as_probability is set (git-fixes).\n- ptp: fix breakage after ptp_vclock_in_use() rework (git-fixes).\n- pwm: berlin: Fix wrong register in suspend/resume (git-fixes).\n- pwm: imx-tpm: Reset counter if CMOD is 0 (git-fixes).\n- pwm: mediatek: Fix duty and period setting (git-fixes).\n- pwm: mediatek: Handle hardware enable and clock enable separately (stable-fixes).\n- pwm: rockchip: Round period/duty down on apply, up on get (git-fixes).\n- pwm: tiehrpwm: Do not drop runtime PM reference in .free() (git-fixes).\n- pwm: tiehrpwm: Fix corner case in clock divisor calculation (git-fixes).\n- pwm: tiehrpwm: Fix various off-by-one errors in duty-cycle calculation (git-fixes).\n- pwm: tiehrpwm: Make code comment in .free() more useful (git-fixes).\n- r8169: add support for RTL8125D (stable-fixes).\n- r8169: disable RTL8126 ZRX-DC timeout (stable-fixes).\n- r8169: do not scan PHY addresses \u003e 0 (stable-fixes).\n- rcu: Fix racy re-initialization of irq_work causing hangs (git-fixes)\n- regmap: Remove superfluous check for !config in __regmap_init() (git-fixes).\n- regulator: core: fix NULL dereference on unbind due to stale coupling data (stable-fixes).\n- regulator: scmi: Use int type to store negative error codes (git-fixes).\n- regulator: sy7636a: fix lifecycle of power good gpio (git-fixes).\n- reset: brcmstb: Enable reset drivers for ARCH_BCM2835 (stable-fixes).\n- reset: eyeq: fix OF node leak (git-fixes).\n- resource: Add resource set range and size helpers (jsc#PED-13728 jsc#PED-13762).\n- resource: fix false warning in __request_region() (git-fixes).\n- ring-buffer: Do not allow events in NMI with generic atomic64 cmpxchg() (git-fixes).\n- ring-buffer: Make reading page consistent with the code logic (git-fixes).\n- rpm/config.sh: SLFO 1.2 is now synced to OBS as well\n- rtc: ds1307: fix incorrect maximum clock rate handling (git-fixes).\n- rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 (stable-fixes).\n- rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe (stable-fixes).\n- rtc: hym8563: fix incorrect maximum clock rate handling (git-fixes).\n- rtc: nct3018y: fix incorrect maximum clock rate handling (git-fixes).\n- rtc: optee: fix memory leak on driver removal (git-fixes).\n- rtc: pcf85063: fix incorrect maximum clock rate handling (git-fixes).\n- rtc: pcf8563: fix incorrect maximum clock rate handling (git-fixes).\n- rtc: rv3028: fix incorrect maximum clock rate handling (git-fixes).\n- rtc: x1205: Fix Xicor X1205 vendor prefix (git-fixes).\n- s390/ap: Unmask SLCF bit in card and queue ap functions sysfs (git-fixes bsc#1247837).\n- s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again (git-fixes bsc#1246868).\n- s390/cpum_cf: Deny all sampling events by counter PMU (git-fixes bsc#1249477).\n- s390/early: Copy last breaking event address to pt_regs (git-fixes bsc#1249061).\n- s390/hypfs: Avoid unnecessary ioctl registration in debugfs (bsc#1248727 git-fixes).\n- s390/hypfs: Enable limited access during lockdown (bsc#1248727 git-fixes).\n- s390/ism: fix concurrency management in ism_cmd() (git-fixes bsc#1247372).\n- s390/mm: Allocate page table with PAGE_SIZE granularity (git-fixes bsc#1247838).\n- s390/mm: Do not map lowcore with identity mapping (git-fixes bsc#1249066).\n- s390/mm: Remove possible false-positive warning in pte_free_defer() (git-fixes bsc#1247366).\n- s390/pai: Deny all events not handled by this PMU (git-fixes bsc#1249478).\n- s390/pci: Allow automatic recovery with minimal driver support (bsc#1248728 git-fixes).\n- s390/sclp: Fix SCCB present check (git-fixes bsc#1249065).\n- s390/stp: Remove udelay from stp_sync_clock() (git-fixes bsc#1249062).\n- s390/time: Use monotonic clock in get_cycles() (git-fixes bsc#1249064).\n- samples/bpf: Fix compilation failure for samples/bpf on LoongArch Fedora (git-fixes).\n- samples: mei: Fix building on musl libc (git-fixes).\n- sched/deadline: Always stop dl-server before changing parameters (bsc#1247936).\n- sched/deadline: Do not count nr_running for dl_server proxy tasks (git-fixes, bsc#1247936).\n- sched/deadline: Fix RT task potential starvation when expiry time passed (git-fixes, bsc#1247936).\n- sched/deadline: Fix dl_server_stopped() (bsc#1247936).\n- sched/deadline: Initialize dl_servers after SMP (git-fixes)\n- sched_ext, sched/core: Do not call scx_group_set_weight() (git-fixes)\n- scsi: Revert \"scsi: iscsi: Fix HW conn removal use after free\" (git-fixes).\n- scsi: core: Fix kernel doc for scsi_track_queue_full() (git-fixes).\n- scsi: elx: efct: Fix dma_unmap_sg() nents value (git-fixes).\n- scsi: fc: Avoid -Wflex-array-member-not-at-end warnings (bsc#1250519).\n- scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value (git-fixes).\n- scsi: isci: Fix dma_unmap_sg() nents value (git-fixes).\n- scsi: lpfc: Abort outstanding ELS WQEs regardless of if rmmod is in progress (bsc#1250519).\n- scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET (bsc#1250519).\n- scsi: lpfc: Clean up allocated queues when queue setup mbox commands fail (bsc#1250519).\n- scsi: lpfc: Clean up extraneous phba dentries (bsc#1250519).\n- scsi: lpfc: Convert debugfs directory counts from atomic to unsigned int (bsc#1250519).\n- scsi: lpfc: Copyright updates for 14.4.0.11 patches (bsc#1250519).\n- scsi: lpfc: Decrement ndlp kref after FDISC retries exhausted (bsc#1250519).\n- scsi: lpfc: Define size of debugfs entry for xri rebalancing (bsc#1250519).\n- scsi: lpfc: Ensure PLOGI_ACC is sent prior to PRLI in Point to Point topology (bsc#1250519).\n- scsi: lpfc: Fix buffer free/clear order in deferred receive path (bsc#1250519).\n- scsi: lpfc: Fix wrong function reference in a comment (bsc#1250519).\n- scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup (bsc#1250519).\n- scsi: lpfc: Remove redundant assignment to avoid memory leak (bsc#1250519).\n- scsi: lpfc: Remove unused member variables in struct lpfc_hba and lpfc_vport (bsc#1250519).\n- scsi: lpfc: Update lpfc version to 14.4.0.11 (bsc#1250519).\n- scsi: lpfc: Use int type to store negative error codes (bsc#1250519).\n- scsi: lpfc: Use switch case statements in DIF debugfs handlers (bsc#1250519).\n- scsi: lpfc: use min() to improve code (bsc#1250519).\n- scsi: mpi3mr: Event processing debug improvement (bsc#1251186).\n- scsi: mpi3mr: Fix I/O failures during controller reset (bsc#1251186).\n- scsi: mpi3mr: Fix controller init failure on fault during queue creation (bsc#1251186).\n- scsi: mpi3mr: Fix device loss during enclosure reboot due to zero link speed (bsc#1251186).\n- scsi: mpi3mr: Fix kernel-doc issues in mpi3mr_app.c (git-fixes).\n- scsi: mpi3mr: Fix premature TM timeouts on virtual drives (bsc#1251186).\n- scsi: mpi3mr: Fix race between config read submit and interrupt completion (git-fixes).\n- scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems (git-fixes).\n- scsi: mpi3mr: Update MPI headers to revision 37 (bsc#1251186).\n- scsi: mpi3mr: Update driver version to 8.15.0.5.50 (bsc#1251186).\n- scsi: mpt3sas: Fix a fw_event memory leak (git-fixes).\n- scsi: mvsas: Fix dma_unmap_sg() nents value (git-fixes).\n- scsi: qla2xxx: Avoid stack frame size warning in qla_dfs (git-fixes).\n- scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES() (git-fixes).\n- scsi: qla2xxx: Fix incorrect sign of error code in qla_nvme_xmt_ls_rsp() (git-fixes).\n- scsi: qla2xxx: Remove firmware URL (git-fixes).\n- scsi: qla2xxx: Use secs_to_jiffies() instead of msecs_to_jiffies() (git-fixes).\n- scsi: qla2xxx: edif: Fix incorrect sign of error code (git-fixes).\n- scsi: sd: Make sd shutdown issue START STOP UNIT appropriately (git-fixes).\n- scsi: smartpqi: Enhance WWID logging logic (bsc#1246631).\n- scsi: smartpqi: Take drives offline when controller is offline (bsc#1246631).\n- scsi: smartpqi: Update driver version to 2.1.34-035 (bsc#1246631).\n- scsi: ufs: Fix toggling of clk_gating.state when clock gating is not allowed (git-fixes).\n- scsi: ufs: Introduce quirk to extend PA_HIBERN8TIME for UFS devices (git-fixes).\n- scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails (git-fixes).\n- scsi: ufs: core: Add missing post notify for power mode change (git-fixes).\n- scsi: ufs: core: Add ufshcd_send_bsg_uic_cmd() for UFS BSG (git-fixes).\n- scsi: ufs: core: Always initialize the UIC done completion (git-fixes).\n- scsi: ufs: core: Do not perform UFS clkscaling during host async scan (git-fixes).\n- scsi: ufs: core: Fix clk scaling to be conditional in reset and restore (git-fixes).\n- scsi: ufs: core: Fix error return with query response (git-fixes).\n- scsi: ufs: core: Fix spelling of a sysfs attribute name (git-fixes).\n- scsi: ufs: core: Fix ufshcd_is_ufs_dev_busy() and ufshcd_eh_timed_out() (git-fixes).\n- scsi: ufs: core: Honor runtime/system PM levels if set by host controller drivers (git-fixes).\n- scsi: ufs: core: Improve ufshcd_mcq_sq_cleanup() (git-fixes).\n- scsi: ufs: core: Introduce ufshcd_has_pending_tasks() (git-fixes).\n- scsi: ufs: core: Prepare to introduce a new clock_gating lock (git-fixes).\n- scsi: ufs: core: Remove redundant query_complete trace (git-fixes).\n- scsi: ufs: core: Set default runtime/system PM levels before ufshcd_hba_init() (git-fixes).\n- scsi: ufs: core: Update compl_time_stamp_local_clock after completing a cqe (git-fixes).\n- scsi: ufs: core: Use link recovery when h8 exit fails during runtime resume (git-fixes).\n- scsi: ufs: exynos: Add check inside exynos_ufs_config_smu() (git-fixes).\n- scsi: ufs: exynos: Add gs101_ufs_drv_init() hook and enable WriteBooster (git-fixes).\n- scsi: ufs: exynos: Enable PRDT pre-fetching with UFSHCD_CAP_CRYPTO (git-fixes).\n- scsi: ufs: exynos: Ensure consistent phy reference counts (git-fixes).\n- scsi: ufs: exynos: Ensure pre_link() executes before exynos_ufs_phy_init() (git-fixes).\n- scsi: ufs: exynos: Fix hibern8 notify callbacks (git-fixes).\n- scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE (git-fixes).\n- scsi: ufs: exynos: Move UFS shareability value to drvdata (git-fixes).\n- scsi: ufs: exynos: Move phy calls to .exit() callback (git-fixes).\n- scsi: ufs: exynos: Remove empty drv_init method (git-fixes).\n- scsi: ufs: exynos: Remove superfluous function parameter (git-fixes).\n- scsi: ufs: exynos: gs101: Put UFS device in reset on .suspend() (git-fixes).\n- scsi: ufs: mcq: Delete ufshcd_release_scsi_cmd() in ufshcd_mcq_abort() (git-fixes).\n- scsi: ufs: pltfrm: Disable runtime PM during removal of glue drivers (git-fixes).\n- scsi: ufs: pltfrm: Drop PM runtime reference count after ufshcd_remove() (git-fixes).\n- scsi: ufs: qcom: Fix crypto key eviction (git-fixes).\n- scsi: ufs: qcom: fix dev reference leaked through of_qcom_ice_get (git-fixes).\n- scsi: ufs: ufs-pci: Fix default runtime and system PM levels (git-fixes).\n- scsi: ufs: ufs-pci: Fix hibernate state transition for Intel MTL-like host controllers (git-fixes).\n- seccomp: Fix a race with WAIT_KILLABLE_RECV if the tracer replies too fast (git-fixes bsc#1250671).\n- selftest/livepatch: Only run test-kprobe with CONFIG_KPROBES_ON_FTRACE (poo#187320).\n- selftests/cpufreq: Fix cpufreq basic read and update testcases (bsc#1250344).\n- selftests/livepatch: Ignore NO_SUPPORT line in dmesg (poo#187320).\n- selftests/livepatch: Replace hardcoded module name with variable in test-callbacks.sh (poo#187320).\n- selftests/run_kselftest.sh: Fix help string for --per-test-log (poo#187320).\n- selftests/run_kselftest.sh: Use readlink if realpath is not available (poo#187320).\n- selftests/tracing: Fix false failure of subsystem event test (git-fixes).\n- selftests: ALSA: fix memory leak in utimer test (git-fixes).\n- selftests: livepatch: add new ftrace helpers functions (poo#187320).\n- selftests: livepatch: add test cases of stack_order sysfs interface (poo#187320).\n- selftests: livepatch: handle PRINTK_CALLER in check_result() (poo#187320).\n- selftests: livepatch: rename KLP_SYSFS_DIR to SYSFS_KLP_DIR (poo#187320).\n- selftests: livepatch: save and restore kprobe state (poo#187320).\n- selftests: livepatch: test if ftrace can trace a livepatched function (poo#187320).\n- selftests: livepatch: test livepatching a kprobed function (poo#187320).\n- selftests: ncdevmem: Move ncdevmem under drivers/net/hw (poo#187443).\n- selinux: change security_compute_sid to return the ssid or tsid on match (git-fixes).\n- selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len (stable-fixes).\n- serial: 8250: Touch watchdogs in write_atomic() (bsc#1246688).\n- serial: 8250: fix panic due to PSLVERR (git-fixes).\n- serial: max310x: Add error checking in probe() (git-fixes).\n- serial: sc16is7xx: fix bug in flow control levels init (git-fixes).\n- skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650).\n- slab: Decouple slab_debug and no_hash_pointers (bsc#1249022).\n- smb: client: fix crypto buffers in non-linear memory (bsc#1250491, boo#1239206).\n- smb: client: fix netns refcount leak after net_passive changes (git-fixes).\n- soc/tegra: cbb: Clear ERR_FORCE register with ERR_STATUS (git-fixes).\n- soc/tegra: pmc: Ensure power-domains are in a known state (git-fixes).\n- soc: mediatek: mtk-svs: fix device leaks on mt8183 probe failure (git-fixes).\n- soc: mediatek: mtk-svs: fix device leaks on mt8192 probe failure (git-fixes).\n- soc: qcom: QMI encoding/decoding for big endian (git-fixes).\n- soc: qcom: fix endianness for QMI header (git-fixes).\n- soc: qcom: mdt_loader: Actually use the e_phoff (stable-fixes).\n- soc: qcom: mdt_loader: Deal with zero e_shentsize (git-fixes).\n- soc: qcom: mdt_loader: Ensure we do not read past the ELF header (git-fixes).\n- soc: qcom: mdt_loader: Fix error return values in mdt_header_valid() (git-fixes).\n- soc: qcom: pmic_glink: fix OF node leak (git-fixes).\n- soc: qcom: rpmh-rsc: Add RSC version 4 support (stable-fixes).\n- soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS (git-fixes).\n- soundwire: Move handle_nested_irq outside of sdw_dev_lock (stable-fixes).\n- soundwire: amd: cancel pending slave status handling workqueue during remove sequence (stable-fixes).\n- soundwire: amd: fix for handling slave alerts after link is down (git-fixes).\n- soundwire: amd: serialize amd manager resume sequence during pm_prepare (stable-fixes).\n- soundwire: stream: restore params when prepare ports fail (git-fixes).\n- spi: bcm2835: Remove redundant semicolons (git-fixes).\n- spi: cadence-quadspi: Fix cqspi_setup_flash() (git-fixes).\n- spi: cadence-quadspi: Flush posted register writes before DAC access (git-fixes).\n- spi: cadence-quadspi: Flush posted register writes before INDAC access (git-fixes).\n- spi: cadence-quadspi: fix cleanup of rx_chan on failure paths (stable-fixes).\n- spi: cs42l43: Property entry should be a null-terminated array (bsc#1246979).\n- spi: fix return code when spi device has too many chipselects (git-fixes).\n- spi: mtk-snfi: Remove redundant semicolons (git-fixes).\n- spi: spi-fsl-lpspi: Clamp too high speed_hz (git-fixes).\n- spi: spi-fsl-lpspi: Clear status register after disabling the module (git-fixes).\n- spi: spi-fsl-lpspi: Fix transmissions when using CONT (git-fixes).\n- spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort (git-fixes).\n- spi: spi-fsl-lpspi: Set correct chip-select polarity bit (git-fixes).\n- spi: stm32: Check for cfg availability in stm32_spi_probe (git-fixes).\n- sprintf.h requires stdarg.h (git-fixes).\n- sprintf.h: mask additional include (git-fixes).\n- squashfs: fix memory leak in squashfs_fill_super (git-fixes).\n- staging: axis-fifo: fix TX handling on copy_from_user() failure (git-fixes).\n- staging: axis-fifo: fix maximum TX packet length check (git-fixes).\n- staging: axis-fifo: flush RX FIFO on read errors (git-fixes).\n- staging: axis-fifo: remove sysfs interface (git-fixes).\n- staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() (git-fixes).\n- staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int() (git-fixes).\n- staging: nvec: Fix incorrect null termination of battery manufacturer (git-fixes).\n- staging: vchiq_arm: Make vchiq_shutdown never fail (git-fixes).\n- struct cdc_ncm_ctx: move new member to end (git-fixes).\n- sunrpc: fix client side handling of tls alerts (git-fixes).\n- sunrpc: fix handling of server side tls alerts (git-fixes).\n- sunrpc: fix null pointer dereference on zero-length checksum (git-fixes).\n- sunvdc: Balance device refcount in vdc_port_mpgroup_check (git-fixes).\n- supported.conf: Mark ZL3073X modules supported\n- supported.conf: mark hyperv_drm as external\n- tcp: call tcp_measure_rcv_mss() for ooo packets (git-fixes).\n- tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650).\n- thermal/drivers/mediatek/lvts_thermal: Add lvts commands and their sizes to driver data (stable-fixes).\n- thermal/drivers/mediatek/lvts_thermal: Add mt7988 lvts commands (stable-fixes).\n- thermal/drivers/mediatek/lvts_thermal: Change lvts commands array to static const (stable-fixes).\n- thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required (stable-fixes).\n- thermal/drivers/qcom/lmh: Add missing IRQ includes (git-fixes).\n- thermal: sysfs: Return ENODATA instead of EAGAIN for reads (stable-fixes).\n- thunderbolt: Compare HMAC values in constant time (git-fixes).\n- thunderbolt: Fix copy+paste error in match_service_id() (git-fixes).\n- tools/power turbostat: Clustered Uncore MHz counters should honor show/hide options (stable-fixes).\n- tools/power turbostat: Fix bogus SysWatt for forked program (git-fixes).\n- tools/power turbostat: Fix build with musl (stable-fixes).\n- tools/power turbostat: Handle cap_get_proc() ENOSYS (stable-fixes).\n- tools/power turbostat: Handle non-root legacy-uncore sysfs permissions (stable-fixes).\n- tools/resolve_btfids: Fix build when cross compiling kernel with clang (git-fixes).\n- tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single (git-fixes).\n- trace/fgraph: Fix error handling (git-fixes).\n- trace/ring-buffer: Do not use TP_printk() formatting for boot mapped buffers (git-fixes).\n- tracepoint: Print the function symbol when tracepoint_debug is set (jsc#PED-13631).\n- tracing/kprobe: Make trace_kprobe\u0027s module callback called after jump_label update (git-fixes).\n- tracing/kprobes: Fix to free objects when failed to copy a symbol (git-fixes).\n- tracing: Correct the refcount if the hist/hist_debug file fails to open (git-fixes).\n- tracing: Fix filter string testing (git-fixes).\n- tracing: Fix using ret variable in tracing_set_tracer() (git-fixes).\n- tracing: Remove unneeded goto out logic (bsc#1249286).\n- tracing: Switch trace.c code over to use guard() (git-fixes).\n- tracing: Switch trace_events_hist.c code over to use guard() (git-fixes).\n- tracing: fprobe events: Fix possible UAF on modules (git-fixes).\n- tracing: tprobe-events: Fix leakage of module refcount (git-fixes).\n- tty: hvc_console: Call hvc_kick in hvc_write unconditionally (bsc#1230062).\n- tty: n_gsm: Do not block input queue by waiting MSC (git-fixes).\n- tty: serial: fix print format specifiers (stable-fixes).\n- ublk: sanity check add_dev input for underflow (git-fixes).\n- ublk: use vmalloc for ublk_device\u0027s __queues (git-fixes).\n- ucount: fix atomic_long_inc_below() argument type (git-fixes).\n- uio: uio_pdrv_genirq: Remove MODULE_DEVICE_TABLE (git-fixes).\n- usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() (git-fixes).\n- usb: cdns3: cdnsp-pci: remove redundant pci_disable_device() call (git-fixes).\n- usb: core: Add 0x prefix to quirks debug output (stable-fixes).\n- usb: core: config: Prevent OOB read in SS endpoint companion parsing (stable-fixes).\n- usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test (git-fixes).\n- usb: core: usb_submit_urb: downgrade type check (stable-fixes).\n- usb: dwc3: Ignore late xferNotReady event to prevent halt timeout (git-fixes).\n- usb: dwc3: Remove WARN_ON for device endpoint command timeouts (stable-fixes).\n- usb: dwc3: imx8mp: fix device leak at unbind (git-fixes).\n- usb: dwc3: meson-g12a: fix device leaks at unbind (git-fixes).\n- usb: dwc3: pci: add support for the Intel Wildcat Lake (stable-fixes).\n- usb: dwc3: qcom: Do not leave BCR asserted (git-fixes).\n- usb: early: xhci-dbc: Fix early_ioremap leak (git-fixes).\n- usb: gadget : fix use-after-free in composite_dev_cleanup() (git-fixes).\n- usb: gadget: configfs: Correctly set use_os_string at bind (git-fixes).\n- usb: gadget: midi2: Fix MIDI2 IN EP max packet size (git-fixes).\n- usb: gadget: midi2: Fix missing UMP group attributes initialization (git-fixes).\n- usb: gadget: udc: renesas_usb3: fix device leak at unbind (git-fixes).\n- usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup (git-fixes).\n- usb: host: xhci-plat: fix incorrect type for of_match variable in xhci_plat_probe() (git-fixes).\n- usb: misc: apple-mfi-fastcharge: Make power supply names unique (git-fixes).\n- usb: misc: qcom_eud: Access EUD_MODE_MANAGER2 through secure calls (git-fixes).\n- usb: musb: omap2430: fix device leak at unbind (git-fixes).\n- usb: phy: twl6030: Fix incorrect type for ret (git-fixes).\n- usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive (stable-fixes).\n- usb: renesas-xhci: Fix External ROM access timeouts (git-fixes).\n- usb: storage: realtek_cr: Use correct byte order for bcs-\u003eResidue (git-fixes).\n- usb: typec: fusb302: cache PD RX state (git-fixes).\n- usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn\u0027t present (stable-fixes).\n- usb: typec: maxim_contaminant: disable low power mode when reading comparator values (git-fixes).\n- usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean (git-fixes).\n- usb: typec: tcpm/tcpci_maxim: fix irq wake usage (stable-fixes).\n- usb: typec: tcpm: allow switching to mode accessory to mux properly (stable-fixes).\n- usb: typec: tcpm: allow to use sink in accessory mode (stable-fixes).\n- usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach (git-fixes).\n- usb: typec: tcpm: properly deliver cable vdms to altmode drivers (git-fixes).\n- usb: typec: tipd: Clear interrupts first (git-fixes).\n- usb: typec: ucsi: Update power_supply on power role change (git-fixes).\n- usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default (stable-fixes).\n- usb: typec: ucsi: yoga-c630: fix error and remove paths (git-fixes).\n- usb: vhci-hcd: Prevent suspending virtually attached devices (git-fixes).\n- usb: xhci: Avoid showing errors during surprise removal (stable-fixes).\n- usb: xhci: Avoid showing warnings for dying controller (stable-fixes).\n- usb: xhci: Fix slot_id resource race conflict (git-fixes).\n- usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command (stable-fixes).\n- usb: xhci: print xhci-\u003exhc_state when queue_command failed (stable-fixes).\n- use uniform permission checks for all mount propagation changes (git-fixes).\n- vdpa/mlx5: Fix needs_teardown flag calculation (git-fixes).\n- vdpa: Fix IDR memory leak in VDUSE module exit (git-fixes).\n- vhost-scsi: Fix log flooding with target does not exist errors (git-fixes).\n- vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() (git-fixes).\n- vhost/vsock: Avoid allocating arbitrarily-sized SKBs (git-fixes).\n- vhost: Fix ioctl # for VHOST_[GS]ET_FORK_FROM_OWNER (git-fixes).\n- vhost: Reintroduce kthread API and add mode selection (git-fixes).\n- vhost: fail early when __vhost_add_used() fails (git-fixes).\n- virtchnl2: add flow steering support (jsc#PED-13728).\n- virtchnl2: rename enum virtchnl2_cap_rss (jsc#PED-13728).\n- virtchnl: add PTP virtchnl definitions (jsc#PED-13728 jsc#PED-13762).\n- virtio_net: Enforce minimum TX ring size for reliability (git-fixes).\n- virtio_ring: Fix error reporting in virtqueue_resize (git-fixes).\n- vmci: Prevent the dispatching of uninitialized payloads (git-fixes).\n- vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page (git-fixes).\n- vsock/virtio: Validate length in packet header before skb_put() (git-fixes).\n- vt: defkeymap: Map keycodes above 127 to K_HOLE (git-fixes).\n- vt: keyboard: Do not process Unicode characters in K_OFF mode (git-fixes).\n- watchdog: dw_wdt: Fix default timeout (stable-fixes).\n- watchdog: iTCO_wdt: Report error if timeout configuration fails (stable-fixes).\n- watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog (git-fixes).\n- watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition (stable-fixes).\n- watchdog: ziirave_wdt: check record length in ziirave_firm_verify() (git-fixes).\n- wifi: ath10k: avoid unnecessary wait for service ready message (git-fixes).\n- wifi: ath10k: shutdown driver when hardware is unreliable (stable-fixes).\n- wifi: ath11k: HAL SRNG: do not deinitialize and re-initialize again (git-fixes).\n- wifi: ath11k: clear initialized flag for deinit-ed srng lists (git-fixes).\n- wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() (git-fixes).\n- wifi: ath11k: fix dest ring-buffer corruption (git-fixes).\n- wifi: ath11k: fix dest ring-buffer corruption when ring is full (git-fixes).\n- wifi: ath11k: fix group data packet drops during rekey (git-fixes).\n- wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() (git-fixes).\n- wifi: ath11k: fix source ring-buffer corruption (git-fixes).\n- wifi: ath11k: fix suspend use-after-free after probe failure (git-fixes).\n- wifi: ath12k: Add MODULE_FIRMWARE() entries (bsc#1250952).\n- wifi: ath12k: Add memset and update default rate value in wmi tx completion (stable-fixes).\n- wifi: ath12k: Correct tid cleanup when tid setup fails (stable-fixes).\n- wifi: ath12k: Decrement TID on RX peer frag setup error handling (stable-fixes).\n- wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0 (stable-fixes).\n- wifi: ath12k: Fix station association with MBSSID Non-TX BSS (stable-fixes).\n- wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() (git-fixes).\n- wifi: ath12k: fix dest ring-buffer corruption (git-fixes).\n- wifi: ath12k: fix dest ring-buffer corruption when ring is full (git-fixes).\n- wifi: ath12k: fix endianness handling while accessing wmi service bit (git-fixes).\n- wifi: ath12k: fix memory leak in ath12k_pci_remove() (stable-fixes).\n- wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event (git-fixes).\n- wifi: ath12k: fix source ring-buffer corruption (git-fixes).\n- wifi: ath12k: fix the fetching of combined rssi (git-fixes).\n- wifi: ath12k: fix wrong handling of CCMP256 and GCMP ciphers (git-fixes).\n- wifi: ath12k: fix wrong logging ID used for CE (git-fixes).\n- wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE (git-fixes).\n- wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work (git-fixes).\n- wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() (git-fixes).\n- wifi: cfg80211: Fix interface type validation (stable-fixes).\n- wifi: cfg80211: fix use-after-free in cmp_bss() (git-fixes).\n- wifi: cfg80211: reject HTC bit for management frames (stable-fixes).\n- wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() (git-fixes).\n- wifi: cw1200: cap SSID length in cw1200_do_join() (git-fixes).\n- wifi: iwlegacy: Check rate_idx range after addition (stable-fixes).\n- wifi: iwlwifi: Add missing firmware info for bz-b0-* models (bsc#1252084).\n- wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start() (git-fixes).\n- wifi: iwlwifi: Fix memory leak in iwl_mvm_init() (git-fixes).\n- wifi: iwlwifi: Remove redundant header files (git-fixes).\n- wifi: iwlwifi: config: unify fw/pnvm MODULE_FIRMWARE (bsc#1252084).\n- wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() (stable-fixes).\n- wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect (stable-fixes).\n- wifi: iwlwifi: mvm: avoid outdated reorder buffer head_sn (stable-fixes).\n- wifi: iwlwifi: mvm: fix scan request validation (stable-fixes).\n- wifi: iwlwifi: mvm: set gtk id also in older FWs (stable-fixes).\n- wifi: iwlwifi: return ERR_PTR from opmode start() (stable-fixes).\n- wifi: iwlwifi: uefi: check DSM item validity (git-fixes).\n- wifi: libertas: cap SSID len in lbs_associate() (git-fixes).\n- wifi: mac80211: Check 802.11 encaps offloading in ieee80211_tx_h_select_key() (git-fixes).\n- wifi: mac80211: Do not call fq_flow_idx() for management frames (git-fixes).\n- wifi: mac80211: Do not schedule stopped TXQs (git-fixes).\n- wifi: mac80211: Write cnt before copying in ieee80211_copy_rnr_beacon() (git-fixes).\n- wifi: mac80211: avoid weird state in error path (stable-fixes).\n- wifi: mac80211: do not complete management TX on SAE commit (stable-fixes).\n- wifi: mac80211: do not unreserve never reserved chanctx (stable-fixes).\n- wifi: mac80211: fix Rx packet handling when pubsta information is not available (git-fixes).\n- wifi: mac80211: fix incorrect type for ret (stable-fixes).\n- wifi: mac80211: fix rx link assignment for non-MLO stations (stable-fixes).\n- wifi: mac80211: increase scan_ies_len for S1G (stable-fixes).\n- wifi: mac80211: reject TDLS operations when station is not associated (git-fixes).\n- wifi: mac80211: update radar_required in channel context after channel switch (stable-fixes).\n- wifi: mt76: fix linked list corruption (git-fixes).\n- wifi: mt76: fix potential memory leak in mt76_wmac_probe() (git-fixes).\n- wifi: mt76: free pending offchannel tx frames on wcid cleanup (git-fixes).\n- wifi: mt76: mt7915: fix mt7981 pre-calibration (git-fixes).\n- wifi: mt76: mt7915: mcu: re-init MCU before loading FW patch (stable-fixes).\n- wifi: mt76: mt7925: adjust rm BSS flow to prevent next connection failure (git-fixes).\n- wifi: mt76: mt7925: fix locking in mt7925_change_vif_links() (git-fixes).\n- wifi: mt76: mt7925: fix the wrong bss cleanup for SAP (git-fixes).\n- wifi: mt76: mt7925u: use connac3 tx aggr check in tx complete (git-fixes).\n- wifi: mt76: mt7996: Convert mt7996_wed_rro_addr to LE (git-fixes).\n- wifi: mt76: mt7996: Fix RX packets configuration for primary WED device (git-fixes).\n- wifi: mt76: mt7996: Initialize hdr before passing to skb_put_data() (git-fixes).\n- wifi: mt76: prevent non-offchannel mgmt tx during scan/roc (git-fixes).\n- wifi: mwifiex: Initialize the chan_stats array to zero (git-fixes).\n- wifi: mwifiex: send world regulatory domain to driver (git-fixes).\n- wifi: nl80211: Set num_sub_specs before looping through sub_specs (git-fixes).\n- wifi: plfxlc: Fix error handling in usb driver probe (git-fixes).\n- wifi: rtl818x: Kill URBs before clearing tx status queue (git-fixes).\n- wifi: rtl8xxxu: Do not claim USB ID 07b8:8188 (stable-fixes).\n- wifi: rtl8xxxu: Fix RX skb size for aggregation disabled (git-fixes).\n- wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc() (stable-fixes).\n- wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()` (stable-fixes).\n- wifi: rtlwifi: rtl8192cu: Do not claim USB ID 07b8:8188 (stable-fixes).\n- wifi: rtw88: Fix macid assigned to TDLS station (git-fixes).\n- wifi: rtw89: Fix rtw89_mac_power_switch() for USB (stable-fixes).\n- wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB (stable-fixes).\n- wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band (git-fixes).\n- wifi: rtw89: avoid circular locking dependency in ser_state_run() (git-fixes).\n- wifi: rtw89: scan abort when assign/unassign_vif (stable-fixes).\n- wifi: rtw89: wow: Add Basic Rate IE to probe request in scheduled scan mode (stable-fixes).\n- wifi: virt_wifi: Fix page fault on connect (stable-fixes).\n- wifi: wilc1000: avoid buffer overflow in WID string configuration (stable-fixes).\n- writeback: Avoid contention on wb-\u003elist_lock when switching inodes (bsc#1237776).\n- writeback: Avoid contention on wb-\u003elist_lock when switching inodes (kABI fixup) (bsc#1237776).\n- writeback: Avoid excessively long inode switching times (bsc#1237776).\n- writeback: Avoid softlockup when switching many inodes (bsc#1237776).\n- x86/CPU/AMD: Add CPUID faulting support (jsc#PED-13704).\n- x86/Kconfig: Add arch attack vector support (git-fixes).\n- x86/Kconfig: Always enable ARCH_SPARSEMEM_ENABLE (git-fixes).\n- x86/boot: Sanitize boot params before parsing command line (git-fixes).\n- x86/bugs: Add SRSO_MITIGATION_NOSMT (git-fixes).\n- x86/bugs: Add attack vector controls for BHI (git-fixes).\n- x86/bugs: Add attack vector controls for GDS (git-fixes).\n- x86/bugs: Add attack vector controls for ITS (git-fixes).\n- x86/bugs: Add attack vector controls for L1TF (git-fixes).\n- x86/bugs: Add attack vector controls for MDS (git-fixes).\n- x86/bugs: Add attack vector controls for MMIO (git-fixes).\n- x86/bugs: Add attack vector controls for RFDS (git-fixes).\n- x86/bugs: Add attack vector controls for SRBDS (git-fixes).\n- x86/bugs: Add attack vector controls for SRSO (git-fixes).\n- x86/bugs: Add attack vector controls for SSB (git-fixes).\n- x86/bugs: Add attack vector controls for TAA (git-fixes).\n- x86/bugs: Add attack vector controls for TSA (git-fixes).\n- x86/bugs: Add attack vector controls for retbleed (git-fixes).\n- x86/bugs: Add attack vector controls for spectre_v1 (git-fixes).\n- x86/bugs: Add attack vector controls for spectre_v2 (git-fixes).\n- x86/bugs: Add attack vector controls for spectre_v2_user (git-fixes).\n- x86/bugs: Allow ITS stuffing in eIBRS+retpoline mode also (git-fixes).\n- x86/bugs: Avoid AUTO after the select step in the retbleed mitigation (git-fixes).\n- x86/bugs: Avoid warning when overriding return thunk (git-fixes).\n- x86/bugs: Clean up SRSO microcode handling (git-fixes).\n- x86/bugs: Define attack vectors relevant for each bug (git-fixes).\n- x86/bugs: Fix GDS mitigation selecting when mitigation is off (git-fixes).\n- x86/bugs: Introduce cdt_possible() (git-fixes).\n- x86/bugs: Print enabled attack vectors (git-fixes).\n- x86/bugs: Remove its=stuff dependency on retbleed (git-fixes).\n- x86/bugs: Select best SRSO mitigation (git-fixes).\n- x86/bugs: Simplify the retbleed=stuff checks (git-fixes).\n- x86/bugs: Use IBPB for retbleed if used by SRSO (git-fixes).\n- x86/bugs: Use switch/case in its_apply_mitigation() (git-fixes).\n- x86/cacheinfo: Properly parse CPUID(0x80000005) L1d/L1i associativity (git-fixes).\n- x86/cacheinfo: Properly parse CPUID(0x80000006) L2/L3 associativity (git-fixes).\n- x86/cpu: Sanitize CPUID(0x80000000) output (git-fixes).\n- x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 (git-fixes).\n- x86/fpu/xstate: Fix inconsistencies in guest FPU xfeatures (git-fixes).\n- x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct() (git-fixes).\n- x86/fpu: Delay instruction pointer fixup until after warning (git-fixes).\n- x86/fpu: Fix guest FPU state buffer allocation size (git-fixes).\n- x86/fpu: Fully optimize out WARN_ON_FPU() (git-fixes).\n- x86/fpu: Refactor xfeature bitmask update code for sigframe XSAVE (git-fixes).\n- x86/fred/signal: Prevent immediate repeat of single step trap on return from SIGTRAP handler (git-fixes).\n- x86/headers: Replace __ASSEMBLY__ with __ASSEMBLER__ in UAPI headers (git-fixes).\n- x86/locking: Use ALT_OUTPUT_SP() for percpu_{,try_}cmpxchg{64,128}_op() (git-fixes).\n- x86/mce/amd: Add default names for MCA banks and blocks (git-fixes).\n- x86/mce: Do not remove sysfs if thresholding sysfs init fails (git-fixes).\n- x86/mce: Ensure user polling settings are honored when restarting timer (git-fixes).\n- x86/mce: Make sure CMCI banks are cleared during shutdown on Intel (git-fixes).\n- x86/microcode/AMD: Handle the case of no BIOS microcode (git-fixes).\n- x86/microcode: Consolidate the loader enablement checking (git-fixes).\n- x86/microcode: Update the Intel processor flag scan check (git-fixes).\n- x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() (git-fixes).\n- x86/mm/pat: do not collapse pages without PSE set (git-fixes).\n- x86/nmi: Add an emergency handler in nmi_desc \u0026 use it in nmi_shootdown_cpus() (git-fixes).\n- x86/percpu: Disable named address spaces for UBSAN_BOOL with KASAN for GCC \u0026lt; 14.2 (git-fixes).\n- x86/pkeys: Simplify PKRU update in signal frame (git-fixes).\n- x86/platform/olpc: Remove unused variable \u0027len\u0027 in olpc_dt_compatible_match() (git-fixes).\n- x86/pti: Add attack vector controls for PTI (git-fixes).\n- x86/rdrand: Disable RDSEED on AMD Cyan Skillfish (git-fixes).\n- x86/smp: Allow calling mwait_play_dead with an arbitrary hint (jsc#PED-13815).\n- x86/smp: Fix mwait_play_dead() and acpi_processor_ffh_play_dead() noreturn behavior (jsc#PED-13815).\n- x86/smp: PM/hibernate: Split arch_resume_nosmt() (jsc#PED-13815).\n- x86/smpboot: Fix INIT delay assignment for extended Intel Families (git-fixes).\n- x86/topology: Implement topology_is_core_online() to address SMT regression (jsc#PED-13815).\n- x86/traps: Initialize DR6 by writing its architectural reset value (git-fixes).\n- xen/gntdev: remove struct gntdev_copy_batch from stack (git-fixes).\n- xen/netfront: Fix TX response spurious interrupts (git-fixes).\n- xen: fix UAF in dmabuf_exp_from_pages() (git-fixes).\n- xfrm: replay: Fix the update of replay_esn-\u003eoseq_hi for GSO (git-fixes).\n- xfs: change xfs_xattr_class from a TRACE_EVENT() to DECLARE_EVENT_CLASS() (git-fixes).\n- xfs: do not propagate ENODATA disk errors into xattr code (git-fixes).\n- xfs: fix scrub trace with null pointer in quotacheck (git-fixes).\n- xfs: only create event xfs_file_compat_ioctl when CONFIG_COMPAT is configure (git-fixes).\n- xfs: remove unused event xfs_alloc_near_error (git-fixes).\n- xfs: remove unused event xfs_alloc_near_nominleft (git-fixes).\n- xfs: remove unused event xfs_attr_node_removename (git-fixes).\n- xfs: remove unused event xfs_ioctl_clone (git-fixes).\n- xfs: remove unused event xfs_pagecache_inval (git-fixes).\n- xfs: remove unused event xlog_iclog_want_sync (git-fixes).\n- xfs: remove unused trace event xfs_attr_remove_iter_return (git-fixes).\n- xfs: remove unused trace event xfs_attr_rmtval_set (git-fixes).\n- xfs: remove unused trace event xfs_discard_rtrelax (git-fixes).\n- xfs: remove unused trace event xfs_log_cil_return (git-fixes).\n- xfs: remove unused trace event xfs_reflink_cow_enospc (git-fixes).\n- xfs: remove unused xfs_attr events (git-fixes).\n- xfs: remove unused xfs_reflink_compare_extents events (git-fixes).\n- xfs: remove usused xfs_end_io_direct events (git-fixes).\n- xhci: dbc: Fix full DbC transfer ring after several reconnects (git-fixes).\n- xhci: dbc: decouple endpoint allocation from initialization (git-fixes).\n- xhci: fix memory leak regression when freeing xhci vdev devices depth first (git-fixes).\n- xirc2ps_cs: fix register access when enabling FullDuplex (git-fixes).\n- zram: permit only one post-processing operation at a time (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SL-Micro-6.2-50",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_21074-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:21074-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202521074-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:21074-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023431.html"
},
{
"category": "self",
"summary": "SUSE Bug 1215199",
"url": "https://bugzilla.suse.com/1215199"
},
{
"category": "self",
"summary": "SUSE Bug 1218644",
"url": "https://bugzilla.suse.com/1218644"
},
{
"category": "self",
"summary": "SUSE Bug 1230062",
"url": "https://bugzilla.suse.com/1230062"
},
{
"category": "self",
"summary": "SUSE Bug 1234634",
"url": "https://bugzilla.suse.com/1234634"
},
{
"category": "self",
"summary": "SUSE Bug 1234693",
"url": "https://bugzilla.suse.com/1234693"
},
{
"category": "self",
"summary": "SUSE Bug 1234863",
"url": "https://bugzilla.suse.com/1234863"
},
{
"category": "self",
"summary": "SUSE Bug 1235953",
"url": "https://bugzilla.suse.com/1235953"
},
{
"category": "self",
"summary": "SUSE Bug 1236897",
"url": "https://bugzilla.suse.com/1236897"
},
{
"category": "self",
"summary": "SUSE Bug 1237108",
"url": "https://bugzilla.suse.com/1237108"
},
{
"category": "self",
"summary": "SUSE Bug 1237131",
"url": "https://bugzilla.suse.com/1237131"
},
{
"category": "self",
"summary": "SUSE Bug 1237542",
"url": "https://bugzilla.suse.com/1237542"
},
{
"category": "self",
"summary": "SUSE Bug 1237776",
"url": "https://bugzilla.suse.com/1237776"
},
{
"category": "self",
"summary": "SUSE Bug 1238972",
"url": "https://bugzilla.suse.com/1238972"
},
{
"category": "self",
"summary": "SUSE Bug 1239206",
"url": "https://bugzilla.suse.com/1239206"
},
{
"category": "self",
"summary": "SUSE Bug 1240324",
"url": "https://bugzilla.suse.com/1240324"
},
{
"category": "self",
"summary": "SUSE Bug 1240696",
"url": "https://bugzilla.suse.com/1240696"
},
{
"category": "self",
"summary": "SUSE Bug 1240966",
"url": "https://bugzilla.suse.com/1240966"
},
{
"category": "self",
"summary": "SUSE Bug 1240998",
"url": "https://bugzilla.suse.com/1240998"
},
{
"category": "self",
"summary": "SUSE Bug 1241166",
"url": "https://bugzilla.suse.com/1241166"
},
{
"category": "self",
"summary": "SUSE Bug 1241353",
"url": "https://bugzilla.suse.com/1241353"
},
{
"category": "self",
"summary": "SUSE Bug 1241403",
"url": "https://bugzilla.suse.com/1241403"
},
{
"category": "self",
"summary": "SUSE Bug 1241435",
"url": "https://bugzilla.suse.com/1241435"
},
{
"category": "self",
"summary": "SUSE Bug 1242034",
"url": "https://bugzilla.suse.com/1242034"
},
{
"category": "self",
"summary": "SUSE Bug 1242086",
"url": "https://bugzilla.suse.com/1242086"
},
{
"category": "self",
"summary": "SUSE Bug 1242414",
"url": "https://bugzilla.suse.com/1242414"
},
{
"category": "self",
"summary": "SUSE Bug 1242782",
"url": "https://bugzilla.suse.com/1242782"
},
{
"category": "self",
"summary": "SUSE Bug 1242864",
"url": "https://bugzilla.suse.com/1242864"
},
{
"category": "self",
"summary": "SUSE Bug 1242965",
"url": "https://bugzilla.suse.com/1242965"
},
{
"category": "self",
"summary": "SUSE Bug 1242995",
"url": "https://bugzilla.suse.com/1242995"
},
{
"category": "self",
"summary": "SUSE Bug 1243000",
"url": "https://bugzilla.suse.com/1243000"
},
{
"category": "self",
"summary": "SUSE Bug 1243055",
"url": "https://bugzilla.suse.com/1243055"
},
{
"category": "self",
"summary": "SUSE Bug 1243068",
"url": "https://bugzilla.suse.com/1243068"
},
{
"category": "self",
"summary": "SUSE Bug 1243100",
"url": "https://bugzilla.suse.com/1243100"
},
{
"category": "self",
"summary": "SUSE Bug 1243112",
"url": "https://bugzilla.suse.com/1243112"
},
{
"category": "self",
"summary": "SUSE Bug 1243774",
"url": "https://bugzilla.suse.com/1243774"
},
{
"category": "self",
"summary": "SUSE Bug 1244309",
"url": "https://bugzilla.suse.com/1244309"
},
{
"category": "self",
"summary": "SUSE Bug 1244723",
"url": "https://bugzilla.suse.com/1244723"
},
{
"category": "self",
"summary": "SUSE Bug 1244734",
"url": "https://bugzilla.suse.com/1244734"
},
{
"category": "self",
"summary": "SUSE Bug 1244749",
"url": "https://bugzilla.suse.com/1244749"
},
{
"category": "self",
"summary": "SUSE Bug 1244792",
"url": "https://bugzilla.suse.com/1244792"
},
{
"category": "self",
"summary": "SUSE Bug 1244812",
"url": "https://bugzilla.suse.com/1244812"
},
{
"category": "self",
"summary": "SUSE Bug 1244930",
"url": "https://bugzilla.suse.com/1244930"
},
{
"category": "self",
"summary": "SUSE Bug 1244939",
"url": "https://bugzilla.suse.com/1244939"
},
{
"category": "self",
"summary": "SUSE Bug 1245000",
"url": "https://bugzilla.suse.com/1245000"
},
{
"category": "self",
"summary": "SUSE Bug 1245151",
"url": "https://bugzilla.suse.com/1245151"
},
{
"category": "self",
"summary": "SUSE Bug 1245193",
"url": "https://bugzilla.suse.com/1245193"
},
{
"category": "self",
"summary": "SUSE Bug 1245206",
"url": "https://bugzilla.suse.com/1245206"
},
{
"category": "self",
"summary": "SUSE Bug 1245216",
"url": "https://bugzilla.suse.com/1245216"
},
{
"category": "self",
"summary": "SUSE Bug 1245260",
"url": "https://bugzilla.suse.com/1245260"
},
{
"category": "self",
"summary": "SUSE Bug 1245410",
"url": "https://bugzilla.suse.com/1245410"
},
{
"category": "self",
"summary": "SUSE Bug 1245457",
"url": "https://bugzilla.suse.com/1245457"
},
{
"category": "self",
"summary": "SUSE Bug 1245504",
"url": "https://bugzilla.suse.com/1245504"
},
{
"category": "self",
"summary": "SUSE Bug 1245506",
"url": "https://bugzilla.suse.com/1245506"
},
{
"category": "self",
"summary": "SUSE Bug 1245508",
"url": "https://bugzilla.suse.com/1245508"
},
{
"category": "self",
"summary": "SUSE Bug 1245510",
"url": "https://bugzilla.suse.com/1245510"
},
{
"category": "self",
"summary": "SUSE Bug 1245596",
"url": "https://bugzilla.suse.com/1245596"
},
{
"category": "self",
"summary": "SUSE Bug 1245621",
"url": "https://bugzilla.suse.com/1245621"
},
{
"category": "self",
"summary": "SUSE Bug 1245630",
"url": "https://bugzilla.suse.com/1245630"
},
{
"category": "self",
"summary": "SUSE Bug 1245654",
"url": "https://bugzilla.suse.com/1245654"
},
{
"category": "self",
"summary": "SUSE Bug 1245657",
"url": "https://bugzilla.suse.com/1245657"
},
{
"category": "self",
"summary": "SUSE Bug 1245658",
"url": "https://bugzilla.suse.com/1245658"
},
{
"category": "self",
"summary": "SUSE Bug 1245659",
"url": "https://bugzilla.suse.com/1245659"
},
{
"category": "self",
"summary": "SUSE Bug 1245663",
"url": "https://bugzilla.suse.com/1245663"
},
{
"category": "self",
"summary": "SUSE Bug 1245664",
"url": "https://bugzilla.suse.com/1245664"
},
{
"category": "self",
"summary": "SUSE Bug 1245665",
"url": "https://bugzilla.suse.com/1245665"
},
{
"category": "self",
"summary": "SUSE Bug 1245666",
"url": "https://bugzilla.suse.com/1245666"
},
{
"category": "self",
"summary": "SUSE Bug 1245668",
"url": "https://bugzilla.suse.com/1245668"
},
{
"category": "self",
"summary": "SUSE Bug 1245669",
"url": "https://bugzilla.suse.com/1245669"
},
{
"category": "self",
"summary": "SUSE Bug 1245670",
"url": "https://bugzilla.suse.com/1245670"
},
{
"category": "self",
"summary": "SUSE Bug 1245671",
"url": "https://bugzilla.suse.com/1245671"
},
{
"category": "self",
"summary": "SUSE Bug 1245675",
"url": "https://bugzilla.suse.com/1245675"
},
{
"category": "self",
"summary": "SUSE Bug 1245676",
"url": "https://bugzilla.suse.com/1245676"
},
{
"category": "self",
"summary": "SUSE Bug 1245678",
"url": "https://bugzilla.suse.com/1245678"
},
{
"category": "self",
"summary": "SUSE Bug 1245683",
"url": "https://bugzilla.suse.com/1245683"
},
{
"category": "self",
"summary": "SUSE Bug 1245684",
"url": "https://bugzilla.suse.com/1245684"
},
{
"category": "self",
"summary": "SUSE Bug 1245686",
"url": "https://bugzilla.suse.com/1245686"
},
{
"category": "self",
"summary": "SUSE Bug 1245688",
"url": "https://bugzilla.suse.com/1245688"
},
{
"category": "self",
"summary": "SUSE Bug 1245690",
"url": "https://bugzilla.suse.com/1245690"
},
{
"category": "self",
"summary": "SUSE Bug 1245691",
"url": "https://bugzilla.suse.com/1245691"
},
{
"category": "self",
"summary": "SUSE Bug 1245695",
"url": "https://bugzilla.suse.com/1245695"
},
{
"category": "self",
"summary": "SUSE Bug 1245700",
"url": "https://bugzilla.suse.com/1245700"
},
{
"category": "self",
"summary": "SUSE Bug 1245703",
"url": "https://bugzilla.suse.com/1245703"
},
{
"category": "self",
"summary": "SUSE Bug 1245705",
"url": "https://bugzilla.suse.com/1245705"
},
{
"category": "self",
"summary": "SUSE Bug 1245710",
"url": "https://bugzilla.suse.com/1245710"
},
{
"category": "self",
"summary": "SUSE Bug 1245711",
"url": "https://bugzilla.suse.com/1245711"
},
{
"category": "self",
"summary": "SUSE Bug 1245713",
"url": "https://bugzilla.suse.com/1245713"
},
{
"category": "self",
"summary": "SUSE Bug 1245714",
"url": "https://bugzilla.suse.com/1245714"
},
{
"category": "self",
"summary": "SUSE Bug 1245715",
"url": "https://bugzilla.suse.com/1245715"
},
{
"category": "self",
"summary": "SUSE Bug 1245717",
"url": "https://bugzilla.suse.com/1245717"
},
{
"category": "self",
"summary": "SUSE Bug 1245719",
"url": "https://bugzilla.suse.com/1245719"
},
{
"category": "self",
"summary": "SUSE Bug 1245721",
"url": "https://bugzilla.suse.com/1245721"
},
{
"category": "self",
"summary": "SUSE Bug 1245723",
"url": "https://bugzilla.suse.com/1245723"
},
{
"category": "self",
"summary": "SUSE Bug 1245726",
"url": "https://bugzilla.suse.com/1245726"
},
{
"category": "self",
"summary": "SUSE Bug 1245728",
"url": "https://bugzilla.suse.com/1245728"
},
{
"category": "self",
"summary": "SUSE Bug 1245729",
"url": "https://bugzilla.suse.com/1245729"
},
{
"category": "self",
"summary": "SUSE Bug 1245730",
"url": "https://bugzilla.suse.com/1245730"
},
{
"category": "self",
"summary": "SUSE Bug 1245731",
"url": "https://bugzilla.suse.com/1245731"
},
{
"category": "self",
"summary": "SUSE Bug 1245735",
"url": "https://bugzilla.suse.com/1245735"
},
{
"category": "self",
"summary": "SUSE Bug 1245737",
"url": "https://bugzilla.suse.com/1245737"
},
{
"category": "self",
"summary": "SUSE Bug 1245744",
"url": "https://bugzilla.suse.com/1245744"
},
{
"category": "self",
"summary": "SUSE Bug 1245745",
"url": "https://bugzilla.suse.com/1245745"
},
{
"category": "self",
"summary": "SUSE Bug 1245746",
"url": "https://bugzilla.suse.com/1245746"
},
{
"category": "self",
"summary": "SUSE Bug 1245747",
"url": "https://bugzilla.suse.com/1245747"
},
{
"category": "self",
"summary": "SUSE Bug 1245748",
"url": "https://bugzilla.suse.com/1245748"
},
{
"category": "self",
"summary": "SUSE Bug 1245749",
"url": "https://bugzilla.suse.com/1245749"
},
{
"category": "self",
"summary": "SUSE Bug 1245751",
"url": "https://bugzilla.suse.com/1245751"
},
{
"category": "self",
"summary": "SUSE Bug 1245757",
"url": "https://bugzilla.suse.com/1245757"
},
{
"category": "self",
"summary": "SUSE Bug 1245763",
"url": "https://bugzilla.suse.com/1245763"
},
{
"category": "self",
"summary": "SUSE Bug 1245765",
"url": "https://bugzilla.suse.com/1245765"
},
{
"category": "self",
"summary": "SUSE Bug 1245767",
"url": "https://bugzilla.suse.com/1245767"
},
{
"category": "self",
"summary": "SUSE Bug 1245769",
"url": "https://bugzilla.suse.com/1245769"
},
{
"category": "self",
"summary": "SUSE Bug 1245777",
"url": "https://bugzilla.suse.com/1245777"
},
{
"category": "self",
"summary": "SUSE Bug 1245780",
"url": "https://bugzilla.suse.com/1245780"
},
{
"category": "self",
"summary": "SUSE Bug 1245781",
"url": "https://bugzilla.suse.com/1245781"
},
{
"category": "self",
"summary": "SUSE Bug 1245784",
"url": "https://bugzilla.suse.com/1245784"
},
{
"category": "self",
"summary": "SUSE Bug 1245785",
"url": "https://bugzilla.suse.com/1245785"
},
{
"category": "self",
"summary": "SUSE Bug 1245787",
"url": "https://bugzilla.suse.com/1245787"
},
{
"category": "self",
"summary": "SUSE Bug 1245812",
"url": "https://bugzilla.suse.com/1245812"
},
{
"category": "self",
"summary": "SUSE Bug 1245814",
"url": "https://bugzilla.suse.com/1245814"
},
{
"category": "self",
"summary": "SUSE Bug 1245815",
"url": "https://bugzilla.suse.com/1245815"
},
{
"category": "self",
"summary": "SUSE Bug 1245937",
"url": "https://bugzilla.suse.com/1245937"
},
{
"category": "self",
"summary": "SUSE Bug 1245945",
"url": "https://bugzilla.suse.com/1245945"
},
{
"category": "self",
"summary": "SUSE Bug 1245952",
"url": "https://bugzilla.suse.com/1245952"
},
{
"category": "self",
"summary": "SUSE Bug 1245955",
"url": "https://bugzilla.suse.com/1245955"
},
{
"category": "self",
"summary": "SUSE Bug 1245956",
"url": "https://bugzilla.suse.com/1245956"
},
{
"category": "self",
"summary": "SUSE Bug 1245963",
"url": "https://bugzilla.suse.com/1245963"
},
{
"category": "self",
"summary": "SUSE Bug 1245966",
"url": "https://bugzilla.suse.com/1245966"
},
{
"category": "self",
"summary": "SUSE Bug 1245970",
"url": "https://bugzilla.suse.com/1245970"
},
{
"category": "self",
"summary": "SUSE Bug 1245973",
"url": "https://bugzilla.suse.com/1245973"
},
{
"category": "self",
"summary": "SUSE Bug 1245976",
"url": "https://bugzilla.suse.com/1245976"
},
{
"category": "self",
"summary": "SUSE Bug 1245977",
"url": "https://bugzilla.suse.com/1245977"
},
{
"category": "self",
"summary": "SUSE Bug 1245986",
"url": "https://bugzilla.suse.com/1245986"
},
{
"category": "self",
"summary": "SUSE Bug 1246000",
"url": "https://bugzilla.suse.com/1246000"
},
{
"category": "self",
"summary": "SUSE Bug 1246002",
"url": "https://bugzilla.suse.com/1246002"
},
{
"category": "self",
"summary": "SUSE Bug 1246005",
"url": "https://bugzilla.suse.com/1246005"
},
{
"category": "self",
"summary": "SUSE Bug 1246008",
"url": "https://bugzilla.suse.com/1246008"
},
{
"category": "self",
"summary": "SUSE Bug 1246012",
"url": "https://bugzilla.suse.com/1246012"
},
{
"category": "self",
"summary": "SUSE Bug 1246022",
"url": "https://bugzilla.suse.com/1246022"
},
{
"category": "self",
"summary": "SUSE Bug 1246023",
"url": "https://bugzilla.suse.com/1246023"
},
{
"category": "self",
"summary": "SUSE Bug 1246031",
"url": "https://bugzilla.suse.com/1246031"
},
{
"category": "self",
"summary": "SUSE Bug 1246034",
"url": "https://bugzilla.suse.com/1246034"
},
{
"category": "self",
"summary": "SUSE Bug 1246037",
"url": "https://bugzilla.suse.com/1246037"
},
{
"category": "self",
"summary": "SUSE Bug 1246041",
"url": "https://bugzilla.suse.com/1246041"
},
{
"category": "self",
"summary": "SUSE Bug 1246042",
"url": "https://bugzilla.suse.com/1246042"
},
{
"category": "self",
"summary": "SUSE Bug 1246047",
"url": "https://bugzilla.suse.com/1246047"
},
{
"category": "self",
"summary": "SUSE Bug 1246049",
"url": "https://bugzilla.suse.com/1246049"
},
{
"category": "self",
"summary": "SUSE Bug 1246050",
"url": "https://bugzilla.suse.com/1246050"
},
{
"category": "self",
"summary": "SUSE Bug 1246053",
"url": "https://bugzilla.suse.com/1246053"
},
{
"category": "self",
"summary": "SUSE Bug 1246054",
"url": "https://bugzilla.suse.com/1246054"
},
{
"category": "self",
"summary": "SUSE Bug 1246055",
"url": "https://bugzilla.suse.com/1246055"
},
{
"category": "self",
"summary": "SUSE Bug 1246057",
"url": "https://bugzilla.suse.com/1246057"
},
{
"category": "self",
"summary": "SUSE Bug 1246098",
"url": "https://bugzilla.suse.com/1246098"
},
{
"category": "self",
"summary": "SUSE Bug 1246109",
"url": "https://bugzilla.suse.com/1246109"
},
{
"category": "self",
"summary": "SUSE Bug 1246125",
"url": "https://bugzilla.suse.com/1246125"
},
{
"category": "self",
"summary": "SUSE Bug 1246166",
"url": "https://bugzilla.suse.com/1246166"
},
{
"category": "self",
"summary": "SUSE Bug 1246171",
"url": "https://bugzilla.suse.com/1246171"
},
{
"category": "self",
"summary": "SUSE Bug 1246176",
"url": "https://bugzilla.suse.com/1246176"
},
{
"category": "self",
"summary": "SUSE Bug 1246181",
"url": "https://bugzilla.suse.com/1246181"
},
{
"category": "self",
"summary": "SUSE Bug 1246183",
"url": "https://bugzilla.suse.com/1246183"
},
{
"category": "self",
"summary": "SUSE Bug 1246185",
"url": "https://bugzilla.suse.com/1246185"
},
{
"category": "self",
"summary": "SUSE Bug 1246186",
"url": "https://bugzilla.suse.com/1246186"
},
{
"category": "self",
"summary": "SUSE Bug 1246188",
"url": "https://bugzilla.suse.com/1246188"
},
{
"category": "self",
"summary": "SUSE Bug 1246190",
"url": "https://bugzilla.suse.com/1246190"
},
{
"category": "self",
"summary": "SUSE Bug 1246192",
"url": "https://bugzilla.suse.com/1246192"
},
{
"category": "self",
"summary": "SUSE Bug 1246193",
"url": "https://bugzilla.suse.com/1246193"
},
{
"category": "self",
"summary": "SUSE Bug 1246195",
"url": "https://bugzilla.suse.com/1246195"
},
{
"category": "self",
"summary": "SUSE Bug 1246220",
"url": "https://bugzilla.suse.com/1246220"
},
{
"category": "self",
"summary": "SUSE Bug 1246234",
"url": "https://bugzilla.suse.com/1246234"
},
{
"category": "self",
"summary": "SUSE Bug 1246236",
"url": "https://bugzilla.suse.com/1246236"
},
{
"category": "self",
"summary": "SUSE Bug 1246240",
"url": "https://bugzilla.suse.com/1246240"
},
{
"category": "self",
"summary": "SUSE Bug 1246243",
"url": "https://bugzilla.suse.com/1246243"
},
{
"category": "self",
"summary": "SUSE Bug 1246244",
"url": "https://bugzilla.suse.com/1246244"
},
{
"category": "self",
"summary": "SUSE Bug 1246245",
"url": "https://bugzilla.suse.com/1246245"
},
{
"category": "self",
"summary": "SUSE Bug 1246246",
"url": "https://bugzilla.suse.com/1246246"
},
{
"category": "self",
"summary": "SUSE Bug 1246248",
"url": "https://bugzilla.suse.com/1246248"
},
{
"category": "self",
"summary": "SUSE Bug 1246250",
"url": "https://bugzilla.suse.com/1246250"
},
{
"category": "self",
"summary": "SUSE Bug 1246252",
"url": "https://bugzilla.suse.com/1246252"
},
{
"category": "self",
"summary": "SUSE Bug 1246253",
"url": "https://bugzilla.suse.com/1246253"
},
{
"category": "self",
"summary": "SUSE Bug 1246255",
"url": "https://bugzilla.suse.com/1246255"
},
{
"category": "self",
"summary": "SUSE Bug 1246258",
"url": "https://bugzilla.suse.com/1246258"
},
{
"category": "self",
"summary": "SUSE Bug 1246259",
"url": "https://bugzilla.suse.com/1246259"
},
{
"category": "self",
"summary": "SUSE Bug 1246260",
"url": "https://bugzilla.suse.com/1246260"
},
{
"category": "self",
"summary": "SUSE Bug 1246262",
"url": "https://bugzilla.suse.com/1246262"
},
{
"category": "self",
"summary": "SUSE Bug 1246266",
"url": "https://bugzilla.suse.com/1246266"
},
{
"category": "self",
"summary": "SUSE Bug 1246268",
"url": "https://bugzilla.suse.com/1246268"
},
{
"category": "self",
"summary": "SUSE Bug 1246283",
"url": "https://bugzilla.suse.com/1246283"
},
{
"category": "self",
"summary": "SUSE Bug 1246285",
"url": "https://bugzilla.suse.com/1246285"
},
{
"category": "self",
"summary": "SUSE Bug 1246286",
"url": "https://bugzilla.suse.com/1246286"
},
{
"category": "self",
"summary": "SUSE Bug 1246287",
"url": "https://bugzilla.suse.com/1246287"
},
{
"category": "self",
"summary": "SUSE Bug 1246290",
"url": "https://bugzilla.suse.com/1246290"
},
{
"category": "self",
"summary": "SUSE Bug 1246292",
"url": "https://bugzilla.suse.com/1246292"
},
{
"category": "self",
"summary": "SUSE Bug 1246293",
"url": "https://bugzilla.suse.com/1246293"
},
{
"category": "self",
"summary": "SUSE Bug 1246295",
"url": "https://bugzilla.suse.com/1246295"
},
{
"category": "self",
"summary": "SUSE Bug 1246297",
"url": "https://bugzilla.suse.com/1246297"
},
{
"category": "self",
"summary": "SUSE Bug 1246333",
"url": "https://bugzilla.suse.com/1246333"
},
{
"category": "self",
"summary": "SUSE Bug 1246334",
"url": "https://bugzilla.suse.com/1246334"
},
{
"category": "self",
"summary": "SUSE Bug 1246337",
"url": "https://bugzilla.suse.com/1246337"
},
{
"category": "self",
"summary": "SUSE Bug 1246342",
"url": "https://bugzilla.suse.com/1246342"
},
{
"category": "self",
"summary": "SUSE Bug 1246349",
"url": "https://bugzilla.suse.com/1246349"
},
{
"category": "self",
"summary": "SUSE Bug 1246351",
"url": "https://bugzilla.suse.com/1246351"
},
{
"category": "self",
"summary": "SUSE Bug 1246353",
"url": "https://bugzilla.suse.com/1246353"
},
{
"category": "self",
"summary": "SUSE Bug 1246354",
"url": "https://bugzilla.suse.com/1246354"
},
{
"category": "self",
"summary": "SUSE Bug 1246358",
"url": "https://bugzilla.suse.com/1246358"
},
{
"category": "self",
"summary": "SUSE Bug 1246364",
"url": "https://bugzilla.suse.com/1246364"
},
{
"category": "self",
"summary": "SUSE Bug 1246366",
"url": "https://bugzilla.suse.com/1246366"
},
{
"category": "self",
"summary": "SUSE Bug 1246370",
"url": "https://bugzilla.suse.com/1246370"
},
{
"category": "self",
"summary": "SUSE Bug 1246375",
"url": "https://bugzilla.suse.com/1246375"
},
{
"category": "self",
"summary": "SUSE Bug 1246376",
"url": "https://bugzilla.suse.com/1246376"
},
{
"category": "self",
"summary": "SUSE Bug 1246385",
"url": "https://bugzilla.suse.com/1246385"
},
{
"category": "self",
"summary": "SUSE Bug 1246386",
"url": "https://bugzilla.suse.com/1246386"
},
{
"category": "self",
"summary": "SUSE Bug 1246387",
"url": "https://bugzilla.suse.com/1246387"
},
{
"category": "self",
"summary": "SUSE Bug 1246438",
"url": "https://bugzilla.suse.com/1246438"
},
{
"category": "self",
"summary": "SUSE Bug 1246443",
"url": "https://bugzilla.suse.com/1246443"
},
{
"category": "self",
"summary": "SUSE Bug 1246444",
"url": "https://bugzilla.suse.com/1246444"
},
{
"category": "self",
"summary": "SUSE Bug 1246447",
"url": "https://bugzilla.suse.com/1246447"
},
{
"category": "self",
"summary": "SUSE Bug 1246450",
"url": "https://bugzilla.suse.com/1246450"
},
{
"category": "self",
"summary": "SUSE Bug 1246453",
"url": "https://bugzilla.suse.com/1246453"
},
{
"category": "self",
"summary": "SUSE Bug 1246473",
"url": "https://bugzilla.suse.com/1246473"
},
{
"category": "self",
"summary": "SUSE Bug 1246490",
"url": "https://bugzilla.suse.com/1246490"
},
{
"category": "self",
"summary": "SUSE Bug 1246509",
"url": "https://bugzilla.suse.com/1246509"
},
{
"category": "self",
"summary": "SUSE Bug 1246547",
"url": "https://bugzilla.suse.com/1246547"
},
{
"category": "self",
"summary": "SUSE Bug 1246631",
"url": "https://bugzilla.suse.com/1246631"
},
{
"category": "self",
"summary": "SUSE Bug 1246651",
"url": "https://bugzilla.suse.com/1246651"
},
{
"category": "self",
"summary": "SUSE Bug 1246688",
"url": "https://bugzilla.suse.com/1246688"
},
{
"category": "self",
"summary": "SUSE Bug 1246777",
"url": "https://bugzilla.suse.com/1246777"
},
{
"category": "self",
"summary": "SUSE Bug 1246781",
"url": "https://bugzilla.suse.com/1246781"
},
{
"category": "self",
"summary": "SUSE Bug 1246782",
"url": "https://bugzilla.suse.com/1246782"
},
{
"category": "self",
"summary": "SUSE Bug 1246868",
"url": "https://bugzilla.suse.com/1246868"
},
{
"category": "self",
"summary": "SUSE Bug 1246896",
"url": "https://bugzilla.suse.com/1246896"
},
{
"category": "self",
"summary": "SUSE Bug 1246911",
"url": "https://bugzilla.suse.com/1246911"
},
{
"category": "self",
"summary": "SUSE Bug 1246979",
"url": "https://bugzilla.suse.com/1246979"
},
{
"category": "self",
"summary": "SUSE Bug 1247018",
"url": "https://bugzilla.suse.com/1247018"
},
{
"category": "self",
"summary": "SUSE Bug 1247020",
"url": "https://bugzilla.suse.com/1247020"
},
{
"category": "self",
"summary": "SUSE Bug 1247022",
"url": "https://bugzilla.suse.com/1247022"
},
{
"category": "self",
"summary": "SUSE Bug 1247023",
"url": "https://bugzilla.suse.com/1247023"
},
{
"category": "self",
"summary": "SUSE Bug 1247024",
"url": "https://bugzilla.suse.com/1247024"
},
{
"category": "self",
"summary": "SUSE Bug 1247027",
"url": "https://bugzilla.suse.com/1247027"
},
{
"category": "self",
"summary": "SUSE Bug 1247028",
"url": "https://bugzilla.suse.com/1247028"
},
{
"category": "self",
"summary": "SUSE Bug 1247031",
"url": "https://bugzilla.suse.com/1247031"
},
{
"category": "self",
"summary": "SUSE Bug 1247033",
"url": "https://bugzilla.suse.com/1247033"
},
{
"category": "self",
"summary": "SUSE Bug 1247035",
"url": "https://bugzilla.suse.com/1247035"
},
{
"category": "self",
"summary": "SUSE Bug 1247061",
"url": "https://bugzilla.suse.com/1247061"
},
{
"category": "self",
"summary": "SUSE Bug 1247062",
"url": "https://bugzilla.suse.com/1247062"
},
{
"category": "self",
"summary": "SUSE Bug 1247064",
"url": "https://bugzilla.suse.com/1247064"
},
{
"category": "self",
"summary": "SUSE Bug 1247076",
"url": "https://bugzilla.suse.com/1247076"
},
{
"category": "self",
"summary": "SUSE Bug 1247078",
"url": "https://bugzilla.suse.com/1247078"
},
{
"category": "self",
"summary": "SUSE Bug 1247079",
"url": "https://bugzilla.suse.com/1247079"
},
{
"category": "self",
"summary": "SUSE Bug 1247088",
"url": "https://bugzilla.suse.com/1247088"
},
{
"category": "self",
"summary": "SUSE Bug 1247089",
"url": "https://bugzilla.suse.com/1247089"
},
{
"category": "self",
"summary": "SUSE Bug 1247091",
"url": "https://bugzilla.suse.com/1247091"
},
{
"category": "self",
"summary": "SUSE Bug 1247097",
"url": "https://bugzilla.suse.com/1247097"
},
{
"category": "self",
"summary": "SUSE Bug 1247098",
"url": "https://bugzilla.suse.com/1247098"
},
{
"category": "self",
"summary": "SUSE Bug 1247099",
"url": "https://bugzilla.suse.com/1247099"
},
{
"category": "self",
"summary": "SUSE Bug 1247101",
"url": "https://bugzilla.suse.com/1247101"
},
{
"category": "self",
"summary": "SUSE Bug 1247102",
"url": "https://bugzilla.suse.com/1247102"
},
{
"category": "self",
"summary": "SUSE Bug 1247103",
"url": "https://bugzilla.suse.com/1247103"
},
{
"category": "self",
"summary": "SUSE Bug 1247104",
"url": "https://bugzilla.suse.com/1247104"
},
{
"category": "self",
"summary": "SUSE Bug 1247112",
"url": "https://bugzilla.suse.com/1247112"
},
{
"category": "self",
"summary": "SUSE Bug 1247113",
"url": "https://bugzilla.suse.com/1247113"
},
{
"category": "self",
"summary": "SUSE Bug 1247116",
"url": "https://bugzilla.suse.com/1247116"
},
{
"category": "self",
"summary": "SUSE Bug 1247118",
"url": "https://bugzilla.suse.com/1247118"
},
{
"category": "self",
"summary": "SUSE Bug 1247119",
"url": "https://bugzilla.suse.com/1247119"
},
{
"category": "self",
"summary": "SUSE Bug 1247123",
"url": "https://bugzilla.suse.com/1247123"
},
{
"category": "self",
"summary": "SUSE Bug 1247125",
"url": "https://bugzilla.suse.com/1247125"
},
{
"category": "self",
"summary": "SUSE Bug 1247126",
"url": "https://bugzilla.suse.com/1247126"
},
{
"category": "self",
"summary": "SUSE Bug 1247128",
"url": "https://bugzilla.suse.com/1247128"
},
{
"category": "self",
"summary": "SUSE Bug 1247130",
"url": "https://bugzilla.suse.com/1247130"
},
{
"category": "self",
"summary": "SUSE Bug 1247131",
"url": "https://bugzilla.suse.com/1247131"
},
{
"category": "self",
"summary": "SUSE Bug 1247132",
"url": "https://bugzilla.suse.com/1247132"
},
{
"category": "self",
"summary": "SUSE Bug 1247136",
"url": "https://bugzilla.suse.com/1247136"
},
{
"category": "self",
"summary": "SUSE Bug 1247137",
"url": "https://bugzilla.suse.com/1247137"
},
{
"category": "self",
"summary": "SUSE Bug 1247138",
"url": "https://bugzilla.suse.com/1247138"
},
{
"category": "self",
"summary": "SUSE Bug 1247141",
"url": "https://bugzilla.suse.com/1247141"
},
{
"category": "self",
"summary": "SUSE Bug 1247143",
"url": "https://bugzilla.suse.com/1247143"
},
{
"category": "self",
"summary": "SUSE Bug 1247145",
"url": "https://bugzilla.suse.com/1247145"
},
{
"category": "self",
"summary": "SUSE Bug 1247146",
"url": "https://bugzilla.suse.com/1247146"
},
{
"category": "self",
"summary": "SUSE Bug 1247147",
"url": "https://bugzilla.suse.com/1247147"
},
{
"category": "self",
"summary": "SUSE Bug 1247149",
"url": "https://bugzilla.suse.com/1247149"
},
{
"category": "self",
"summary": "SUSE Bug 1247150",
"url": "https://bugzilla.suse.com/1247150"
},
{
"category": "self",
"summary": "SUSE Bug 1247151",
"url": "https://bugzilla.suse.com/1247151"
},
{
"category": "self",
"summary": "SUSE Bug 1247152",
"url": "https://bugzilla.suse.com/1247152"
},
{
"category": "self",
"summary": "SUSE Bug 1247153",
"url": "https://bugzilla.suse.com/1247153"
},
{
"category": "self",
"summary": "SUSE Bug 1247154",
"url": "https://bugzilla.suse.com/1247154"
},
{
"category": "self",
"summary": "SUSE Bug 1247155",
"url": "https://bugzilla.suse.com/1247155"
},
{
"category": "self",
"summary": "SUSE Bug 1247156",
"url": "https://bugzilla.suse.com/1247156"
},
{
"category": "self",
"summary": "SUSE Bug 1247157",
"url": "https://bugzilla.suse.com/1247157"
},
{
"category": "self",
"summary": "SUSE Bug 1247160",
"url": "https://bugzilla.suse.com/1247160"
},
{
"category": "self",
"summary": "SUSE Bug 1247162",
"url": "https://bugzilla.suse.com/1247162"
},
{
"category": "self",
"summary": "SUSE Bug 1247163",
"url": "https://bugzilla.suse.com/1247163"
},
{
"category": "self",
"summary": "SUSE Bug 1247164",
"url": "https://bugzilla.suse.com/1247164"
},
{
"category": "self",
"summary": "SUSE Bug 1247167",
"url": "https://bugzilla.suse.com/1247167"
},
{
"category": "self",
"summary": "SUSE Bug 1247169",
"url": "https://bugzilla.suse.com/1247169"
},
{
"category": "self",
"summary": "SUSE Bug 1247170",
"url": "https://bugzilla.suse.com/1247170"
},
{
"category": "self",
"summary": "SUSE Bug 1247171",
"url": "https://bugzilla.suse.com/1247171"
},
{
"category": "self",
"summary": "SUSE Bug 1247174",
"url": "https://bugzilla.suse.com/1247174"
},
{
"category": "self",
"summary": "SUSE Bug 1247176",
"url": "https://bugzilla.suse.com/1247176"
},
{
"category": "self",
"summary": "SUSE Bug 1247177",
"url": "https://bugzilla.suse.com/1247177"
},
{
"category": "self",
"summary": "SUSE Bug 1247178",
"url": "https://bugzilla.suse.com/1247178"
},
{
"category": "self",
"summary": "SUSE Bug 1247181",
"url": "https://bugzilla.suse.com/1247181"
},
{
"category": "self",
"summary": "SUSE Bug 1247209",
"url": "https://bugzilla.suse.com/1247209"
},
{
"category": "self",
"summary": "SUSE Bug 1247210",
"url": "https://bugzilla.suse.com/1247210"
},
{
"category": "self",
"summary": "SUSE Bug 1247220",
"url": "https://bugzilla.suse.com/1247220"
},
{
"category": "self",
"summary": "SUSE Bug 1247223",
"url": "https://bugzilla.suse.com/1247223"
},
{
"category": "self",
"summary": "SUSE Bug 1247227",
"url": "https://bugzilla.suse.com/1247227"
},
{
"category": "self",
"summary": "SUSE Bug 1247229",
"url": "https://bugzilla.suse.com/1247229"
},
{
"category": "self",
"summary": "SUSE Bug 1247231",
"url": "https://bugzilla.suse.com/1247231"
},
{
"category": "self",
"summary": "SUSE Bug 1247233",
"url": "https://bugzilla.suse.com/1247233"
},
{
"category": "self",
"summary": "SUSE Bug 1247234",
"url": "https://bugzilla.suse.com/1247234"
},
{
"category": "self",
"summary": "SUSE Bug 1247235",
"url": "https://bugzilla.suse.com/1247235"
},
{
"category": "self",
"summary": "SUSE Bug 1247236",
"url": "https://bugzilla.suse.com/1247236"
},
{
"category": "self",
"summary": "SUSE Bug 1247238",
"url": "https://bugzilla.suse.com/1247238"
},
{
"category": "self",
"summary": "SUSE Bug 1247239",
"url": "https://bugzilla.suse.com/1247239"
},
{
"category": "self",
"summary": "SUSE Bug 1247241",
"url": "https://bugzilla.suse.com/1247241"
},
{
"category": "self",
"summary": "SUSE Bug 1247243",
"url": "https://bugzilla.suse.com/1247243"
},
{
"category": "self",
"summary": "SUSE Bug 1247250",
"url": "https://bugzilla.suse.com/1247250"
},
{
"category": "self",
"summary": "SUSE Bug 1247251",
"url": "https://bugzilla.suse.com/1247251"
},
{
"category": "self",
"summary": "SUSE Bug 1247252",
"url": "https://bugzilla.suse.com/1247252"
},
{
"category": "self",
"summary": "SUSE Bug 1247253",
"url": "https://bugzilla.suse.com/1247253"
},
{
"category": "self",
"summary": "SUSE Bug 1247255",
"url": "https://bugzilla.suse.com/1247255"
},
{
"category": "self",
"summary": "SUSE Bug 1247262",
"url": "https://bugzilla.suse.com/1247262"
},
{
"category": "self",
"summary": "SUSE Bug 1247265",
"url": "https://bugzilla.suse.com/1247265"
},
{
"category": "self",
"summary": "SUSE Bug 1247270",
"url": "https://bugzilla.suse.com/1247270"
},
{
"category": "self",
"summary": "SUSE Bug 1247271",
"url": "https://bugzilla.suse.com/1247271"
},
{
"category": "self",
"summary": "SUSE Bug 1247273",
"url": "https://bugzilla.suse.com/1247273"
},
{
"category": "self",
"summary": "SUSE Bug 1247274",
"url": "https://bugzilla.suse.com/1247274"
},
{
"category": "self",
"summary": "SUSE Bug 1247276",
"url": "https://bugzilla.suse.com/1247276"
},
{
"category": "self",
"summary": "SUSE Bug 1247277",
"url": "https://bugzilla.suse.com/1247277"
},
{
"category": "self",
"summary": "SUSE Bug 1247278",
"url": "https://bugzilla.suse.com/1247278"
},
{
"category": "self",
"summary": "SUSE Bug 1247279",
"url": "https://bugzilla.suse.com/1247279"
},
{
"category": "self",
"summary": "SUSE Bug 1247280",
"url": "https://bugzilla.suse.com/1247280"
},
{
"category": "self",
"summary": "SUSE Bug 1247282",
"url": "https://bugzilla.suse.com/1247282"
},
{
"category": "self",
"summary": "SUSE Bug 1247283",
"url": "https://bugzilla.suse.com/1247283"
},
{
"category": "self",
"summary": "SUSE Bug 1247284",
"url": "https://bugzilla.suse.com/1247284"
},
{
"category": "self",
"summary": "SUSE Bug 1247285",
"url": "https://bugzilla.suse.com/1247285"
},
{
"category": "self",
"summary": "SUSE Bug 1247288",
"url": "https://bugzilla.suse.com/1247288"
},
{
"category": "self",
"summary": "SUSE Bug 1247289",
"url": "https://bugzilla.suse.com/1247289"
},
{
"category": "self",
"summary": "SUSE Bug 1247290",
"url": "https://bugzilla.suse.com/1247290"
},
{
"category": "self",
"summary": "SUSE Bug 1247293",
"url": "https://bugzilla.suse.com/1247293"
},
{
"category": "self",
"summary": "SUSE Bug 1247308",
"url": "https://bugzilla.suse.com/1247308"
},
{
"category": "self",
"summary": "SUSE Bug 1247311",
"url": "https://bugzilla.suse.com/1247311"
},
{
"category": "self",
"summary": "SUSE Bug 1247313",
"url": "https://bugzilla.suse.com/1247313"
},
{
"category": "self",
"summary": "SUSE Bug 1247314",
"url": "https://bugzilla.suse.com/1247314"
},
{
"category": "self",
"summary": "SUSE Bug 1247317",
"url": "https://bugzilla.suse.com/1247317"
},
{
"category": "self",
"summary": "SUSE Bug 1247325",
"url": "https://bugzilla.suse.com/1247325"
},
{
"category": "self",
"summary": "SUSE Bug 1247347",
"url": "https://bugzilla.suse.com/1247347"
},
{
"category": "self",
"summary": "SUSE Bug 1247348",
"url": "https://bugzilla.suse.com/1247348"
},
{
"category": "self",
"summary": "SUSE Bug 1247349",
"url": "https://bugzilla.suse.com/1247349"
},
{
"category": "self",
"summary": "SUSE Bug 1247366",
"url": "https://bugzilla.suse.com/1247366"
},
{
"category": "self",
"summary": "SUSE Bug 1247372",
"url": "https://bugzilla.suse.com/1247372"
},
{
"category": "self",
"summary": "SUSE Bug 1247376",
"url": "https://bugzilla.suse.com/1247376"
},
{
"category": "self",
"summary": "SUSE Bug 1247426",
"url": "https://bugzilla.suse.com/1247426"
},
{
"category": "self",
"summary": "SUSE Bug 1247437",
"url": "https://bugzilla.suse.com/1247437"
},
{
"category": "self",
"summary": "SUSE Bug 1247442",
"url": "https://bugzilla.suse.com/1247442"
},
{
"category": "self",
"summary": "SUSE Bug 1247483",
"url": "https://bugzilla.suse.com/1247483"
},
{
"category": "self",
"summary": "SUSE Bug 1247500",
"url": "https://bugzilla.suse.com/1247500"
},
{
"category": "self",
"summary": "SUSE Bug 1247712",
"url": "https://bugzilla.suse.com/1247712"
},
{
"category": "self",
"summary": "SUSE Bug 1247837",
"url": "https://bugzilla.suse.com/1247837"
},
{
"category": "self",
"summary": "SUSE Bug 1247838",
"url": "https://bugzilla.suse.com/1247838"
},
{
"category": "self",
"summary": "SUSE Bug 1247935",
"url": "https://bugzilla.suse.com/1247935"
},
{
"category": "self",
"summary": "SUSE Bug 1247936",
"url": "https://bugzilla.suse.com/1247936"
},
{
"category": "self",
"summary": "SUSE Bug 1247949",
"url": "https://bugzilla.suse.com/1247949"
},
{
"category": "self",
"summary": "SUSE Bug 1247950",
"url": "https://bugzilla.suse.com/1247950"
},
{
"category": "self",
"summary": "SUSE Bug 1247963",
"url": "https://bugzilla.suse.com/1247963"
},
{
"category": "self",
"summary": "SUSE Bug 1247976",
"url": "https://bugzilla.suse.com/1247976"
},
{
"category": "self",
"summary": "SUSE Bug 1248088",
"url": "https://bugzilla.suse.com/1248088"
},
{
"category": "self",
"summary": "SUSE Bug 1248111",
"url": "https://bugzilla.suse.com/1248111"
},
{
"category": "self",
"summary": "SUSE Bug 1248121",
"url": "https://bugzilla.suse.com/1248121"
},
{
"category": "self",
"summary": "SUSE Bug 1248183",
"url": "https://bugzilla.suse.com/1248183"
},
{
"category": "self",
"summary": "SUSE Bug 1248186",
"url": "https://bugzilla.suse.com/1248186"
},
{
"category": "self",
"summary": "SUSE Bug 1248190",
"url": "https://bugzilla.suse.com/1248190"
},
{
"category": "self",
"summary": "SUSE Bug 1248192",
"url": "https://bugzilla.suse.com/1248192"
},
{
"category": "self",
"summary": "SUSE Bug 1248194",
"url": "https://bugzilla.suse.com/1248194"
},
{
"category": "self",
"summary": "SUSE Bug 1248198",
"url": "https://bugzilla.suse.com/1248198"
},
{
"category": "self",
"summary": "SUSE Bug 1248199",
"url": "https://bugzilla.suse.com/1248199"
},
{
"category": "self",
"summary": "SUSE Bug 1248200",
"url": "https://bugzilla.suse.com/1248200"
},
{
"category": "self",
"summary": "SUSE Bug 1248202",
"url": "https://bugzilla.suse.com/1248202"
},
{
"category": "self",
"summary": "SUSE Bug 1248205",
"url": "https://bugzilla.suse.com/1248205"
},
{
"category": "self",
"summary": "SUSE Bug 1248211",
"url": "https://bugzilla.suse.com/1248211"
},
{
"category": "self",
"summary": "SUSE Bug 1248223",
"url": "https://bugzilla.suse.com/1248223"
},
{
"category": "self",
"summary": "SUSE Bug 1248224",
"url": "https://bugzilla.suse.com/1248224"
},
{
"category": "self",
"summary": "SUSE Bug 1248225",
"url": "https://bugzilla.suse.com/1248225"
},
{
"category": "self",
"summary": "SUSE Bug 1248230",
"url": "https://bugzilla.suse.com/1248230"
},
{
"category": "self",
"summary": "SUSE Bug 1248235",
"url": "https://bugzilla.suse.com/1248235"
},
{
"category": "self",
"summary": "SUSE Bug 1248255",
"url": "https://bugzilla.suse.com/1248255"
},
{
"category": "self",
"summary": "SUSE Bug 1248296",
"url": "https://bugzilla.suse.com/1248296"
},
{
"category": "self",
"summary": "SUSE Bug 1248297",
"url": "https://bugzilla.suse.com/1248297"
},
{
"category": "self",
"summary": "SUSE Bug 1248299",
"url": "https://bugzilla.suse.com/1248299"
},
{
"category": "self",
"summary": "SUSE Bug 1248302",
"url": "https://bugzilla.suse.com/1248302"
},
{
"category": "self",
"summary": "SUSE Bug 1248304",
"url": "https://bugzilla.suse.com/1248304"
},
{
"category": "self",
"summary": "SUSE Bug 1248306",
"url": "https://bugzilla.suse.com/1248306"
},
{
"category": "self",
"summary": "SUSE Bug 1248312",
"url": "https://bugzilla.suse.com/1248312"
},
{
"category": "self",
"summary": "SUSE Bug 1248333",
"url": "https://bugzilla.suse.com/1248333"
},
{
"category": "self",
"summary": "SUSE Bug 1248334",
"url": "https://bugzilla.suse.com/1248334"
},
{
"category": "self",
"summary": "SUSE Bug 1248337",
"url": "https://bugzilla.suse.com/1248337"
},
{
"category": "self",
"summary": "SUSE Bug 1248338",
"url": "https://bugzilla.suse.com/1248338"
},
{
"category": "self",
"summary": "SUSE Bug 1248340",
"url": "https://bugzilla.suse.com/1248340"
},
{
"category": "self",
"summary": "SUSE Bug 1248341",
"url": "https://bugzilla.suse.com/1248341"
},
{
"category": "self",
"summary": "SUSE Bug 1248343",
"url": "https://bugzilla.suse.com/1248343"
},
{
"category": "self",
"summary": "SUSE Bug 1248345",
"url": "https://bugzilla.suse.com/1248345"
},
{
"category": "self",
"summary": "SUSE Bug 1248349",
"url": "https://bugzilla.suse.com/1248349"
},
{
"category": "self",
"summary": "SUSE Bug 1248350",
"url": "https://bugzilla.suse.com/1248350"
},
{
"category": "self",
"summary": "SUSE Bug 1248354",
"url": "https://bugzilla.suse.com/1248354"
},
{
"category": "self",
"summary": "SUSE Bug 1248355",
"url": "https://bugzilla.suse.com/1248355"
},
{
"category": "self",
"summary": "SUSE Bug 1248357",
"url": "https://bugzilla.suse.com/1248357"
},
{
"category": "self",
"summary": "SUSE Bug 1248359",
"url": "https://bugzilla.suse.com/1248359"
},
{
"category": "self",
"summary": "SUSE Bug 1248361",
"url": "https://bugzilla.suse.com/1248361"
},
{
"category": "self",
"summary": "SUSE Bug 1248363",
"url": "https://bugzilla.suse.com/1248363"
},
{
"category": "self",
"summary": "SUSE Bug 1248365",
"url": "https://bugzilla.suse.com/1248365"
},
{
"category": "self",
"summary": "SUSE Bug 1248367",
"url": "https://bugzilla.suse.com/1248367"
},
{
"category": "self",
"summary": "SUSE Bug 1248368",
"url": "https://bugzilla.suse.com/1248368"
},
{
"category": "self",
"summary": "SUSE Bug 1248374",
"url": "https://bugzilla.suse.com/1248374"
},
{
"category": "self",
"summary": "SUSE Bug 1248377",
"url": "https://bugzilla.suse.com/1248377"
},
{
"category": "self",
"summary": "SUSE Bug 1248378",
"url": "https://bugzilla.suse.com/1248378"
},
{
"category": "self",
"summary": "SUSE Bug 1248380",
"url": "https://bugzilla.suse.com/1248380"
},
{
"category": "self",
"summary": "SUSE Bug 1248386",
"url": "https://bugzilla.suse.com/1248386"
},
{
"category": "self",
"summary": "SUSE Bug 1248390",
"url": "https://bugzilla.suse.com/1248390"
},
{
"category": "self",
"summary": "SUSE Bug 1248392",
"url": "https://bugzilla.suse.com/1248392"
},
{
"category": "self",
"summary": "SUSE Bug 1248395",
"url": "https://bugzilla.suse.com/1248395"
},
{
"category": "self",
"summary": "SUSE Bug 1248396",
"url": "https://bugzilla.suse.com/1248396"
},
{
"category": "self",
"summary": "SUSE Bug 1248399",
"url": "https://bugzilla.suse.com/1248399"
},
{
"category": "self",
"summary": "SUSE Bug 1248401",
"url": "https://bugzilla.suse.com/1248401"
},
{
"category": "self",
"summary": "SUSE Bug 1248511",
"url": "https://bugzilla.suse.com/1248511"
},
{
"category": "self",
"summary": "SUSE Bug 1248512",
"url": "https://bugzilla.suse.com/1248512"
},
{
"category": "self",
"summary": "SUSE Bug 1248573",
"url": "https://bugzilla.suse.com/1248573"
},
{
"category": "self",
"summary": "SUSE Bug 1248575",
"url": "https://bugzilla.suse.com/1248575"
},
{
"category": "self",
"summary": "SUSE Bug 1248577",
"url": "https://bugzilla.suse.com/1248577"
},
{
"category": "self",
"summary": "SUSE Bug 1248609",
"url": "https://bugzilla.suse.com/1248609"
},
{
"category": "self",
"summary": "SUSE Bug 1248610",
"url": "https://bugzilla.suse.com/1248610"
},
{
"category": "self",
"summary": "SUSE Bug 1248616",
"url": "https://bugzilla.suse.com/1248616"
},
{
"category": "self",
"summary": "SUSE Bug 1248617",
"url": "https://bugzilla.suse.com/1248617"
},
{
"category": "self",
"summary": "SUSE Bug 1248619",
"url": "https://bugzilla.suse.com/1248619"
},
{
"category": "self",
"summary": "SUSE Bug 1248621",
"url": "https://bugzilla.suse.com/1248621"
},
{
"category": "self",
"summary": "SUSE Bug 1248622",
"url": "https://bugzilla.suse.com/1248622"
},
{
"category": "self",
"summary": "SUSE Bug 1248624",
"url": "https://bugzilla.suse.com/1248624"
},
{
"category": "self",
"summary": "SUSE Bug 1248627",
"url": "https://bugzilla.suse.com/1248627"
},
{
"category": "self",
"summary": "SUSE Bug 1248628",
"url": "https://bugzilla.suse.com/1248628"
},
{
"category": "self",
"summary": "SUSE Bug 1248634",
"url": "https://bugzilla.suse.com/1248634"
},
{
"category": "self",
"summary": "SUSE Bug 1248635",
"url": "https://bugzilla.suse.com/1248635"
},
{
"category": "self",
"summary": "SUSE Bug 1248639",
"url": "https://bugzilla.suse.com/1248639"
},
{
"category": "self",
"summary": "SUSE Bug 1248643",
"url": "https://bugzilla.suse.com/1248643"
},
{
"category": "self",
"summary": "SUSE Bug 1248647",
"url": "https://bugzilla.suse.com/1248647"
},
{
"category": "self",
"summary": "SUSE Bug 1248648",
"url": "https://bugzilla.suse.com/1248648"
},
{
"category": "self",
"summary": "SUSE Bug 1248652",
"url": "https://bugzilla.suse.com/1248652"
},
{
"category": "self",
"summary": "SUSE Bug 1248655",
"url": "https://bugzilla.suse.com/1248655"
},
{
"category": "self",
"summary": "SUSE Bug 1248662",
"url": "https://bugzilla.suse.com/1248662"
},
{
"category": "self",
"summary": "SUSE Bug 1248664",
"url": "https://bugzilla.suse.com/1248664"
},
{
"category": "self",
"summary": "SUSE Bug 1248666",
"url": "https://bugzilla.suse.com/1248666"
},
{
"category": "self",
"summary": "SUSE Bug 1248669",
"url": "https://bugzilla.suse.com/1248669"
},
{
"category": "self",
"summary": "SUSE Bug 1248674",
"url": "https://bugzilla.suse.com/1248674"
},
{
"category": "self",
"summary": "SUSE Bug 1248681",
"url": "https://bugzilla.suse.com/1248681"
},
{
"category": "self",
"summary": "SUSE Bug 1248727",
"url": "https://bugzilla.suse.com/1248727"
},
{
"category": "self",
"summary": "SUSE Bug 1248728",
"url": "https://bugzilla.suse.com/1248728"
},
{
"category": "self",
"summary": "SUSE Bug 1248748",
"url": "https://bugzilla.suse.com/1248748"
},
{
"category": "self",
"summary": "SUSE Bug 1248754",
"url": "https://bugzilla.suse.com/1248754"
},
{
"category": "self",
"summary": "SUSE Bug 1248775",
"url": "https://bugzilla.suse.com/1248775"
},
{
"category": "self",
"summary": "SUSE Bug 1249022",
"url": "https://bugzilla.suse.com/1249022"
},
{
"category": "self",
"summary": "SUSE Bug 1249038",
"url": "https://bugzilla.suse.com/1249038"
},
{
"category": "self",
"summary": "SUSE Bug 1249060",
"url": "https://bugzilla.suse.com/1249060"
},
{
"category": "self",
"summary": "SUSE Bug 1249061",
"url": "https://bugzilla.suse.com/1249061"
},
{
"category": "self",
"summary": "SUSE Bug 1249062",
"url": "https://bugzilla.suse.com/1249062"
},
{
"category": "self",
"summary": "SUSE Bug 1249064",
"url": "https://bugzilla.suse.com/1249064"
},
{
"category": "self",
"summary": "SUSE Bug 1249065",
"url": "https://bugzilla.suse.com/1249065"
},
{
"category": "self",
"summary": "SUSE Bug 1249066",
"url": "https://bugzilla.suse.com/1249066"
},
{
"category": "self",
"summary": "SUSE Bug 1249126",
"url": "https://bugzilla.suse.com/1249126"
},
{
"category": "self",
"summary": "SUSE Bug 1249143",
"url": "https://bugzilla.suse.com/1249143"
},
{
"category": "self",
"summary": "SUSE Bug 1249156",
"url": "https://bugzilla.suse.com/1249156"
},
{
"category": "self",
"summary": "SUSE Bug 1249159",
"url": "https://bugzilla.suse.com/1249159"
},
{
"category": "self",
"summary": "SUSE Bug 1249160",
"url": "https://bugzilla.suse.com/1249160"
},
{
"category": "self",
"summary": "SUSE Bug 1249163",
"url": "https://bugzilla.suse.com/1249163"
},
{
"category": "self",
"summary": "SUSE Bug 1249164",
"url": "https://bugzilla.suse.com/1249164"
},
{
"category": "self",
"summary": "SUSE Bug 1249166",
"url": "https://bugzilla.suse.com/1249166"
},
{
"category": "self",
"summary": "SUSE Bug 1249167",
"url": "https://bugzilla.suse.com/1249167"
},
{
"category": "self",
"summary": "SUSE Bug 1249169",
"url": "https://bugzilla.suse.com/1249169"
},
{
"category": "self",
"summary": "SUSE Bug 1249170",
"url": "https://bugzilla.suse.com/1249170"
},
{
"category": "self",
"summary": "SUSE Bug 1249172",
"url": "https://bugzilla.suse.com/1249172"
},
{
"category": "self",
"summary": "SUSE Bug 1249176",
"url": "https://bugzilla.suse.com/1249176"
},
{
"category": "self",
"summary": "SUSE Bug 1249177",
"url": "https://bugzilla.suse.com/1249177"
},
{
"category": "self",
"summary": "SUSE Bug 1249182",
"url": "https://bugzilla.suse.com/1249182"
},
{
"category": "self",
"summary": "SUSE Bug 1249186",
"url": "https://bugzilla.suse.com/1249186"
},
{
"category": "self",
"summary": "SUSE Bug 1249190",
"url": "https://bugzilla.suse.com/1249190"
},
{
"category": "self",
"summary": "SUSE Bug 1249193",
"url": "https://bugzilla.suse.com/1249193"
},
{
"category": "self",
"summary": "SUSE Bug 1249195",
"url": "https://bugzilla.suse.com/1249195"
},
{
"category": "self",
"summary": "SUSE Bug 1249199",
"url": "https://bugzilla.suse.com/1249199"
},
{
"category": "self",
"summary": "SUSE Bug 1249201",
"url": "https://bugzilla.suse.com/1249201"
},
{
"category": "self",
"summary": "SUSE Bug 1249202",
"url": "https://bugzilla.suse.com/1249202"
},
{
"category": "self",
"summary": "SUSE Bug 1249203",
"url": "https://bugzilla.suse.com/1249203"
},
{
"category": "self",
"summary": "SUSE Bug 1249204",
"url": "https://bugzilla.suse.com/1249204"
},
{
"category": "self",
"summary": "SUSE Bug 1249206",
"url": "https://bugzilla.suse.com/1249206"
},
{
"category": "self",
"summary": "SUSE Bug 1249215",
"url": "https://bugzilla.suse.com/1249215"
},
{
"category": "self",
"summary": "SUSE Bug 1249220",
"url": "https://bugzilla.suse.com/1249220"
},
{
"category": "self",
"summary": "SUSE Bug 1249221",
"url": "https://bugzilla.suse.com/1249221"
},
{
"category": "self",
"summary": "SUSE Bug 1249254",
"url": "https://bugzilla.suse.com/1249254"
},
{
"category": "self",
"summary": "SUSE Bug 1249258",
"url": "https://bugzilla.suse.com/1249258"
},
{
"category": "self",
"summary": "SUSE Bug 1249262",
"url": "https://bugzilla.suse.com/1249262"
},
{
"category": "self",
"summary": "SUSE Bug 1249263",
"url": "https://bugzilla.suse.com/1249263"
},
{
"category": "self",
"summary": "SUSE Bug 1249265",
"url": "https://bugzilla.suse.com/1249265"
},
{
"category": "self",
"summary": "SUSE Bug 1249266",
"url": "https://bugzilla.suse.com/1249266"
},
{
"category": "self",
"summary": "SUSE Bug 1249269",
"url": "https://bugzilla.suse.com/1249269"
},
{
"category": "self",
"summary": "SUSE Bug 1249271",
"url": "https://bugzilla.suse.com/1249271"
},
{
"category": "self",
"summary": "SUSE Bug 1249272",
"url": "https://bugzilla.suse.com/1249272"
},
{
"category": "self",
"summary": "SUSE Bug 1249273",
"url": "https://bugzilla.suse.com/1249273"
},
{
"category": "self",
"summary": "SUSE Bug 1249274",
"url": "https://bugzilla.suse.com/1249274"
},
{
"category": "self",
"summary": "SUSE Bug 1249278",
"url": "https://bugzilla.suse.com/1249278"
},
{
"category": "self",
"summary": "SUSE Bug 1249279",
"url": "https://bugzilla.suse.com/1249279"
},
{
"category": "self",
"summary": "SUSE Bug 1249281",
"url": "https://bugzilla.suse.com/1249281"
},
{
"category": "self",
"summary": "SUSE Bug 1249282",
"url": "https://bugzilla.suse.com/1249282"
},
{
"category": "self",
"summary": "SUSE Bug 1249284",
"url": "https://bugzilla.suse.com/1249284"
},
{
"category": "self",
"summary": "SUSE Bug 1249285",
"url": "https://bugzilla.suse.com/1249285"
},
{
"category": "self",
"summary": "SUSE Bug 1249286",
"url": "https://bugzilla.suse.com/1249286"
},
{
"category": "self",
"summary": "SUSE Bug 1249288",
"url": "https://bugzilla.suse.com/1249288"
},
{
"category": "self",
"summary": "SUSE Bug 1249290",
"url": "https://bugzilla.suse.com/1249290"
},
{
"category": "self",
"summary": "SUSE Bug 1249292",
"url": "https://bugzilla.suse.com/1249292"
},
{
"category": "self",
"summary": "SUSE Bug 1249295",
"url": "https://bugzilla.suse.com/1249295"
},
{
"category": "self",
"summary": "SUSE Bug 1249296",
"url": "https://bugzilla.suse.com/1249296"
},
{
"category": "self",
"summary": "SUSE Bug 1249297",
"url": "https://bugzilla.suse.com/1249297"
},
{
"category": "self",
"summary": "SUSE Bug 1249299",
"url": "https://bugzilla.suse.com/1249299"
},
{
"category": "self",
"summary": "SUSE Bug 1249300",
"url": "https://bugzilla.suse.com/1249300"
},
{
"category": "self",
"summary": "SUSE Bug 1249301",
"url": "https://bugzilla.suse.com/1249301"
},
{
"category": "self",
"summary": "SUSE Bug 1249303",
"url": "https://bugzilla.suse.com/1249303"
},
{
"category": "self",
"summary": "SUSE Bug 1249304",
"url": "https://bugzilla.suse.com/1249304"
},
{
"category": "self",
"summary": "SUSE Bug 1249305",
"url": "https://bugzilla.suse.com/1249305"
},
{
"category": "self",
"summary": "SUSE Bug 1249306",
"url": "https://bugzilla.suse.com/1249306"
},
{
"category": "self",
"summary": "SUSE Bug 1249308",
"url": "https://bugzilla.suse.com/1249308"
},
{
"category": "self",
"summary": "SUSE Bug 1249309",
"url": "https://bugzilla.suse.com/1249309"
},
{
"category": "self",
"summary": "SUSE Bug 1249312",
"url": "https://bugzilla.suse.com/1249312"
},
{
"category": "self",
"summary": "SUSE Bug 1249313",
"url": "https://bugzilla.suse.com/1249313"
},
{
"category": "self",
"summary": "SUSE Bug 1249314",
"url": "https://bugzilla.suse.com/1249314"
},
{
"category": "self",
"summary": "SUSE Bug 1249315",
"url": "https://bugzilla.suse.com/1249315"
},
{
"category": "self",
"summary": "SUSE Bug 1249316",
"url": "https://bugzilla.suse.com/1249316"
},
{
"category": "self",
"summary": "SUSE Bug 1249318",
"url": "https://bugzilla.suse.com/1249318"
},
{
"category": "self",
"summary": "SUSE Bug 1249319",
"url": "https://bugzilla.suse.com/1249319"
},
{
"category": "self",
"summary": "SUSE Bug 1249320",
"url": "https://bugzilla.suse.com/1249320"
},
{
"category": "self",
"summary": "SUSE Bug 1249321",
"url": "https://bugzilla.suse.com/1249321"
},
{
"category": "self",
"summary": "SUSE Bug 1249322",
"url": "https://bugzilla.suse.com/1249322"
},
{
"category": "self",
"summary": "SUSE Bug 1249323",
"url": "https://bugzilla.suse.com/1249323"
},
{
"category": "self",
"summary": "SUSE Bug 1249324",
"url": "https://bugzilla.suse.com/1249324"
},
{
"category": "self",
"summary": "SUSE Bug 1249333",
"url": "https://bugzilla.suse.com/1249333"
},
{
"category": "self",
"summary": "SUSE Bug 1249334",
"url": "https://bugzilla.suse.com/1249334"
},
{
"category": "self",
"summary": "SUSE Bug 1249338",
"url": "https://bugzilla.suse.com/1249338"
},
{
"category": "self",
"summary": "SUSE Bug 1249346",
"url": "https://bugzilla.suse.com/1249346"
},
{
"category": "self",
"summary": "SUSE Bug 1249374",
"url": "https://bugzilla.suse.com/1249374"
},
{
"category": "self",
"summary": "SUSE Bug 1249413",
"url": "https://bugzilla.suse.com/1249413"
},
{
"category": "self",
"summary": "SUSE Bug 1249477",
"url": "https://bugzilla.suse.com/1249477"
},
{
"category": "self",
"summary": "SUSE Bug 1249478",
"url": "https://bugzilla.suse.com/1249478"
},
{
"category": "self",
"summary": "SUSE Bug 1249479",
"url": "https://bugzilla.suse.com/1249479"
},
{
"category": "self",
"summary": "SUSE Bug 1249486",
"url": "https://bugzilla.suse.com/1249486"
},
{
"category": "self",
"summary": "SUSE Bug 1249490",
"url": "https://bugzilla.suse.com/1249490"
},
{
"category": "self",
"summary": "SUSE Bug 1249494",
"url": "https://bugzilla.suse.com/1249494"
},
{
"category": "self",
"summary": "SUSE Bug 1249500",
"url": "https://bugzilla.suse.com/1249500"
},
{
"category": "self",
"summary": "SUSE Bug 1249504",
"url": "https://bugzilla.suse.com/1249504"
},
{
"category": "self",
"summary": "SUSE Bug 1249506",
"url": "https://bugzilla.suse.com/1249506"
},
{
"category": "self",
"summary": "SUSE Bug 1249508",
"url": "https://bugzilla.suse.com/1249508"
},
{
"category": "self",
"summary": "SUSE Bug 1249509",
"url": "https://bugzilla.suse.com/1249509"
},
{
"category": "self",
"summary": "SUSE Bug 1249510",
"url": "https://bugzilla.suse.com/1249510"
},
{
"category": "self",
"summary": "SUSE Bug 1249513",
"url": "https://bugzilla.suse.com/1249513"
},
{
"category": "self",
"summary": "SUSE Bug 1249515",
"url": "https://bugzilla.suse.com/1249515"
},
{
"category": "self",
"summary": "SUSE Bug 1249516",
"url": "https://bugzilla.suse.com/1249516"
},
{
"category": "self",
"summary": "SUSE Bug 1249522",
"url": "https://bugzilla.suse.com/1249522"
},
{
"category": "self",
"summary": "SUSE Bug 1249523",
"url": "https://bugzilla.suse.com/1249523"
},
{
"category": "self",
"summary": "SUSE Bug 1249524",
"url": "https://bugzilla.suse.com/1249524"
},
{
"category": "self",
"summary": "SUSE Bug 1249526",
"url": "https://bugzilla.suse.com/1249526"
},
{
"category": "self",
"summary": "SUSE Bug 1249533",
"url": "https://bugzilla.suse.com/1249533"
},
{
"category": "self",
"summary": "SUSE Bug 1249538",
"url": "https://bugzilla.suse.com/1249538"
},
{
"category": "self",
"summary": "SUSE Bug 1249540",
"url": "https://bugzilla.suse.com/1249540"
},
{
"category": "self",
"summary": "SUSE Bug 1249542",
"url": "https://bugzilla.suse.com/1249542"
},
{
"category": "self",
"summary": "SUSE Bug 1249545",
"url": "https://bugzilla.suse.com/1249545"
},
{
"category": "self",
"summary": "SUSE Bug 1249547",
"url": "https://bugzilla.suse.com/1249547"
},
{
"category": "self",
"summary": "SUSE Bug 1249548",
"url": "https://bugzilla.suse.com/1249548"
},
{
"category": "self",
"summary": "SUSE Bug 1249550",
"url": "https://bugzilla.suse.com/1249550"
},
{
"category": "self",
"summary": "SUSE Bug 1249552",
"url": "https://bugzilla.suse.com/1249552"
},
{
"category": "self",
"summary": "SUSE Bug 1249554",
"url": "https://bugzilla.suse.com/1249554"
},
{
"category": "self",
"summary": "SUSE Bug 1249562",
"url": "https://bugzilla.suse.com/1249562"
},
{
"category": "self",
"summary": "SUSE Bug 1249566",
"url": "https://bugzilla.suse.com/1249566"
},
{
"category": "self",
"summary": "SUSE Bug 1249587",
"url": "https://bugzilla.suse.com/1249587"
},
{
"category": "self",
"summary": "SUSE Bug 1249598",
"url": "https://bugzilla.suse.com/1249598"
},
{
"category": "self",
"summary": "SUSE Bug 1249604",
"url": "https://bugzilla.suse.com/1249604"
},
{
"category": "self",
"summary": "SUSE Bug 1249608",
"url": "https://bugzilla.suse.com/1249608"
},
{
"category": "self",
"summary": "SUSE Bug 1249615",
"url": "https://bugzilla.suse.com/1249615"
},
{
"category": "self",
"summary": "SUSE Bug 1249618",
"url": "https://bugzilla.suse.com/1249618"
},
{
"category": "self",
"summary": "SUSE Bug 1249774",
"url": "https://bugzilla.suse.com/1249774"
},
{
"category": "self",
"summary": "SUSE Bug 1249833",
"url": "https://bugzilla.suse.com/1249833"
},
{
"category": "self",
"summary": "SUSE Bug 1249887",
"url": "https://bugzilla.suse.com/1249887"
},
{
"category": "self",
"summary": "SUSE Bug 1249888",
"url": "https://bugzilla.suse.com/1249888"
},
{
"category": "self",
"summary": "SUSE Bug 1249901",
"url": "https://bugzilla.suse.com/1249901"
},
{
"category": "self",
"summary": "SUSE Bug 1249904",
"url": "https://bugzilla.suse.com/1249904"
},
{
"category": "self",
"summary": "SUSE Bug 1249906",
"url": "https://bugzilla.suse.com/1249906"
},
{
"category": "self",
"summary": "SUSE Bug 1249915",
"url": "https://bugzilla.suse.com/1249915"
},
{
"category": "self",
"summary": "SUSE Bug 1249974",
"url": "https://bugzilla.suse.com/1249974"
},
{
"category": "self",
"summary": "SUSE Bug 1249975",
"url": "https://bugzilla.suse.com/1249975"
},
{
"category": "self",
"summary": "SUSE Bug 1250002",
"url": "https://bugzilla.suse.com/1250002"
},
{
"category": "self",
"summary": "SUSE Bug 1250007",
"url": "https://bugzilla.suse.com/1250007"
},
{
"category": "self",
"summary": "SUSE Bug 1250021",
"url": "https://bugzilla.suse.com/1250021"
},
{
"category": "self",
"summary": "SUSE Bug 1250025",
"url": "https://bugzilla.suse.com/1250025"
},
{
"category": "self",
"summary": "SUSE Bug 1250028",
"url": "https://bugzilla.suse.com/1250028"
},
{
"category": "self",
"summary": "SUSE Bug 1250032",
"url": "https://bugzilla.suse.com/1250032"
},
{
"category": "self",
"summary": "SUSE Bug 1250087",
"url": "https://bugzilla.suse.com/1250087"
},
{
"category": "self",
"summary": "SUSE Bug 1250088",
"url": "https://bugzilla.suse.com/1250088"
},
{
"category": "self",
"summary": "SUSE Bug 1250119",
"url": "https://bugzilla.suse.com/1250119"
},
{
"category": "self",
"summary": "SUSE Bug 1250123",
"url": "https://bugzilla.suse.com/1250123"
},
{
"category": "self",
"summary": "SUSE Bug 1250124",
"url": "https://bugzilla.suse.com/1250124"
},
{
"category": "self",
"summary": "SUSE Bug 1250177",
"url": "https://bugzilla.suse.com/1250177"
},
{
"category": "self",
"summary": "SUSE Bug 1250179",
"url": "https://bugzilla.suse.com/1250179"
},
{
"category": "self",
"summary": "SUSE Bug 1250203",
"url": "https://bugzilla.suse.com/1250203"
},
{
"category": "self",
"summary": "SUSE Bug 1250204",
"url": "https://bugzilla.suse.com/1250204"
},
{
"category": "self",
"summary": "SUSE Bug 1250205",
"url": "https://bugzilla.suse.com/1250205"
},
{
"category": "self",
"summary": "SUSE Bug 1250237",
"url": "https://bugzilla.suse.com/1250237"
},
{
"category": "self",
"summary": "SUSE Bug 1250242",
"url": "https://bugzilla.suse.com/1250242"
},
{
"category": "self",
"summary": "SUSE Bug 1250247",
"url": "https://bugzilla.suse.com/1250247"
},
{
"category": "self",
"summary": "SUSE Bug 1250249",
"url": "https://bugzilla.suse.com/1250249"
},
{
"category": "self",
"summary": "SUSE Bug 1250251",
"url": "https://bugzilla.suse.com/1250251"
},
{
"category": "self",
"summary": "SUSE Bug 1250258",
"url": "https://bugzilla.suse.com/1250258"
},
{
"category": "self",
"summary": "SUSE Bug 1250262",
"url": "https://bugzilla.suse.com/1250262"
},
{
"category": "self",
"summary": "SUSE Bug 1250266",
"url": "https://bugzilla.suse.com/1250266"
},
{
"category": "self",
"summary": "SUSE Bug 1250267",
"url": "https://bugzilla.suse.com/1250267"
},
{
"category": "self",
"summary": "SUSE Bug 1250268",
"url": "https://bugzilla.suse.com/1250268"
},
{
"category": "self",
"summary": "SUSE Bug 1250275",
"url": "https://bugzilla.suse.com/1250275"
},
{
"category": "self",
"summary": "SUSE Bug 1250276",
"url": "https://bugzilla.suse.com/1250276"
},
{
"category": "self",
"summary": "SUSE Bug 1250281",
"url": "https://bugzilla.suse.com/1250281"
},
{
"category": "self",
"summary": "SUSE Bug 1250291",
"url": "https://bugzilla.suse.com/1250291"
},
{
"category": "self",
"summary": "SUSE Bug 1250292",
"url": "https://bugzilla.suse.com/1250292"
},
{
"category": "self",
"summary": "SUSE Bug 1250294",
"url": "https://bugzilla.suse.com/1250294"
},
{
"category": "self",
"summary": "SUSE Bug 1250296",
"url": "https://bugzilla.suse.com/1250296"
},
{
"category": "self",
"summary": "SUSE Bug 1250297",
"url": "https://bugzilla.suse.com/1250297"
},
{
"category": "self",
"summary": "SUSE Bug 1250298",
"url": "https://bugzilla.suse.com/1250298"
},
{
"category": "self",
"summary": "SUSE Bug 1250334",
"url": "https://bugzilla.suse.com/1250334"
},
{
"category": "self",
"summary": "SUSE Bug 1250344",
"url": "https://bugzilla.suse.com/1250344"
},
{
"category": "self",
"summary": "SUSE Bug 1250365",
"url": "https://bugzilla.suse.com/1250365"
},
{
"category": "self",
"summary": "SUSE Bug 1250371",
"url": "https://bugzilla.suse.com/1250371"
},
{
"category": "self",
"summary": "SUSE Bug 1250377",
"url": "https://bugzilla.suse.com/1250377"
},
{
"category": "self",
"summary": "SUSE Bug 1250386",
"url": "https://bugzilla.suse.com/1250386"
},
{
"category": "self",
"summary": "SUSE Bug 1250389",
"url": "https://bugzilla.suse.com/1250389"
},
{
"category": "self",
"summary": "SUSE Bug 1250398",
"url": "https://bugzilla.suse.com/1250398"
},
{
"category": "self",
"summary": "SUSE Bug 1250402",
"url": "https://bugzilla.suse.com/1250402"
},
{
"category": "self",
"summary": "SUSE Bug 1250406",
"url": "https://bugzilla.suse.com/1250406"
},
{
"category": "self",
"summary": "SUSE Bug 1250407",
"url": "https://bugzilla.suse.com/1250407"
},
{
"category": "self",
"summary": "SUSE Bug 1250408",
"url": "https://bugzilla.suse.com/1250408"
},
{
"category": "self",
"summary": "SUSE Bug 1250450",
"url": "https://bugzilla.suse.com/1250450"
},
{
"category": "self",
"summary": "SUSE Bug 1250491",
"url": "https://bugzilla.suse.com/1250491"
},
{
"category": "self",
"summary": "SUSE Bug 1250519",
"url": "https://bugzilla.suse.com/1250519"
},
{
"category": "self",
"summary": "SUSE Bug 1250522",
"url": "https://bugzilla.suse.com/1250522"
},
{
"category": "self",
"summary": "SUSE Bug 1250650",
"url": "https://bugzilla.suse.com/1250650"
},
{
"category": "self",
"summary": "SUSE Bug 1250655",
"url": "https://bugzilla.suse.com/1250655"
},
{
"category": "self",
"summary": "SUSE Bug 1250671",
"url": "https://bugzilla.suse.com/1250671"
},
{
"category": "self",
"summary": "SUSE Bug 1250702",
"url": "https://bugzilla.suse.com/1250702"
},
{
"category": "self",
"summary": "SUSE Bug 1250711",
"url": "https://bugzilla.suse.com/1250711"
},
{
"category": "self",
"summary": "SUSE Bug 1250712",
"url": "https://bugzilla.suse.com/1250712"
},
{
"category": "self",
"summary": "SUSE Bug 1250713",
"url": "https://bugzilla.suse.com/1250713"
},
{
"category": "self",
"summary": "SUSE Bug 1250716",
"url": "https://bugzilla.suse.com/1250716"
},
{
"category": "self",
"summary": "SUSE Bug 1250719",
"url": "https://bugzilla.suse.com/1250719"
},
{
"category": "self",
"summary": "SUSE Bug 1250722",
"url": "https://bugzilla.suse.com/1250722"
},
{
"category": "self",
"summary": "SUSE Bug 1250729",
"url": "https://bugzilla.suse.com/1250729"
},
{
"category": "self",
"summary": "SUSE Bug 1250736",
"url": "https://bugzilla.suse.com/1250736"
},
{
"category": "self",
"summary": "SUSE Bug 1250737",
"url": "https://bugzilla.suse.com/1250737"
},
{
"category": "self",
"summary": "SUSE Bug 1250739",
"url": "https://bugzilla.suse.com/1250739"
},
{
"category": "self",
"summary": "SUSE Bug 1250741",
"url": "https://bugzilla.suse.com/1250741"
},
{
"category": "self",
"summary": "SUSE Bug 1250742",
"url": "https://bugzilla.suse.com/1250742"
},
{
"category": "self",
"summary": "SUSE Bug 1250758",
"url": "https://bugzilla.suse.com/1250758"
},
{
"category": "self",
"summary": "SUSE Bug 1250952",
"url": "https://bugzilla.suse.com/1250952"
},
{
"category": "self",
"summary": "SUSE Bug 1251100",
"url": "https://bugzilla.suse.com/1251100"
},
{
"category": "self",
"summary": "SUSE Bug 1251114",
"url": "https://bugzilla.suse.com/1251114"
},
{
"category": "self",
"summary": "SUSE Bug 1251134",
"url": "https://bugzilla.suse.com/1251134"
},
{
"category": "self",
"summary": "SUSE Bug 1251135",
"url": "https://bugzilla.suse.com/1251135"
},
{
"category": "self",
"summary": "SUSE Bug 1251143",
"url": "https://bugzilla.suse.com/1251143"
},
{
"category": "self",
"summary": "SUSE Bug 1251146",
"url": "https://bugzilla.suse.com/1251146"
},
{
"category": "self",
"summary": "SUSE Bug 1251186",
"url": "https://bugzilla.suse.com/1251186"
},
{
"category": "self",
"summary": "SUSE Bug 1251216",
"url": "https://bugzilla.suse.com/1251216"
},
{
"category": "self",
"summary": "SUSE Bug 1251230",
"url": "https://bugzilla.suse.com/1251230"
},
{
"category": "self",
"summary": "SUSE Bug 1251810",
"url": "https://bugzilla.suse.com/1251810"
},
{
"category": "self",
"summary": "SUSE Bug 1252084",
"url": "https://bugzilla.suse.com/1252084"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53164 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53164/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57891 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57891/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57951 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57951/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57952 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57952/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58090 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58090/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22034 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22034/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22077 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22077/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23141 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23141/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37798 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37798/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37821 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37849 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37849/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37856 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37856/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37861 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37864 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38006 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38006/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38008 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38008/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38019 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38019/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38034 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38034/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38038 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38038/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38052 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38058 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38062 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38062/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38075 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38075/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38087 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38087/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38088 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38088/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38089 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38089/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38090 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38090/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38091 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38091/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38095 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38095/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38096 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38096/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38098 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38098/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38099 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38099/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38101 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38101/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38102 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38102/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38103 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38103/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38106 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38106/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38107 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38107/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38108 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38108/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38109 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38109/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38110 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38110/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38111 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38111/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38112 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38112/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38113 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38113/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38114 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38114/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38117 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38117/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38118 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38118/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38119 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38119/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38120 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38120/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38122 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38123 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38124 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38124/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38125 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38127 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38127/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38128 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38128/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38129 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38129/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38134 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38134/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38135 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38136 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38137 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38137/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38138 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38138/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38140 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38140/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38141 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38141/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38142 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38142/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38143 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38143/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38145 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38145/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38146 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38146/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38148 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38148/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38149 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38149/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38151 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38151/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38153 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38153/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38154 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38154/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38155 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38155/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38156 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38156/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38157 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38157/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38159 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38159/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38160 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38160/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38161 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38161/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38165 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38165/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38168 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38168/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38169 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38169/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38170 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38170/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38172 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38172/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38173 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38173/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38174 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38174/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38177 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38177/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38180 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38180/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38181 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38182 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38182/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38184 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38184/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38185 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38185/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38186 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38186/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38188 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38188/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38189 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38189/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38190 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38190/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38193 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38193/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38197 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38197/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38198 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38198/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38201 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38201/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38205 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38205/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38208 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38208/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38209 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38209/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38211 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38211/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38213 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38213/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38214 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38214/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38215 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38215/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38216 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38216/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38217 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38217/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38220 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38220/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38222 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38222/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38224 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38224/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38225 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38225/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38226 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38226/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38227 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38227/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38228 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38228/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38229 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38229/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38231 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38231/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38232 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38232/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38233 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38233/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38234 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38234/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38242 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38242/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38244 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38244/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38245 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38245/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38246 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38246/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38249 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38249/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38251 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38251/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38253 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38253/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38255 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38255/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38256 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38256/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38257 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38257/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38258 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38258/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38259 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38259/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38263 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38263/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38265 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38265/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38267 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38267/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38268 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38268/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38270 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38270/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38272 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38272/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38273 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38273/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38274 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38274/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38275 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38275/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38277 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38277/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38278 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38278/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38286 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38286/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38287 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38287/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38288 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38288/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38289 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38289/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38290 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38290/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38291 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38291/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38292 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38292/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38293 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38293/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38299 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38299/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38300 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38300/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38301 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38301/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38302 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38302/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38303 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38303/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38304 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38304/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38305 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38305/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38306 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38306/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38307 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38307/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38311 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38311/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38312 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38312/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38313 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38313/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38315 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38315/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38317 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38317/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38318 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38318/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38319 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38319/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38322 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38322/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38323 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38323/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38326 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38326/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38332 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38332/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38335 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38335/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38336 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38336/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38337 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38337/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38338 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38338/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38339 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38339/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38341 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38341/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38342 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38342/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38343 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38343/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38344 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38344/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38345 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38345/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38348 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38348/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38349 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38349/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38350 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38350/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38351 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38351/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38352 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38352/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38353 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38353/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38354 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38354/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38355 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38355/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38356 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38356/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38359 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38359/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38360 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38360/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38361 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38361/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38362 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38362/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38363 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38363/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38364 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38364/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38365 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38365/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38368 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38368/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38369 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38369/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38371 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38371/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38372 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38372/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38373 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38373/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38374 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38374/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38375 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38375/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38376 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38376/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38377 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38377/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38380 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38380/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38381 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38381/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38382 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38382/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38383 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38383/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38384 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38384/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38385 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38385/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38386 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38386/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38387 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38387/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38389 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38389/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38390 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38390/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38391 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38391/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38392 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38392/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38393 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38393/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38395 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38395/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38396 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38396/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38397 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38397/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38399 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38399/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38400 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38400/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38401 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38401/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38402 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38402/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38403 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38403/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38404 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38404/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38405 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38405/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38406 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38406/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38408 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38408/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38409 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38409/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38410 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38410/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38412 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38412/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38413 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38413/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38414 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38414/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38415 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38415/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38416 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38416/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38417 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38417/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38418 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38418/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38419 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38419/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38420 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38420/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38421 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38421/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38424 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38424/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38425 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38425/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38426 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38426/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38427 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38427/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38428 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38428/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38429 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38429/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38430 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38430/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38436 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38436/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38438 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38438/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38439 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38439/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38440 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38440/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38441 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38441/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38443 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38443/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38444 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38444/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38445 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38445/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38446 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38446/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38448 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38448/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38449 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38449/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38450 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38450/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38451 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38451/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38453 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38453/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38454 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38454/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38455 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38455/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38456 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38456/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38457 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38457/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38458 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38458/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38459 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38459/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38460 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38460/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38461 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38461/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38462 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38462/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38463 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38463/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38464 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38464/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38465 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38465/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38466 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38466/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38467 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38467/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38468 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38468/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38470 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38470/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38472 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38472/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38473 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38473/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38474 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38474/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38475 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38475/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38476 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38476/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38477 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38477/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38478 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38478/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38480 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38480/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38481 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38481/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38482 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38482/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38483 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38483/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38484 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38484/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38485 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38485/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38487 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38487/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38488 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38488/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38489 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38489/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38490 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38490/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38491 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38491/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38493 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38493/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38494 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38494/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38495 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38495/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38496 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38496/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38497 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38497/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38499 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38499/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38500 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38500/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38503 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38503/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38506 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38508 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38508/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38514 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38514/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38524 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38524/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38526 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38526/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38527 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38527/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38528 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38528/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38531 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38531/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38533 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38533/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38539 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38544 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38544/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38545 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38545/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38546 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38546/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38549 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38549/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38552 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38552/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38553 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38553/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38554 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38554/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38555 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38555/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38556 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38556/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38557 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38557/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38559 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38559/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38560 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38560/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38563 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38563/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38564 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38564/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38565 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38565/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38566 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38566/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38568 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38568/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38571 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38571/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38572 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38572/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38573 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38573/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38574 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38574/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38576 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38576/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38581 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38581/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38582 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38582/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38583 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38583/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38584 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38584/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38585 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38585/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38586 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38586/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38587 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38587/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38588 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38588/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38591 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38591/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38593 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38593/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38595 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38595/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38597 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38597/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38601 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38601/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38602 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38602/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38604 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38604/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38605 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38605/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38608 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38608/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38609 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38609/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38610 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38610/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38612 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38612/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38614 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38614/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38616 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38616/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38617 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38617/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38618 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38618/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38619 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38619/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38621 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38621/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38622 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38622/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38623 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38623/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38624 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38624/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38628 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38628/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38630 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38630/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38631 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38631/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38632 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38632/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38634 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38634/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38635 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38635/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38639 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38639/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38640 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38640/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38643 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38643/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38644 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38644/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38646 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38646/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38648 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38648/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38656 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38656/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38658 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38658/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38659 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38659/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38660 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38660/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38662 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38662/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38664 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38664/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38665 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38665/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38668 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38670 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38670/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38671 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38671/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38676 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38676/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38678 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38678/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38679 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38679/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38680 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38681 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38683 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38683/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38684 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38684/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38685 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38685/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38686 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38686/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38687 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38687/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38691 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38691/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38692 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38692/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38693 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38693/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38694 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38694/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38695 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38695/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38700 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38700/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38701 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38702 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38703 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38705 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38705/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38706 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38706/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38709 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38709/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38710 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38710/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38717 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38717/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38721 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38721/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38722 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38722/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38724 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38724/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38725 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38727 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38729 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38729/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38730 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38730/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38732 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38732/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38733 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38734 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38735 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38735/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38736 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39673 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39675 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39675/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39677 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39677/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39678 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39678/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39679 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39679/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39681 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39682 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39682/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39683 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39683/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39684 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39684/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39685 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39685/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39686 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39686/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39687 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39687/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39691 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39691/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39693 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39693/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39694 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39694/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39695 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39695/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39697 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39698 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39698/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39700 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39700/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39701 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39703 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39705 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39705/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39706 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39706/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39707 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39707/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39709 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39709/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39710 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39710/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39711 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39711/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39712 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39712/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39713 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39713/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39714 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39714/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39718 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39719 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39719/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39721 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39721/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39722 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39722/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39723 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39723/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39724 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39724/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39726 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39726/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39727 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39730 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39730/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39732 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39732/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39738 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39738/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39739 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39739/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39742 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39742/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39744 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39744/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39746 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39746/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39747 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39747/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39748 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39748/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39749 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39749/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39750 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39750/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39751 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39751/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39757 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39757/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39758 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39758/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39759 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39759/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39760 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39760/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39761 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39761/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39763 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39763/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39764 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39764/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39765 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39765/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39766 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39766/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39770 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39770/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39772 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39772/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39773 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39773/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39775 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39775/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39782 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39782/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39783 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39783/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39787 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39787/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39788 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39788/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39790 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39790/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39791 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39791/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39792 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39792/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39797 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39797/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39798 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39798/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39800 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39800/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39801 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39801/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39806 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39806/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39807 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39807/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39808 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39808/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39810 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39810/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39811 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39811/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39813 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39816 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39816/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39823 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39823/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39824 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39824/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39825 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39825/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39826 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39826/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39827 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39827/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39828 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39830 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39832 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39833 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39833/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39834 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39835 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39836 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39836/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39838 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39838/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39839 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39839/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39841 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39841/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39842 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39842/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39844 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39844/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39845 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39845/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39847 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39847/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39848 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39848/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39849 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39849/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39850 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39850/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39851 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39851/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39852 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39852/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39853 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39853/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39854 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39854/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39857 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39857/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39860 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39860/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39861 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39863 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39863/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39864 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39865 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39865/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39869 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39870 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39871 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39871/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39873 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39875 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39877 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39877/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39882 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39882/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39884 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39884/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39885 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39885/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39889 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39889/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39890 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39891 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39891/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39896 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39896/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39898 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39898/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39899 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39899/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39900 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39900/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39902 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39902/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39907 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39907/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39909 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39909/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39916 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39916/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39918 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39918/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39922 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39922/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39923 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39923/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39925 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39925/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39926 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39926/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39931 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39931/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39934 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39934/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39937 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39937/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39938 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39938/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39945 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39945/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39946 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39946/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39952 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39952/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39957 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39957/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40300 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40300/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-38264 page",
"url": "https://www.suse.com/security/cve/CVE-2026-38264/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-11-25T07:34:57Z",
"generator": {
"date": "2025-11-25T07:34:57Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:21074-1",
"initial_release_date": "2025-11-25T07:34:57Z",
"revision_history": [
{
"date": "2025-11-25T07:34:57Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-64kb-6.12.0-160000.6.1.aarch64",
"product": {
"name": "kernel-64kb-6.12.0-160000.6.1.aarch64",
"product_id": "kernel-64kb-6.12.0-160000.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"product": {
"name": "kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"product_id": "kernel-64kb-devel-6.12.0-160000.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-6.12.0-160000.6.1.aarch64",
"product": {
"name": "kernel-default-6.12.0-160000.6.1.aarch64",
"product_id": "kernel-default-6.12.0-160000.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"product": {
"name": "kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"product_id": "kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-6.12.0-160000.6.1.aarch64",
"product": {
"name": "kernel-default-devel-6.12.0-160000.6.1.aarch64",
"product_id": "kernel-default-devel-6.12.0-160000.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-6.12.0-160000.6.1.aarch64",
"product": {
"name": "kernel-default-extra-6.12.0-160000.6.1.aarch64",
"product_id": "kernel-default-extra-6.12.0-160000.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-rt-6.12.0-160000.6.1.aarch64",
"product": {
"name": "kernel-rt-6.12.0-160000.6.1.aarch64",
"product_id": "kernel-rt-6.12.0-160000.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"product": {
"name": "kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"product_id": "kernel-rt-devel-6.12.0-160000.6.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-6.12.0-160000.6.1.noarch",
"product": {
"name": "kernel-devel-6.12.0-160000.6.1.noarch",
"product_id": "kernel-devel-6.12.0-160000.6.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-macros-6.12.0-160000.6.1.noarch",
"product": {
"name": "kernel-macros-6.12.0-160000.6.1.noarch",
"product_id": "kernel-macros-6.12.0-160000.6.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-6.12.0-160000.6.1.noarch",
"product": {
"name": "kernel-source-6.12.0-160000.6.1.noarch",
"product_id": "kernel-source-6.12.0-160000.6.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.12.0-160000.6.1.ppc64le",
"product": {
"name": "kernel-default-6.12.0-160000.6.1.ppc64le",
"product_id": "kernel-default-6.12.0-160000.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"product": {
"name": "kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"product_id": "kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"product": {
"name": "kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"product_id": "kernel-default-devel-6.12.0-160000.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"product": {
"name": "kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"product_id": "kernel-default-extra-6.12.0-160000.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"product": {
"name": "kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"product_id": "kernel-default-livepatch-6.12.0-160000.6.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.12.0-160000.6.1.s390x",
"product": {
"name": "kernel-default-6.12.0-160000.6.1.s390x",
"product_id": "kernel-default-6.12.0-160000.6.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-6.12.0-160000.6.1.s390x",
"product": {
"name": "kernel-default-devel-6.12.0-160000.6.1.s390x",
"product_id": "kernel-default-devel-6.12.0-160000.6.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-6.12.0-160000.6.1.s390x",
"product": {
"name": "kernel-default-extra-6.12.0-160000.6.1.s390x",
"product_id": "kernel-default-extra-6.12.0-160000.6.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"product": {
"name": "kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"product_id": "kernel-default-livepatch-6.12.0-160000.6.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.12.0-160000.6.1.x86_64",
"product": {
"name": "kernel-default-6.12.0-160000.6.1.x86_64",
"product_id": "kernel-default-6.12.0-160000.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"product": {
"name": "kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"product_id": "kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-6.12.0-160000.6.1.x86_64",
"product": {
"name": "kernel-default-devel-6.12.0-160000.6.1.x86_64",
"product_id": "kernel-default-devel-6.12.0-160000.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-6.12.0-160000.6.1.x86_64",
"product": {
"name": "kernel-default-extra-6.12.0-160000.6.1.x86_64",
"product_id": "kernel-default-extra-6.12.0-160000.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"product": {
"name": "kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"product_id": "kernel-default-livepatch-6.12.0-160000.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-6.12.0-160000.6.1.x86_64",
"product": {
"name": "kernel-rt-6.12.0-160000.6.1.x86_64",
"product_id": "kernel-rt-6.12.0-160000.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"product": {
"name": "kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"product_id": "kernel-rt-devel-6.12.0-160000.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"product_id": "kernel-rt-livepatch-6.12.0-160000.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.2",
"product": {
"name": "SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:transactional"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-64kb-6.12.0-160000.6.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64"
},
"product_reference": "kernel-64kb-6.12.0-160000.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-64kb-devel-6.12.0-160000.6.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64"
},
"product_reference": "kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.12.0-160000.6.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64"
},
"product_reference": "kernel-default-6.12.0-160000.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.12.0-160000.6.1.ppc64le as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le"
},
"product_reference": "kernel-default-6.12.0-160000.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.12.0-160000.6.1.s390x as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x"
},
"product_reference": "kernel-default-6.12.0-160000.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.12.0-160000.6.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64"
},
"product_reference": "kernel-default-6.12.0-160000.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64"
},
"product_reference": "kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le"
},
"product_reference": "kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64"
},
"product_reference": "kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.12.0-160000.6.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64"
},
"product_reference": "kernel-default-devel-6.12.0-160000.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.12.0-160000.6.1.ppc64le as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le"
},
"product_reference": "kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.12.0-160000.6.1.s390x as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x"
},
"product_reference": "kernel-default-devel-6.12.0-160000.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.12.0-160000.6.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64"
},
"product_reference": "kernel-default-devel-6.12.0-160000.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-extra-6.12.0-160000.6.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64"
},
"product_reference": "kernel-default-extra-6.12.0-160000.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-extra-6.12.0-160000.6.1.ppc64le as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le"
},
"product_reference": "kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-extra-6.12.0-160000.6.1.s390x as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x"
},
"product_reference": "kernel-default-extra-6.12.0-160000.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-extra-6.12.0-160000.6.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64"
},
"product_reference": "kernel-default-extra-6.12.0-160000.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.12.0-160000.6.1.ppc64le as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le"
},
"product_reference": "kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.12.0-160000.6.1.s390x as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x"
},
"product_reference": "kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.12.0-160000.6.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64"
},
"product_reference": "kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-6.12.0-160000.6.1.noarch as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch"
},
"product_reference": "kernel-devel-6.12.0-160000.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-6.12.0-160000.6.1.noarch as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch"
},
"product_reference": "kernel-macros-6.12.0-160000.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-6.12.0-160000.6.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64"
},
"product_reference": "kernel-rt-6.12.0-160000.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-6.12.0-160000.6.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64"
},
"product_reference": "kernel-rt-6.12.0-160000.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-6.12.0-160000.6.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64"
},
"product_reference": "kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-6.12.0-160000.6.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64"
},
"product_reference": "kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-livepatch-6.12.0-160000.6.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64"
},
"product_reference": "kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-6.12.0-160000.6.1.noarch as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
},
"product_reference": "kernel-source-6.12.0-160000.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-53164",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53164"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix ordering of qlen adjustment\n\nChanges to sch-\u003eq.qlen around qdisc_tree_reduce_backlog() need to happen\n_before_ a call to said function because otherwise it may fail to notify\nparent qdiscs when the child is about to become empty.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53164",
"url": "https://www.suse.com/security/cve/CVE-2024-53164"
},
{
"category": "external",
"summary": "SUSE Bug 1234863 for CVE-2024-53164",
"url": "https://bugzilla.suse.com/1234863"
},
{
"category": "external",
"summary": "SUSE Bug 1246019 for CVE-2024-53164",
"url": "https://bugzilla.suse.com/1246019"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2024-53164"
},
{
"cve": "CVE-2024-57891",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57891"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched_ext: Fix invalid irq restore in scx_ops_bypass()\n\nWhile adding outer irqsave/restore locking, 0e7ffff1b811 (\"scx: Fix raciness\nin scx_ops_bypass()\") forgot to convert an inner rq_unlock_irqrestore() to\nrq_unlock() which could re-enable IRQ prematurely leading to the following\nwarning:\n\n raw_local_irq_restore() called with IRQs enabled\n WARNING: CPU: 1 PID: 96 at kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x30/0x40\n ...\n Sched_ext: create_dsq (enabling)\n pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : warn_bogus_irq_restore+0x30/0x40\n lr : warn_bogus_irq_restore+0x30/0x40\n ...\n Call trace:\n warn_bogus_irq_restore+0x30/0x40 (P)\n warn_bogus_irq_restore+0x30/0x40 (L)\n scx_ops_bypass+0x224/0x3b8\n scx_ops_enable.isra.0+0x2c8/0xaa8\n bpf_scx_reg+0x18/0x30\n ...\n irq event stamp: 33739\n hardirqs last enabled at (33739): [\u003cffff8000800b699c\u003e] scx_ops_bypass+0x174/0x3b8\n hardirqs last disabled at (33738): [\u003cffff800080d48ad4\u003e] _raw_spin_lock_irqsave+0xb4/0xd8\n\nDrop the stray _irqrestore().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57891",
"url": "https://www.suse.com/security/cve/CVE-2024-57891"
},
{
"category": "external",
"summary": "SUSE Bug 1235953 for CVE-2024-57891",
"url": "https://bugzilla.suse.com/1235953"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2024-57891"
},
{
"cve": "CVE-2024-57951",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57951"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhrtimers: Handle CPU state correctly on hotplug\n\nConsider a scenario where a CPU transitions from CPUHP_ONLINE to halfway\nthrough a CPU hotunplug down to CPUHP_HRTIMERS_PREPARE, and then back to\nCPUHP_ONLINE:\n\nSince hrtimers_prepare_cpu() does not run, cpu_base.hres_active remains set\nto 1 throughout. However, during a CPU unplug operation, the tick and the\nclockevents are shut down at CPUHP_AP_TICK_DYING. On return to the online\nstate, for instance CFS incorrectly assumes that the hrtick is already\nactive, and the chance of the clockevent device to transition to oneshot\nmode is also lost forever for the CPU, unless it goes back to a lower state\nthan CPUHP_HRTIMERS_PREPARE once.\n\nThis round-trip reveals another issue; cpu_base.online is not set to 1\nafter the transition, which appears as a WARN_ON_ONCE in enqueue_hrtimer().\n\nAside of that, the bulk of the per CPU state is not reset either, which\nmeans there are dangling pointers in the worst case.\n\nAddress this by adding a corresponding startup() callback, which resets the\nstale per CPU state and sets the online flag.\n\n[ tglx: Make the new callback unconditionally available, remove the online\n \tmodification in the prepare() callback and clear the remaining\n \tstate in the starting callback instead of the prepare callback ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57951",
"url": "https://www.suse.com/security/cve/CVE-2024-57951"
},
{
"category": "external",
"summary": "SUSE Bug 1237108 for CVE-2024-57951",
"url": "https://bugzilla.suse.com/1237108"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2024-57951"
},
{
"cve": "CVE-2024-57952",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57952"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"libfs: fix infinite directory reads for offset dir\"\n\nThe current directory offset allocator (based on mtree_alloc_cyclic)\nstores the next offset value to return in octx-\u003enext_offset. This\nmechanism typically returns values that increase monotonically over\ntime. Eventually, though, the newly allocated offset value wraps\nback to a low number (say, 2) which is smaller than other already-\nallocated offset values.\n\nYu Kuai \u003cyukuai3@huawei.com\u003e reports that, after commit 64a7ce76fb90\n(\"libfs: fix infinite directory reads for offset dir\"), if a\ndirectory\u0027s offset allocator wraps, existing entries are no longer\nvisible via readdir/getdents because offset_readdir() stops listing\nentries once an entry\u0027s offset is larger than octx-\u003enext_offset.\nThese entries vanish persistently -- they can be looked up, but will\nnever again appear in readdir(3) output.\n\nThe reason for this is that the commit treats directory offsets as\nmonotonically increasing integer values rather than opaque cookies,\nand introduces this comparison:\n\n\tif (dentry2offset(dentry) \u003e= last_index) {\n\nOn 64-bit platforms, the directory offset value upper bound is\n2^63 - 1. Directory offsets will monotonically increase for millions\nof years without wrapping.\n\nOn 32-bit platforms, however, LONG_MAX is 2^31 - 1. The allocator\ncan wrap after only a few weeks (at worst).\n\nRevert commit 64a7ce76fb90 (\"libfs: fix infinite directory reads for\noffset dir\") to prepare for a fix that can work properly on 32-bit\nsystems and might apply to recent LTS kernels where shmem employs\nthe simple_offset mechanism.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57952",
"url": "https://www.suse.com/security/cve/CVE-2024-57952"
},
{
"category": "external",
"summary": "SUSE Bug 1237131 for CVE-2024-57952",
"url": "https://bugzilla.suse.com/1237131"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2024-57952"
},
{
"cve": "CVE-2024-58090",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58090"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/core: Prevent rescheduling when interrupts are disabled\n\nDavid reported a warning observed while loop testing kexec jump:\n\n Interrupts enabled after irqrouter_resume+0x0/0x50\n WARNING: CPU: 0 PID: 560 at drivers/base/syscore.c:103 syscore_resume+0x18a/0x220\n kernel_kexec+0xf6/0x180\n __do_sys_reboot+0x206/0x250\n do_syscall_64+0x95/0x180\n\nThe corresponding interrupt flag trace:\n\n hardirqs last enabled at (15573): [\u003cffffffffa8281b8e\u003e] __up_console_sem+0x7e/0x90\n hardirqs last disabled at (15580): [\u003cffffffffa8281b73\u003e] __up_console_sem+0x63/0x90\n\nThat means __up_console_sem() was invoked with interrupts enabled. Further\ninstrumentation revealed that in the interrupt disabled section of kexec\njump one of the syscore_suspend() callbacks woke up a task, which set the\nNEED_RESCHED flag. A later callback in the resume path invoked\ncond_resched() which in turn led to the invocation of the scheduler:\n\n __cond_resched+0x21/0x60\n down_timeout+0x18/0x60\n acpi_os_wait_semaphore+0x4c/0x80\n acpi_ut_acquire_mutex+0x3d/0x100\n acpi_ns_get_node+0x27/0x60\n acpi_ns_evaluate+0x1cb/0x2d0\n acpi_rs_set_srs_method_data+0x156/0x190\n acpi_pci_link_set+0x11c/0x290\n irqrouter_resume+0x54/0x60\n syscore_resume+0x6a/0x200\n kernel_kexec+0x145/0x1c0\n __do_sys_reboot+0xeb/0x240\n do_syscall_64+0x95/0x180\n\nThis is a long standing problem, which probably got more visible with\nthe recent printk changes. Something does a task wakeup and the\nscheduler sets the NEED_RESCHED flag. cond_resched() sees it set and\ninvokes schedule() from a completely bogus context. The scheduler\nenables interrupts after context switching, which causes the above\nwarning at the end.\n\nQuite some of the code paths in syscore_suspend()/resume() can result in\ntriggering a wakeup with the exactly same consequences. They might not\nhave done so yet, but as they share a lot of code with normal operations\nit\u0027s just a question of time.\n\nThe problem only affects the PREEMPT_NONE and PREEMPT_VOLUNTARY scheduling\nmodels. Full preemption is not affected as cond_resched() is disabled and\nthe preemption check preemptible() takes the interrupt disabled flag into\naccount.\n\nCure the problem by adding a corresponding check into cond_resched().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58090",
"url": "https://www.suse.com/security/cve/CVE-2024-58090"
},
{
"category": "external",
"summary": "SUSE Bug 1240324 for CVE-2024-58090",
"url": "https://bugzilla.suse.com/1240324"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2024-58090"
},
{
"cve": "CVE-2025-22034",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22034"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/gup: reject FOLL_SPLIT_PMD with hugetlb VMAs\n\nPatch series \"mm: fixes for device-exclusive entries (hmm)\", v2.\n\nDiscussing the PageTail() call in make_device_exclusive_range() with\nWilly, I recently discovered [1] that device-exclusive handling does not\nproperly work with THP, making the hmm-tests selftests fail if THPs are\nenabled on the system.\n\nLooking into more details, I found that hugetlb is not properly fenced,\nand I realized that something that was bugging me for longer -- how\ndevice-exclusive entries interact with mapcounts -- completely breaks\nmigration/swapout/split/hwpoison handling of these folios while they have\ndevice-exclusive PTEs.\n\nThe program below can be used to allocate 1 GiB worth of pages and making\nthem device-exclusive on a kernel with CONFIG_TEST_HMM.\n\nOnce they are device-exclusive, these folios cannot get swapped out\n(proc$pid/smaps_rollup will always indicate 1 GiB RSS no matter how much\none forces memory reclaim), and when having a memory block onlined to\nZONE_MOVABLE, trying to offline it will loop forever and complain about\nfailed migration of a page that should be movable.\n\n# echo offline \u003e /sys/devices/system/memory/memory136/state\n# echo online_movable \u003e /sys/devices/system/memory/memory136/state\n# ./hmm-swap \u0026\n... wait until everything is device-exclusive\n# echo offline \u003e /sys/devices/system/memory/memory136/state\n[ 285.193431][T14882] page: refcount:2 mapcount:0 mapping:0000000000000000\n index:0x7f20671f7 pfn:0x442b6a\n[ 285.196618][T14882] memcg:ffff888179298000\n[ 285.198085][T14882] anon flags: 0x5fff0000002091c(referenced|uptodate|\n dirty|active|owner_2|swapbacked|node=1|zone=3|lastcpupid=0x7ff)\n[ 285.201734][T14882] raw: ...\n[ 285.204464][T14882] raw: ...\n[ 285.207196][T14882] page dumped because: migration failure\n[ 285.209072][T14882] page_owner tracks the page as allocated\n[ 285.210915][T14882] page last allocated via order 0, migratetype\n Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO),\n id 14926, tgid 14926 (hmm-swap), ts 254506295376, free_ts 227402023774\n[ 285.216765][T14882] post_alloc_hook+0x197/0x1b0\n[ 285.218874][T14882] get_page_from_freelist+0x76e/0x3280\n[ 285.220864][T14882] __alloc_frozen_pages_noprof+0x38e/0x2740\n[ 285.223302][T14882] alloc_pages_mpol+0x1fc/0x540\n[ 285.225130][T14882] folio_alloc_mpol_noprof+0x36/0x340\n[ 285.227222][T14882] vma_alloc_folio_noprof+0xee/0x1a0\n[ 285.229074][T14882] __handle_mm_fault+0x2b38/0x56a0\n[ 285.230822][T14882] handle_mm_fault+0x368/0x9f0\n...\n\nThis series fixes all issues I found so far. There is no easy way to fix\nwithout a bigger rework/cleanup. I have a bunch of cleanups on top (some\nprevious sent, some the result of the discussion in v1) that I will send\nout separately once this landed and I get to it.\n\nI wish we could just use some special present PROT_NONE PTEs instead of\nthese (non-present, non-none) fake-swap entries; but that just results in\nthe same problem we keep having (lack of spare PTE bits), and staring at\nother similar fake-swap entries, that ship has sailed.\n\nWith this series, make_device_exclusive() doesn\u0027t actually belong into\nmm/rmap.c anymore, but I\u0027ll leave moving that for another day.\n\nI only tested this series with the hmm-tests selftests due to lack of HW,\nso I\u0027d appreciate some testing, especially if the interaction between two\nGPUs wanting a device-exclusive entry works as expected.\n\n\u003cprogram\u003e\n#include \u003cstdio.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cstdint.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cstdlib.h\u003e\n#include \u003cstring.h\u003e\n#include \u003csys/mman.h\u003e\n#include \u003csys/ioctl.h\u003e\n#include \u003clinux/types.h\u003e\n#include \u003clinux/ioctl.h\u003e\n\n#define HMM_DMIRROR_EXCLUSIVE _IOWR(\u0027H\u0027, 0x05, struct hmm_dmirror_cmd)\n\nstruct hmm_dmirror_cmd {\n\t__u64 addr;\n\t__u64 ptr;\n\t__u64 npages;\n\t__u64 cpages;\n\t__u64 faults;\n};\n\nconst size_t size = 1 * 1024 * 1024 * 1024ul;\nconst size_t chunk_size = 2 * 1024 * 1024ul;\n\nint m\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22034",
"url": "https://www.suse.com/security/cve/CVE-2025-22034"
},
{
"category": "external",
"summary": "SUSE Bug 1241435 for CVE-2025-22034",
"url": "https://bugzilla.suse.com/1241435"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-22034"
},
{
"cve": "CVE-2025-22077",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22077"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"smb: client: fix TCP timers deadlock after rmmod\"\n\nThis reverts commit e9f2517a3e18a54a3943c098d2226b245d488801.\n\nCommit e9f2517a3e18 (\"smb: client: fix TCP timers deadlock after\nrmmod\") is intended to fix a null-ptr-deref in LOCKDEP, which is\nmentioned as CVE-2024-54680, but is actually did not fix anything;\nThe issue can be reproduced on top of it. [0]\n\nAlso, it reverted the change by commit ef7134c7fc48 (\"smb: client:\nFix use-after-free of network namespace.\") and introduced a real\nissue by reviving the kernel TCP socket.\n\nWhen a reconnect happens for a CIFS connection, the socket state\ntransitions to FIN_WAIT_1. Then, inet_csk_clear_xmit_timers_sync()\nin tcp_close() stops all timers for the socket.\n\nIf an incoming FIN packet is lost, the socket will stay at FIN_WAIT_1\nforever, and such sockets could be leaked up to net.ipv4.tcp_max_orphans.\n\nUsually, FIN can be retransmitted by the peer, but if the peer aborts\nthe connection, the issue comes into reality.\n\nI warned about this privately by pointing out the exact report [1],\nbut the bogus fix was finally merged.\n\nSo, we should not stop the timers to finally kill the connection on\nour side in that case, meaning we must not use a kernel socket for\nTCP whose sk-\u003esk_net_refcnt is 0.\n\nThe kernel socket does not have a reference to its netns to make it\npossible to tear down netns without cleaning up every resource in it.\n\nFor example, tunnel devices use a UDP socket internally, but we can\ndestroy netns without removing such devices and let it complete\nduring exit. Otherwise, netns would be leaked when the last application\ndied.\n\nHowever, this is problematic for TCP sockets because TCP has timers to\nclose the connection gracefully even after the socket is close()d. The\nlifetime of the socket and its netns is different from the lifetime of\nthe underlying connection.\n\nIf the socket user does not maintain the netns lifetime, the timer could\nbe fired after the socket is close()d and its netns is freed up, resulting\nin use-after-free.\n\nActually, we have seen so many similar issues and converted such sockets\nto have a reference to netns.\n\nThat\u0027s why I converted the CIFS client socket to have a reference to\nnetns (sk-\u003esk_net_refcnt == 1), which is somehow mentioned as out-of-scope\nof CIFS and technically wrong in e9f2517a3e18, but **is in-scope and right\nfix**.\n\nRegarding the LOCKDEP issue, we can prevent the module unload by\nbumping the module refcount when switching the LOCKDDEP key in\nsock_lock_init_class_and_name(). [2]\n\nFor a while, let\u0027s revert the bogus fix.\n\nNote that now we can use sk_net_refcnt_upgrade() for the socket\nconversion, but I\u0027ll do so later separately to make backport easy.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22077",
"url": "https://www.suse.com/security/cve/CVE-2025-22077"
},
{
"category": "external",
"summary": "SUSE Bug 1241403 for CVE-2025-22077",
"url": "https://bugzilla.suse.com/1241403"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-22077"
},
{
"cve": "CVE-2025-23141",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23141"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses\n\nAcquire a lock on kvm-\u003esrcu when userspace is getting MP state to handle a\nrather extreme edge case where \"accepting\" APIC events, i.e. processing\npending INIT or SIPI, can trigger accesses to guest memory. If the vCPU\nis in L2 with INIT *and* a TRIPLE_FAULT request pending, then getting MP\nstate will trigger a nested VM-Exit by way of -\u003echeck_nested_events(), and\nemuating the nested VM-Exit can access guest memory.\n\nThe splat was originally hit by syzkaller on a Google-internal kernel, and\nreproduced on an upstream kernel by hacking the triple_fault_event_test\nselftest to stuff a pending INIT, store an MSR on VM-Exit (to generate a\nmemory access on VMX), and do vcpu_mp_state_get() to trigger the scenario.\n\n =============================\n WARNING: suspicious RCU usage\n 6.14.0-rc3-b112d356288b-vmx/pi_lockdep_false_pos-lock #3 Not tainted\n -----------------------------\n include/linux/kvm_host.h:1058 suspicious rcu_dereference_check() usage!\n\n other info that might help us debug this:\n\n rcu_scheduler_active = 2, debug_locks = 1\n 1 lock held by triple_fault_ev/1256:\n #0: ffff88810df5a330 (\u0026vcpu-\u003emutex){+.+.}-{4:4}, at: kvm_vcpu_ioctl+0x8b/0x9a0 [kvm]\n\n stack backtrace:\n CPU: 11 UID: 1000 PID: 1256 Comm: triple_fault_ev Not tainted 6.14.0-rc3-b112d356288b-vmx #3\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x7f/0x90\n lockdep_rcu_suspicious+0x144/0x190\n kvm_vcpu_gfn_to_memslot+0x156/0x180 [kvm]\n kvm_vcpu_read_guest+0x3e/0x90 [kvm]\n read_and_check_msr_entry+0x2e/0x180 [kvm_intel]\n __nested_vmx_vmexit+0x550/0xde0 [kvm_intel]\n kvm_check_nested_events+0x1b/0x30 [kvm]\n kvm_apic_accept_events+0x33/0x100 [kvm]\n kvm_arch_vcpu_ioctl_get_mpstate+0x30/0x1d0 [kvm]\n kvm_vcpu_ioctl+0x33e/0x9a0 [kvm]\n __x64_sys_ioctl+0x8b/0xb0\n do_syscall_64+0x6c/0x170\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23141",
"url": "https://www.suse.com/security/cve/CVE-2025-23141"
},
{
"category": "external",
"summary": "SUSE Bug 1242782 for CVE-2025-23141",
"url": "https://bugzilla.suse.com/1242782"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-23141"
},
{
"cve": "CVE-2025-37798",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37798"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncodel: remove sch-\u003eq.qlen check before qdisc_tree_reduce_backlog()\n\nAfter making all -\u003eqlen_notify() callbacks idempotent, now it is safe to\nremove the check of qlen!=0 from both fq_codel_dequeue() and\ncodel_qdisc_dequeue().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37798",
"url": "https://www.suse.com/security/cve/CVE-2025-37798"
},
{
"category": "external",
"summary": "SUSE Bug 1242414 for CVE-2025-37798",
"url": "https://bugzilla.suse.com/1242414"
},
{
"category": "external",
"summary": "SUSE Bug 1242417 for CVE-2025-37798",
"url": "https://bugzilla.suse.com/1242417"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-37798"
},
{
"cve": "CVE-2025-37821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37821"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/eevdf: Fix se-\u003eslice being set to U64_MAX and resulting crash\n\nThere is a code path in dequeue_entities() that can set the slice of a\nsched_entity to U64_MAX, which sometimes results in a crash.\n\nThe offending case is when dequeue_entities() is called to dequeue a\ndelayed group entity, and then the entity\u0027s parent\u0027s dequeue is delayed.\nIn that case:\n\n1. In the if (entity_is_task(se)) else block at the beginning of\n dequeue_entities(), slice is set to\n cfs_rq_min_slice(group_cfs_rq(se)). If the entity was delayed, then\n it has no queued tasks, so cfs_rq_min_slice() returns U64_MAX.\n2. The first for_each_sched_entity() loop dequeues the entity.\n3. If the entity was its parent\u0027s only child, then the next iteration\n tries to dequeue the parent.\n4. If the parent\u0027s dequeue needs to be delayed, then it breaks from the\n first for_each_sched_entity() loop _without updating slice_.\n5. The second for_each_sched_entity() loop sets the parent\u0027s -\u003eslice to\n the saved slice, which is still U64_MAX.\n\nThis throws off subsequent calculations with potentially catastrophic\nresults. A manifestation we saw in production was:\n\n6. In update_entity_lag(), se-\u003eslice is used to calculate limit, which\n ends up as a huge negative number.\n7. limit is used in se-\u003evlag = clamp(vlag, -limit, limit). Because limit\n is negative, vlag \u003e limit, so se-\u003evlag is set to the same huge\n negative number.\n8. In place_entity(), se-\u003evlag is scaled, which overflows and results in\n another huge (positive or negative) number.\n9. The adjusted lag is subtracted from se-\u003evruntime, which increases or\n decreases se-\u003evruntime by a huge number.\n10. pick_eevdf() calls entity_eligible()/vruntime_eligible(), which\n incorrectly returns false because the vruntime is so far from the\n other vruntimes on the queue, causing the\n (vruntime - cfs_rq-\u003emin_vruntime) * load calulation to overflow.\n11. Nothing appears to be eligible, so pick_eevdf() returns NULL.\n12. pick_next_entity() tries to dereference the return value of\n pick_eevdf() and crashes.\n\nDumping the cfs_rq states from the core dumps with drgn showed tell-tale\nhuge vruntime ranges and bogus vlag values, and I also traced se-\u003eslice\nbeing set to U64_MAX on live systems (which was usually \"benign\" since\nthe rest of the runqueue needed to be in a particular state to crash).\n\nFix it in dequeue_entities() by always setting slice from the first\nnon-empty cfs_rq.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37821",
"url": "https://www.suse.com/security/cve/CVE-2025-37821"
},
{
"category": "external",
"summary": "SUSE Bug 1242864 for CVE-2025-37821",
"url": "https://bugzilla.suse.com/1242864"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-37821"
},
{
"cve": "CVE-2025-37849",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37849"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Tear down vGIC on failed vCPU creation\n\nIf kvm_arch_vcpu_create() fails to share the vCPU page with the\nhypervisor, we propagate the error back to the ioctl but leave the\nvGIC vCPU data initialised. Note only does this leak the corresponding\nmemory when the vCPU is destroyed but it can also lead to use-after-free\nif the redistributor device handling tries to walk into the vCPU.\n\nAdd the missing cleanup to kvm_arch_vcpu_create(), ensuring that the\nvGIC vCPU structures are destroyed on error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37849",
"url": "https://www.suse.com/security/cve/CVE-2025-37849"
},
{
"category": "external",
"summary": "SUSE Bug 1243000 for CVE-2025-37849",
"url": "https://bugzilla.suse.com/1243000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-37849"
},
{
"cve": "CVE-2025-37856",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37856"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: harden block_group::bg_list against list_del() races\n\nAs far as I can tell, these calls of list_del_init() on bg_list cannot\nrun concurrently with btrfs_mark_bg_unused() or btrfs_mark_bg_to_reclaim(),\nas they are in transaction error paths and situations where the block\ngroup is readonly.\n\nHowever, if there is any chance at all of racing with mark_bg_unused(),\nor a different future user of bg_list, better to be safe than sorry.\n\nOtherwise we risk the following interleaving (bg_list refcount in parens)\n\nT1 (some random op) T2 (btrfs_mark_bg_unused)\n !list_empty(\u0026bg-\u003ebg_list); (1)\nlist_del_init(\u0026bg-\u003ebg_list); (1)\n list_move_tail (1)\nbtrfs_put_block_group (0)\n btrfs_delete_unused_bgs\n bg = list_first_entry\n list_del_init(\u0026bg-\u003ebg_list);\n btrfs_put_block_group(bg); (-1)\n\nUltimately, this results in a broken ref count that hits zero one deref\nearly and the real final deref underflows the refcount, resulting in a WARNING.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37856",
"url": "https://www.suse.com/security/cve/CVE-2025-37856"
},
{
"category": "external",
"summary": "SUSE Bug 1243068 for CVE-2025-37856",
"url": "https://bugzilla.suse.com/1243068"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-37856"
},
{
"cve": "CVE-2025-37861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37861"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue\n\nWhen the task management thread processes reply queues while the reset\nthread resets them, the task management thread accesses an invalid queue ID\n(0xFFFF), set by the reset thread, which points to unallocated memory,\ncausing a crash.\n\nAdd flag \u0027io_admin_reset_sync\u0027 to synchronize access between the reset,\nI/O, and admin threads. Before a reset, the reset handler sets this flag to\nblock I/O and admin processing threads. If any thread bypasses the initial\ncheck, the reset thread waits up to 10 seconds for processing to finish. If\nthe wait exceeds 10 seconds, the controller is marked as unrecoverable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37861",
"url": "https://www.suse.com/security/cve/CVE-2025-37861"
},
{
"category": "external",
"summary": "SUSE Bug 1243055 for CVE-2025-37861",
"url": "https://bugzilla.suse.com/1243055"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-37861"
},
{
"cve": "CVE-2025-37864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37864"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: clean up FDB, MDB, VLAN entries on unbind\n\nAs explained in many places such as commit b117e1e8a86d (\"net: dsa:\ndelete dsa_legacy_fdb_add and dsa_legacy_fdb_del\"), DSA is written given\nthe assumption that higher layers have balanced additions/deletions.\nAs such, it only makes sense to be extremely vocal when those\nassumptions are violated and the driver unbinds with entries still\npresent.\n\nBut Ido Schimmel points out a very simple situation where that is wrong:\nhttps://lore.kernel.org/netdev/ZDazSM5UsPPjQuKr@shredder/\n(also briefly discussed by me in the aforementioned commit).\n\nBasically, while the bridge bypass operations are not something that DSA\nexplicitly documents, and for the majority of DSA drivers this API\nsimply causes them to go to promiscuous mode, that isn\u0027t the case for\nall drivers. Some have the necessary requirements for bridge bypass\noperations to do something useful - see dsa_switch_supports_uc_filtering().\n\nAlthough in tools/testing/selftests/net/forwarding/local_termination.sh,\nwe made an effort to popularize better mechanisms to manage address\nfilters on DSA interfaces from user space - namely macvlan for unicast,\nand setsockopt(IP_ADD_MEMBERSHIP) - through mtools - for multicast, the\nfact is that \u0027bridge fdb add ... self static local\u0027 also exists as\nkernel UAPI, and might be useful to someone, even if only for a quick\nhack.\n\nIt seems counter-productive to block that path by implementing shim\n.ndo_fdb_add and .ndo_fdb_del operations which just return -EOPNOTSUPP\nin order to prevent the ndo_dflt_fdb_add() and ndo_dflt_fdb_del() from\nrunning, although we could do that.\n\nAccepting that cleanup is necessary seems to be the only option.\nEspecially since we appear to be coming back at this from a different\nangle as well. Russell King is noticing that the WARN_ON() triggers even\nfor VLANs:\nhttps://lore.kernel.org/netdev/Z_li8Bj8bD4-BYKQ@shell.armlinux.org.uk/\n\nWhat happens in the bug report above is that dsa_port_do_vlan_del() fails,\nthen the VLAN entry lingers on, and then we warn on unbind and leak it.\n\nThis is not a straight revert of the blamed commit, but we now add an\ninformational print to the kernel log (to still have a way to see\nthat bugs exist), and some extra comments gathered from past years\u0027\nexperience, to justify the logic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37864",
"url": "https://www.suse.com/security/cve/CVE-2025-37864"
},
{
"category": "external",
"summary": "SUSE Bug 1242965 for CVE-2025-37864",
"url": "https://bugzilla.suse.com/1242965"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-37864"
},
{
"cve": "CVE-2025-38006",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38006"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mctp: Don\u0027t access ifa_index when missing\n\nIn mctp_dump_addrinfo, ifa_index can be used to filter interfaces, but\nonly when the struct ifaddrmsg is provided. Otherwise it will be\ncomparing to uninitialised memory - reproducible in the syzkaller case from\ndhcpd, or busybox \"ip addr show\".\n\nThe kernel MCTP implementation has always filtered by ifa_index, so\nexisting userspace programs expecting to dump MCTP addresses must\nalready be passing a valid ifa_index value (either 0 or a real index).\n\nBUG: KMSAN: uninit-value in mctp_dump_addrinfo+0x208/0xac0 net/mctp/device.c:128\n mctp_dump_addrinfo+0x208/0xac0 net/mctp/device.c:128\n rtnl_dump_all+0x3ec/0x5b0 net/core/rtnetlink.c:4380\n rtnl_dumpit+0xd5/0x2f0 net/core/rtnetlink.c:6824\n netlink_dump+0x97b/0x1690 net/netlink/af_netlink.c:2309",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38006",
"url": "https://www.suse.com/security/cve/CVE-2025-38006"
},
{
"category": "external",
"summary": "SUSE Bug 1244930 for CVE-2025-38006",
"url": "https://bugzilla.suse.com/1244930"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38006"
},
{
"cve": "CVE-2025-38008",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38008"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/page_alloc: fix race condition in unaccepted memory handling\n\nThe page allocator tracks the number of zones that have unaccepted memory\nusing static_branch_enc/dec() and uses that static branch in hot paths to\ndetermine if it needs to deal with unaccepted memory.\n\nBorislav and Thomas pointed out that the tracking is racy: operations on\nstatic_branch are not serialized against adding/removing unaccepted pages\nto/from the zone.\n\nSanity checks inside static_branch machinery detects it:\n\nWARNING: CPU: 0 PID: 10 at kernel/jump_label.c:276 __static_key_slow_dec_cpuslocked+0x8e/0xa0\n\nThe comment around the WARN() explains the problem:\n\n\t/*\n\t * Warn about the \u0027-1\u0027 case though; since that means a\n\t * decrement is concurrent with a first (0-\u003e1) increment. IOW\n\t * people are trying to disable something that wasn\u0027t yet fully\n\t * enabled. This suggests an ordering problem on the user side.\n\t */\n\nThe effect of this static_branch optimization is only visible on\nmicrobenchmark.\n\nInstead of adding more complexity around it, remove it altogether.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38008",
"url": "https://www.suse.com/security/cve/CVE-2025-38008"
},
{
"category": "external",
"summary": "SUSE Bug 1244939 for CVE-2025-38008",
"url": "https://bugzilla.suse.com/1244939"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38008"
},
{
"cve": "CVE-2025-38019",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38019"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_router: Fix use-after-free when deleting GRE net devices\n\nThe driver only offloads neighbors that are constructed on top of net\ndevices registered by it or their uppers (which are all Ethernet). The\ndevice supports GRE encapsulation and decapsulation of forwarded\ntraffic, but the driver will not offload dummy neighbors constructed on\ntop of GRE net devices as they are not uppers of its net devices:\n\n # ip link add name gre1 up type gre tos inherit local 192.0.2.1 remote 198.51.100.1\n # ip neigh add 0.0.0.0 lladdr 0.0.0.0 nud noarp dev gre1\n $ ip neigh show dev gre1 nud noarp\n 0.0.0.0 lladdr 0.0.0.0 NOARP\n\n(Note that the neighbor is not marked with \u0027offload\u0027)\n\nWhen the driver is reloaded and the existing configuration is replayed,\nthe driver does not perform the same check regarding existing neighbors\nand offloads the previously added one:\n\n # devlink dev reload pci/0000:01:00.0\n $ ip neigh show dev gre1 nud noarp\n 0.0.0.0 lladdr 0.0.0.0 offload NOARP\n\nIf the neighbor is later deleted, the driver will ignore the\nnotification (given the GRE net device is not its upper) and will\ntherefore keep referencing freed memory, resulting in a use-after-free\n[1] when the net device is deleted:\n\n # ip neigh del 0.0.0.0 lladdr 0.0.0.0 dev gre1\n # ip link del dev gre1\n\nFix by skipping neighbor replay if the net device for which the replay\nis performed is not our upper.\n\n[1]\nBUG: KASAN: slab-use-after-free in mlxsw_sp_neigh_entry_update+0x1ea/0x200\nRead of size 8 at addr ffff888155b0e420 by task ip/2282\n[...]\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x6f/0xa0\n print_address_description.constprop.0+0x6f/0x350\n print_report+0x108/0x205\n kasan_report+0xdf/0x110\n mlxsw_sp_neigh_entry_update+0x1ea/0x200\n mlxsw_sp_router_rif_gone_sync+0x2a8/0x440\n mlxsw_sp_rif_destroy+0x1e9/0x750\n mlxsw_sp_netdevice_ipip_ol_event+0x3c9/0xdc0\n mlxsw_sp_router_netdevice_event+0x3ac/0x15e0\n notifier_call_chain+0xca/0x150\n call_netdevice_notifiers_info+0x7f/0x100\n unregister_netdevice_many_notify+0xc8c/0x1d90\n rtnl_dellink+0x34e/0xa50\n rtnetlink_rcv_msg+0x6fb/0xb70\n netlink_rcv_skb+0x131/0x360\n netlink_unicast+0x426/0x710\n netlink_sendmsg+0x75a/0xc20\n __sock_sendmsg+0xc1/0x150\n ____sys_sendmsg+0x5aa/0x7b0\n ___sys_sendmsg+0xfc/0x180\n __sys_sendmsg+0x121/0x1b0\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38019",
"url": "https://www.suse.com/security/cve/CVE-2025-38019"
},
{
"category": "external",
"summary": "SUSE Bug 1245000 for CVE-2025-38019",
"url": "https://bugzilla.suse.com/1245000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38019"
},
{
"cve": "CVE-2025-38034",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38034"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref\n\nbtrfs_prelim_ref() calls the old and new reference variables in the\nincorrect order. This causes a NULL pointer dereference because oldref\nis passed as NULL to trace_btrfs_prelim_ref_insert().\n\nNote, trace_btrfs_prelim_ref_insert() is being called with newref as\noldref (and oldref as NULL) on purpose in order to print out\nthe values of newref.\n\nTo reproduce:\necho 1 \u003e /sys/kernel/debug/tracing/events/btrfs/btrfs_prelim_ref_insert/enable\n\nPerform some writeback operations.\n\nBacktrace:\nBUG: kernel NULL pointer dereference, address: 0000000000000018\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 115949067 P4D 115949067 PUD 11594a067 PMD 0\n Oops: Oops: 0000 [#1] SMP NOPTI\n CPU: 1 UID: 0 PID: 1188 Comm: fsstress Not tainted 6.15.0-rc2-tester+ #47 PREEMPT(voluntary) 7ca2cef72d5e9c600f0c7718adb6462de8149622\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-2-gc13ff2cd-prebuilt.qemu.org 04/01/2014\n RIP: 0010:trace_event_raw_event_btrfs__prelim_ref+0x72/0x130\n Code: e8 43 81 9f ff 48 85 c0 74 78 4d 85 e4 0f 84 8f 00 00 00 49 8b 94 24 c0 06 00 00 48 8b 0a 48 89 48 08 48 8b 52 08 48 89 50 10 \u003c49\u003e 8b 55 18 48 89 50 18 49 8b 55 20 48 89 50 20 41 0f b6 55 28 88\n RSP: 0018:ffffce44820077a0 EFLAGS: 00010286\n RAX: ffff8c6b403f9014 RBX: ffff8c6b55825730 RCX: 304994edf9cf506b\n RDX: d8b11eb7f0fdb699 RSI: ffff8c6b403f9010 RDI: ffff8c6b403f9010\n RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000010\n R10: 00000000ffffffff R11: 0000000000000000 R12: ffff8c6b4e8fb000\n R13: 0000000000000000 R14: ffffce44820077a8 R15: ffff8c6b4abd1540\n FS: 00007f4dc6813740(0000) GS:ffff8c6c1d378000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000018 CR3: 000000010eb42000 CR4: 0000000000750ef0\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n prelim_ref_insert+0x1c1/0x270\n find_parent_nodes+0x12a6/0x1ee0\n ? __entry_text_end+0x101f06/0x101f09\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? srso_alias_return_thunk+0x5/0xfbef5\n btrfs_is_data_extent_shared+0x167/0x640\n ? fiemap_process_hole+0xd0/0x2c0\n extent_fiemap+0xa5c/0xbc0\n ? __entry_text_end+0x101f05/0x101f09\n btrfs_fiemap+0x7e/0xd0\n do_vfs_ioctl+0x425/0x9d0\n __x64_sys_ioctl+0x75/0xc0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38034",
"url": "https://www.suse.com/security/cve/CVE-2025-38034"
},
{
"category": "external",
"summary": "SUSE Bug 1244792 for CVE-2025-38034",
"url": "https://bugzilla.suse.com/1244792"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38034"
},
{
"cve": "CVE-2025-38038",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38038"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: amd-pstate: Remove unnecessary driver_lock in set_boost\n\nset_boost is a per-policy function call, hence a driver wide lock is\nunnecessary. Also this mutex_acquire can collide with the mutex_acquire\nfrom the mode-switch path in status_store(), which can lead to a\ndeadlock. So, remove it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38038",
"url": "https://www.suse.com/security/cve/CVE-2025-38038"
},
{
"category": "external",
"summary": "SUSE Bug 1244812 for CVE-2025-38038",
"url": "https://bugzilla.suse.com/1244812"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38038"
},
{
"cve": "CVE-2025-38052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38052"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done\n\nSyzbot reported a slab-use-after-free with the following call trace:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in tipc_aead_encrypt_done+0x4bd/0x510 net/tipc/crypto.c:840\n Read of size 8 at addr ffff88807a733000 by task kworker/1:0/25\n\n Call Trace:\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n tipc_aead_encrypt_done+0x4bd/0x510 net/tipc/crypto.c:840\n crypto_request_complete include/crypto/algapi.h:266\n aead_request_complete include/crypto/internal/aead.h:85\n cryptd_aead_crypt+0x3b8/0x750 crypto/cryptd.c:772\n crypto_request_complete include/crypto/algapi.h:266\n cryptd_queue_worker+0x131/0x200 crypto/cryptd.c:181\n process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231\n\n Allocated by task 8355:\n kzalloc_noprof include/linux/slab.h:778\n tipc_crypto_start+0xcc/0x9e0 net/tipc/crypto.c:1466\n tipc_init_net+0x2dd/0x430 net/tipc/core.c:72\n ops_init+0xb9/0x650 net/core/net_namespace.c:139\n setup_net+0x435/0xb40 net/core/net_namespace.c:343\n copy_net_ns+0x2f0/0x670 net/core/net_namespace.c:508\n create_new_namespaces+0x3ea/0xb10 kernel/nsproxy.c:110\n unshare_nsproxy_namespaces+0xc0/0x1f0 kernel/nsproxy.c:228\n ksys_unshare+0x419/0x970 kernel/fork.c:3323\n __do_sys_unshare kernel/fork.c:3394\n\n Freed by task 63:\n kfree+0x12a/0x3b0 mm/slub.c:4557\n tipc_crypto_stop+0x23c/0x500 net/tipc/crypto.c:1539\n tipc_exit_net+0x8c/0x110 net/tipc/core.c:119\n ops_exit_list+0xb0/0x180 net/core/net_namespace.c:173\n cleanup_net+0x5b7/0xbf0 net/core/net_namespace.c:640\n process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231\n\nAfter freed the tipc_crypto tx by delete namespace, tipc_aead_encrypt_done\nmay still visit it in cryptd_queue_worker workqueue.\n\nI reproduce this issue by:\n ip netns add ns1\n ip link add veth1 type veth peer name veth2\n ip link set veth1 netns ns1\n ip netns exec ns1 tipc bearer enable media eth dev veth1\n ip netns exec ns1 tipc node set key this_is_a_master_key master\n ip netns exec ns1 tipc bearer disable media eth dev veth1\n ip netns del ns1\n\nThe key of reproduction is that, simd_aead_encrypt is interrupted, leading\nto crypto_simd_usable() return false. Thus, the cryptd_queue_worker is\ntriggered, and the tipc_crypto tx will be visited.\n\n tipc_disc_timeout\n tipc_bearer_xmit_skb\n tipc_crypto_xmit\n tipc_aead_encrypt\n crypto_aead_encrypt\n // encrypt()\n simd_aead_encrypt\n // crypto_simd_usable() is false\n child = \u0026ctx-\u003ecryptd_tfm-\u003ebase;\n\n simd_aead_encrypt\n crypto_aead_encrypt\n // encrypt()\n cryptd_aead_encrypt_enqueue\n cryptd_aead_enqueue\n cryptd_enqueue_request\n // trigger cryptd_queue_worker\n queue_work_on(smp_processor_id(), cryptd_wq, \u0026cpu_queue-\u003ework)\n\nFix this by holding net reference count before encrypt.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38052",
"url": "https://www.suse.com/security/cve/CVE-2025-38052"
},
{
"category": "external",
"summary": "SUSE Bug 1244749 for CVE-2025-38052",
"url": "https://bugzilla.suse.com/1244749"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38052"
},
{
"cve": "CVE-2025-38058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38058"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\n__legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock\n\n... or we risk stealing final mntput from sync umount - raising mnt_count\nafter umount(2) has verified that victim is not busy, but before it\nhas set MNT_SYNC_UMOUNT; in that case __legitimize_mnt() doesn\u0027t see\nthat it\u0027s safe to quietly undo mnt_count increment and leaves dropping\nthe reference to caller, where it\u0027ll be a full-blown mntput().\n\nCheck under mount_lock is needed; leaving the current one done before\ntaking that makes no sense - it\u0027s nowhere near common enough to bother\nwith.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38058",
"url": "https://www.suse.com/security/cve/CVE-2025-38058"
},
{
"category": "external",
"summary": "SUSE Bug 1245151 for CVE-2025-38058",
"url": "https://bugzilla.suse.com/1245151"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "low"
}
],
"title": "CVE-2025-38058"
},
{
"cve": "CVE-2025-38062",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38062"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngenirq/msi: Store the IOMMU IOVA directly in msi_desc instead of iommu_cookie\n\nThe IOMMU translation for MSI message addresses has been a 2-step process,\nseparated in time:\n\n 1) iommu_dma_prepare_msi(): A cookie pointer containing the IOVA address\n is stored in the MSI descriptor when an MSI interrupt is allocated.\n\n 2) iommu_dma_compose_msi_msg(): this cookie pointer is used to compute a\n translated message address.\n\nThis has an inherent lifetime problem for the pointer stored in the cookie\nthat must remain valid between the two steps. However, there is no locking\nat the irq layer that helps protect the lifetime. Today, this works under\nthe assumption that the iommu domain is not changed while MSI interrupts\nbeing programmed. This is true for normal DMA API users within the kernel,\nas the iommu domain is attached before the driver is probed and cannot be\nchanged while a driver is attached.\n\nClassic VFIO type1 also prevented changing the iommu domain while VFIO was\nrunning as it does not support changing the \"container\" after starting up.\n\nHowever, iommufd has improved this so that the iommu domain can be changed\nduring VFIO operation. This potentially allows userspace to directly race\nVFIO_DEVICE_ATTACH_IOMMUFD_PT (which calls iommu_attach_group()) and\nVFIO_DEVICE_SET_IRQS (which calls into iommu_dma_compose_msi_msg()).\n\nThis potentially causes both the cookie pointer and the unlocked call to\niommu_get_domain_for_dev() on the MSI translation path to become UAFs.\n\nFix the MSI cookie UAF by removing the cookie pointer. The translated IOVA\naddress is already known during iommu_dma_prepare_msi() and cannot change.\nThus, it can simply be stored as an integer in the MSI descriptor.\n\nThe other UAF related to iommu_get_domain_for_dev() will be addressed in\npatch \"iommu: Make iommu_dma_prepare_msi() into a generic operation\" by\nusing the IOMMU group mutex.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38062",
"url": "https://www.suse.com/security/cve/CVE-2025-38062"
},
{
"category": "external",
"summary": "SUSE Bug 1245216 for CVE-2025-38062",
"url": "https://bugzilla.suse.com/1245216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38062"
},
{
"cve": "CVE-2025-38075",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38075"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: iscsi: Fix timeout on deleted connection\n\nNOPIN response timer may expire on a deleted connection and crash with\nsuch logs:\n\nDid not receive response to NOPIN on CID: 0, failing connection for I_T Nexus (null),i,0x00023d000125,iqn.2017-01.com.iscsi.target,t,0x3d\n\nBUG: Kernel NULL pointer dereference on read at 0x00000000\nNIP strlcpy+0x8/0xb0\nLR iscsit_fill_cxn_timeout_err_stats+0x5c/0xc0 [iscsi_target_mod]\nCall Trace:\n iscsit_handle_nopin_response_timeout+0xfc/0x120 [iscsi_target_mod]\n call_timer_fn+0x58/0x1f0\n run_timer_softirq+0x740/0x860\n __do_softirq+0x16c/0x420\n irq_exit+0x188/0x1c0\n timer_interrupt+0x184/0x410\n\nThat is because nopin response timer may be re-started on nopin timer\nexpiration.\n\nStop nopin timer before stopping the nopin response timer to be sure\nthat no one of them will be re-started.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38075",
"url": "https://www.suse.com/security/cve/CVE-2025-38075"
},
{
"category": "external",
"summary": "SUSE Bug 1244734 for CVE-2025-38075",
"url": "https://bugzilla.suse.com/1244734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38075"
},
{
"cve": "CVE-2025-38087",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38087"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: fix use-after-free in taprio_dev_notifier\n\nSince taprio\u0027s taprio_dev_notifier() isn\u0027t protected by an\nRCU read-side critical section, a race with advance_sched()\ncan lead to a use-after-free.\n\nAdding rcu_read_lock() inside taprio_dev_notifier() prevents this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38087",
"url": "https://www.suse.com/security/cve/CVE-2025-38087"
},
{
"category": "external",
"summary": "SUSE Bug 1245504 for CVE-2025-38087",
"url": "https://bugzilla.suse.com/1245504"
},
{
"category": "external",
"summary": "SUSE Bug 1245505 for CVE-2025-38087",
"url": "https://bugzilla.suse.com/1245505"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38087"
},
{
"cve": "CVE-2025-38088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38088"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap\n\nmemtrace mmap issue has an out of bounds issue. This patch fixes the by\nchecking that the requested mapping region size should stay within the\nallocated region size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38088",
"url": "https://www.suse.com/security/cve/CVE-2025-38088"
},
{
"category": "external",
"summary": "SUSE Bug 1245506 for CVE-2025-38088",
"url": "https://bugzilla.suse.com/1245506"
},
{
"category": "external",
"summary": "SUSE Bug 1245507 for CVE-2025-38088",
"url": "https://bugzilla.suse.com/1245507"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38088"
},
{
"cve": "CVE-2025-38089",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38089"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: handle SVC_GARBAGE during svc auth processing as auth error\n\ntianshuo han reported a remotely-triggerable crash if the client sends a\nkernel RPC server a specially crafted packet. If decoding the RPC reply\nfails in such a way that SVC_GARBAGE is returned without setting the\nrq_accept_statp pointer, then that pointer can be dereferenced and a\nvalue stored there.\n\nIf it\u0027s the first time the thread has processed an RPC, then that\npointer will be set to NULL and the kernel will crash. In other cases,\nit could create a memory scribble.\n\nThe server sunrpc code treats a SVC_GARBAGE return from svc_authenticate\nor pg_authenticate as if it should send a GARBAGE_ARGS reply. RFC 5531\nsays that if authentication fails that the RPC should be rejected\ninstead with a status of AUTH_ERR.\n\nHandle a SVC_GARBAGE return as an AUTH_ERROR, with a reason of\nAUTH_BADCRED instead of returning GARBAGE_ARGS in that case. This\nsidesteps the whole problem of touching the rpc_accept_statp pointer in\nthis situation and avoids the crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38089",
"url": "https://www.suse.com/security/cve/CVE-2025-38089"
},
{
"category": "external",
"summary": "SUSE Bug 1245508 for CVE-2025-38089",
"url": "https://bugzilla.suse.com/1245508"
},
{
"category": "external",
"summary": "SUSE Bug 1245509 for CVE-2025-38089",
"url": "https://bugzilla.suse.com/1245509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38089"
},
{
"cve": "CVE-2025-38090",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38090"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers/rapidio/rio_cm.c: prevent possible heap overwrite\n\nIn\n\nriocm_cdev_ioctl(RIO_CM_CHAN_SEND)\n -\u003e cm_chan_msg_send()\n -\u003e riocm_ch_send()\n\ncm_chan_msg_send() checks that userspace didn\u0027t send too much data but\nriocm_ch_send() failed to check that userspace sent sufficient data. The\nresult is that riocm_ch_send() can write to fields in the rio_ch_chan_hdr\nwhich were outside the bounds of the space which cm_chan_msg_send()\nallocated.\n\nAddress this by teaching riocm_ch_send() to check that the entire\nrio_ch_chan_hdr was copied in from userspace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38090",
"url": "https://www.suse.com/security/cve/CVE-2025-38090"
},
{
"category": "external",
"summary": "SUSE Bug 1245510 for CVE-2025-38090",
"url": "https://bugzilla.suse.com/1245510"
},
{
"category": "external",
"summary": "SUSE Bug 1245511 for CVE-2025-38090",
"url": "https://bugzilla.suse.com/1245511"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38090"
},
{
"cve": "CVE-2025-38091",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38091"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: check stream id dml21 wrapper to get plane_id\n\n[Why \u0026 How]\nFix a false positive warning which occurs due to lack of correct checks\nwhen querying plane_id in DML21. This fixes the warning when performing a\nmode1 reset (cat /sys/kernel/debug/dri/1/amdgpu_gpu_recover):\n\n[ 35.751250] WARNING: CPU: 11 PID: 326 at /tmp/amd.PHpyAl7v/amd/amdgpu/../display/dc/dml2/dml2_dc_resource_mgmt.c:91 dml2_map_dc_pipes+0x243d/0x3f40 [amdgpu]\n[ 35.751434] Modules linked in: amdgpu(OE) amddrm_ttm_helper(OE) amdttm(OE) amddrm_buddy(OE) amdxcp(OE) amddrm_exec(OE) amd_sched(OE) amdkcl(OE) drm_suballoc_helper drm_ttm_helper ttm drm_display_helper cec rc_core i2c_algo_bit rfcomm qrtr cmac algif_hash algif_skcipher af_alg bnep amd_atl intel_rapl_msr intel_rapl_common snd_hda_codec_hdmi snd_hda_intel edac_mce_amd snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec kvm_amd snd_hda_core snd_hwdep snd_pcm kvm snd_seq_midi snd_seq_midi_event snd_rawmidi crct10dif_pclmul polyval_clmulni polyval_generic btusb ghash_clmulni_intel sha256_ssse3 btrtl sha1_ssse3 snd_seq btintel aesni_intel btbcm btmtk snd_seq_device crypto_simd sunrpc cryptd bluetooth snd_timer ccp binfmt_misc rapl snd i2c_piix4 wmi_bmof gigabyte_wmi k10temp i2c_smbus soundcore gpio_amdpt mac_hid sch_fq_codel msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs ip_tables x_tables autofs4 hid_generic usbhid hid crc32_pclmul igc ahci xhci_pci libahci xhci_pci_renesas video wmi\n[ 35.751501] CPU: 11 UID: 0 PID: 326 Comm: kworker/u64:9 Tainted: G OE 6.11.0-21-generic #21~24.04.1-Ubuntu\n[ 35.751504] Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n[ 35.751505] Hardware name: Gigabyte Technology Co., Ltd. X670E AORUS PRO X/X670E AORUS PRO X, BIOS F30 05/22/2024\n[ 35.751506] Workqueue: amdgpu-reset-dev amdgpu_debugfs_reset_work [amdgpu]\n[ 35.751638] RIP: 0010:dml2_map_dc_pipes+0x243d/0x3f40 [amdgpu]\n[ 35.751794] Code: 6d 0c 00 00 8b 84 24 88 00 00 00 41 3b 44 9c 20 0f 84 fc 07 00 00 48 83 c3 01 48 83 fb 06 75 b3 4c 8b 64 24 68 4c 8b 6c 24 40 \u003c0f\u003e 0b b8 06 00 00 00 49 8b 94 24 a0 49 00 00 89 c3 83 f8 07 0f 87\n[ 35.751796] RSP: 0018:ffffbfa3805d7680 EFLAGS: 00010246\n[ 35.751798] RAX: 0000000000010000 RBX: 0000000000000006 RCX: 0000000000000000\n[ 35.751799] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000000\n[ 35.751800] RBP: ffffbfa3805d78f0 R08: 0000000000000000 R09: 0000000000000000\n[ 35.751801] R10: 0000000000000000 R11: 0000000000000000 R12: ffffbfa383249000\n[ 35.751802] R13: ffffa0e68f280000 R14: ffffbfa383249658 R15: 0000000000000000\n[ 35.751803] FS: 0000000000000000(0000) GS:ffffa0edbe580000(0000) knlGS:0000000000000000\n[ 35.751804] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 35.751805] CR2: 00005d847ef96c58 CR3: 000000041de3e000 CR4: 0000000000f50ef0\n[ 35.751806] PKRU: 55555554\n[ 35.751807] Call Trace:\n[ 35.751810] \u003cTASK\u003e\n[ 35.751816] ? show_regs+0x6c/0x80\n[ 35.751820] ? __warn+0x88/0x140\n[ 35.751822] ? dml2_map_dc_pipes+0x243d/0x3f40 [amdgpu]\n[ 35.751964] ? report_bug+0x182/0x1b0\n[ 35.751969] ? handle_bug+0x6e/0xb0\n[ 35.751972] ? exc_invalid_op+0x18/0x80\n[ 35.751974] ? asm_exc_invalid_op+0x1b/0x20\n[ 35.751978] ? dml2_map_dc_pipes+0x243d/0x3f40 [amdgpu]\n[ 35.752117] ? math_pow+0x48/0xa0 [amdgpu]\n[ 35.752256] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 35.752260] ? math_pow+0x48/0xa0 [amdgpu]\n[ 35.752400] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 35.752403] ? math_pow+0x11/0xa0 [amdgpu]\n[ 35.752524] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 35.752526] ? core_dcn4_mode_programming+0xe4d/0x20d0 [amdgpu]\n[ 35.752663] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 35.752669] dml21_validate+0x3d4/0x980 [amdgpu]\n\n(cherry picked from commit f8ad62c0a93e5dd94243e10f1b742232e4d6411e)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38091",
"url": "https://www.suse.com/security/cve/CVE-2025-38091"
},
{
"category": "external",
"summary": "SUSE Bug 1245621 for CVE-2025-38091",
"url": "https://bugzilla.suse.com/1245621"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38091"
},
{
"cve": "CVE-2025-38095",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38095"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma-buf: insert memory barrier before updating num_fences\n\nsmp_store_mb() inserts memory barrier after storing operation.\nIt is different with what the comment is originally aiming so Null\npointer dereference can be happened if memory update is reordered.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38095",
"url": "https://www.suse.com/security/cve/CVE-2025-38095"
},
{
"category": "external",
"summary": "SUSE Bug 1245658 for CVE-2025-38095",
"url": "https://bugzilla.suse.com/1245658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38095"
},
{
"cve": "CVE-2025-38096",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38096"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: don\u0027t warn when if there is a FW error\n\niwl_trans_reclaim is warning if it is called when the FW is not alive.\nBut if it is called when there is a pending restart, i.e. after a FW\nerror, there is no need to warn, instead - return silently.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38096",
"url": "https://www.suse.com/security/cve/CVE-2025-38096"
},
{
"category": "external",
"summary": "SUSE Bug 1245657 for CVE-2025-38096",
"url": "https://bugzilla.suse.com/1245657"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38096"
},
{
"cve": "CVE-2025-38098",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38098"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Don\u0027t treat wb connector as physical in create_validate_stream_for_sink\n\nDon\u0027t try to operate on a drm_wb_connector as an amdgpu_dm_connector.\nWhile dereferencing aconnector-\u003ebase will \"work\" it\u0027s wrong and\nmight lead to unknown bad things. Just... don\u0027t.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38098",
"url": "https://www.suse.com/security/cve/CVE-2025-38098"
},
{
"category": "external",
"summary": "SUSE Bug 1245654 for CVE-2025-38098",
"url": "https://bugzilla.suse.com/1245654"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38098"
},
{
"cve": "CVE-2025-38099",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38099"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Disable SCO support if READ_VOICE_SETTING is unsupported/broken\n\nA SCO connection without the proper voice_setting can cause\nthe controller to lock up.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38099",
"url": "https://www.suse.com/security/cve/CVE-2025-38099"
},
{
"category": "external",
"summary": "SUSE Bug 1245671 for CVE-2025-38099",
"url": "https://bugzilla.suse.com/1245671"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38099"
},
{
"cve": "CVE-2025-38101",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38101"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nring-buffer: Fix buffer locking in ring_buffer_subbuf_order_set()\n\nEnlarge the critical section in ring_buffer_subbuf_order_set() to\nensure that error handling takes place with per-buffer mutex held,\nthus preventing list corruption and other concurrency-related issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38101",
"url": "https://www.suse.com/security/cve/CVE-2025-38101"
},
{
"category": "external",
"summary": "SUSE Bug 1245659 for CVE-2025-38101",
"url": "https://bugzilla.suse.com/1245659"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38101"
},
{
"cve": "CVE-2025-38102",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38102"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nVMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify\n\nDuring our test, it is found that a warning can be trigger in try_grab_folio\nas follow:\n\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 1678 at mm/gup.c:147 try_grab_folio+0x106/0x130\n Modules linked in:\n CPU: 0 UID: 0 PID: 1678 Comm: syz.3.31 Not tainted 6.15.0-rc5 #163 PREEMPT(undef)\n RIP: 0010:try_grab_folio+0x106/0x130\n Call Trace:\n \u003cTASK\u003e\n follow_huge_pmd+0x240/0x8e0\n follow_pmd_mask.constprop.0.isra.0+0x40b/0x5c0\n follow_pud_mask.constprop.0.isra.0+0x14a/0x170\n follow_page_mask+0x1c2/0x1f0\n __get_user_pages+0x176/0x950\n __gup_longterm_locked+0x15b/0x1060\n ? gup_fast+0x120/0x1f0\n gup_fast_fallback+0x17e/0x230\n get_user_pages_fast+0x5f/0x80\n vmci_host_unlocked_ioctl+0x21c/0xf80\n RIP: 0033:0x54d2cd\n ---[ end trace 0000000000000000 ]---\n\nDigging into the source, context-\u003enotify_page may init by get_user_pages_fast\nand can be seen in vmci_ctx_unset_notify which will try to put_page. However\nget_user_pages_fast is not finished here and lead to following\ntry_grab_folio warning. The race condition is shown as follow:\n\ncpu0\t\t\tcpu1\nvmci_host_do_set_notify\nvmci_host_setup_notify\nget_user_pages_fast(uva, 1, FOLL_WRITE, \u0026context-\u003enotify_page);\nlockless_pages_from_mm\ngup_pgd_range\ngup_huge_pmd // update \u0026context-\u003enotify_page\n\t\t\tvmci_host_do_set_notify\n\t\t\tvmci_ctx_unset_notify\n\t\t\tnotify_page = context-\u003enotify_page;\n\t\t\tif (notify_page)\n\t\t\tput_page(notify_page);\t// page is freed\n__gup_longterm_locked\n__get_user_pages\nfollow_trans_huge_pmd\ntry_grab_folio // warn here\n\nTo slove this, use local variable page to make notify_page can be seen\nafter finish get_user_pages_fast.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38102",
"url": "https://www.suse.com/security/cve/CVE-2025-38102"
},
{
"category": "external",
"summary": "SUSE Bug 1245669 for CVE-2025-38102",
"url": "https://bugzilla.suse.com/1245669"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38102"
},
{
"cve": "CVE-2025-38103",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38103"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse()\n\nUpdate struct hid_descriptor to better reflect the mandatory and\noptional parts of the HID Descriptor as per USB HID 1.11 specification.\nNote: the kernel currently does not parse any optional HID class\ndescriptors, only the mandatory report descriptor.\n\nUpdate all references to member element desc[0] to rpt_desc.\n\nAdd test to verify bLength and bNumDescriptors values are valid.\n\nReplace the for loop with direct access to the mandatory HID class\ndescriptor member for the report descriptor. This eliminates the\npossibility of getting an out-of-bounds fault.\n\nAdd a warning message if the HID descriptor contains any unsupported\noptional HID class descriptors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38103",
"url": "https://www.suse.com/security/cve/CVE-2025-38103"
},
{
"category": "external",
"summary": "SUSE Bug 1245663 for CVE-2025-38103",
"url": "https://bugzilla.suse.com/1245663"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "low"
}
],
"title": "CVE-2025-38103"
},
{
"cve": "CVE-2025-38106",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38106"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: fix use-after-free of sq-\u003ethread in __io_uring_show_fdinfo()\n\nsyzbot reports:\n\nBUG: KASAN: slab-use-after-free in getrusage+0x1109/0x1a60\nRead of size 8 at addr ffff88810de2d2c8 by task a.out/304\n\nCPU: 0 UID: 0 PID: 304 Comm: a.out Not tainted 6.16.0-rc1 #1 PREEMPT(voluntary)\nHardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x53/0x70\n print_report+0xd0/0x670\n ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n ? getrusage+0x1109/0x1a60\n kasan_report+0xce/0x100\n ? getrusage+0x1109/0x1a60\n getrusage+0x1109/0x1a60\n ? __pfx_getrusage+0x10/0x10\n __io_uring_show_fdinfo+0x9fe/0x1790\n ? ksys_read+0xf7/0x1c0\n ? do_syscall_64+0xa4/0x260\n ? vsnprintf+0x591/0x1100\n ? __pfx___io_uring_show_fdinfo+0x10/0x10\n ? __pfx_vsnprintf+0x10/0x10\n ? mutex_trylock+0xcf/0x130\n ? __pfx_mutex_trylock+0x10/0x10\n ? __pfx_show_fd_locks+0x10/0x10\n ? io_uring_show_fdinfo+0x57/0x80\n io_uring_show_fdinfo+0x57/0x80\n seq_show+0x38c/0x690\n seq_read_iter+0x3f7/0x1180\n ? inode_set_ctime_current+0x160/0x4b0\n seq_read+0x271/0x3e0\n ? __pfx_seq_read+0x10/0x10\n ? __pfx__raw_spin_lock+0x10/0x10\n ? __mark_inode_dirty+0x402/0x810\n ? selinux_file_permission+0x368/0x500\n ? file_update_time+0x10f/0x160\n vfs_read+0x177/0xa40\n ? __pfx___handle_mm_fault+0x10/0x10\n ? __pfx_vfs_read+0x10/0x10\n ? mutex_lock+0x81/0xe0\n ? __pfx_mutex_lock+0x10/0x10\n ? fdget_pos+0x24d/0x4b0\n ksys_read+0xf7/0x1c0\n ? __pfx_ksys_read+0x10/0x10\n ? do_user_addr_fault+0x43b/0x9c0\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f0f74170fc9\nCode: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 8\nRSP: 002b:00007fffece049e8 EFLAGS: 00000206 ORIG_RAX: 0000000000000000\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0f74170fc9\nRDX: 0000000000001000 RSI: 00007fffece049f0 RDI: 0000000000000004\nRBP: 00007fffece05ad0 R08: 0000000000000000 R09: 00007fffece04d90\nR10: 0000000000000000 R11: 0000000000000206 R12: 00005651720a1100\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n \u003c/TASK\u003e\n\nAllocated by task 298:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n __kasan_slab_alloc+0x6e/0x70\n kmem_cache_alloc_node_noprof+0xe8/0x330\n copy_process+0x376/0x5e00\n create_io_thread+0xab/0xf0\n io_sq_offload_create+0x9ed/0xf20\n io_uring_setup+0x12b0/0x1cc0\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 22:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x37/0x50\n kmem_cache_free+0xc4/0x360\n rcu_core+0x5ff/0x19f0\n handle_softirqs+0x18c/0x530\n run_ksoftirqd+0x20/0x30\n smpboot_thread_fn+0x287/0x6c0\n kthread+0x30d/0x630\n ret_from_fork+0xef/0x1a0\n ret_from_fork_asm+0x1a/0x30\n\nLast potentially related work creation:\n kasan_save_stack+0x33/0x60\n kasan_record_aux_stack+0x8c/0xa0\n __call_rcu_common.constprop.0+0x68/0x940\n __schedule+0xff2/0x2930\n __cond_resched+0x4c/0x80\n mutex_lock+0x5c/0xe0\n io_uring_del_tctx_node+0xe1/0x2b0\n io_uring_clean_tctx+0xb7/0x160\n io_uring_cancel_generic+0x34e/0x760\n do_exit+0x240/0x2350\n do_group_exit+0xab/0x220\n __x64_sys_exit_group+0x39/0x40\n x64_sys_call+0x1243/0x1840\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nThe buggy address belongs to the object at ffff88810de2cb00\n which belongs to the cache task_struct of size 3712\nThe buggy address is located 1992 bytes inside of\n freed 3712-byte region [ffff88810de2cb00, ffff88810de2d980)\n\nwhich is caused by the task_struct pointed to by sq-\u003ethread being\nreleased while it is being used in the function\n__io_uring_show_fdinfo(). Holding ctx-\u003euring_lock does not prevent ehre\nrelase or exit of sq-\u003ethread.\n\nFix this by assigning and looking up -\u003ethread under RCU, and grabbing a\nreference to the task_struct. This e\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38106",
"url": "https://www.suse.com/security/cve/CVE-2025-38106"
},
{
"category": "external",
"summary": "SUSE Bug 1245664 for CVE-2025-38106",
"url": "https://bugzilla.suse.com/1245664"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38106"
},
{
"cve": "CVE-2025-38107",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38107"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: ets: fix a race in ets_qdisc_change()\n\nGerrard Tai reported a race condition in ETS, whenever SFQ perturb timer\nfires at the wrong time.\n\nThe race is as follows:\n\nCPU 0 CPU 1\n[1]: lock root\n[2]: qdisc_tree_flush_backlog()\n[3]: unlock root\n |\n | [5]: lock root\n | [6]: rehash\n | [7]: qdisc_tree_reduce_backlog()\n |\n[4]: qdisc_put()\n\nThis can be abused to underflow a parent\u0027s qlen.\n\nCalling qdisc_purge_queue() instead of qdisc_tree_flush_backlog()\nshould fix the race, because all packets will be purged from the qdisc\nbefore releasing the lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38107",
"url": "https://www.suse.com/security/cve/CVE-2025-38107"
},
{
"category": "external",
"summary": "SUSE Bug 1245676 for CVE-2025-38107",
"url": "https://bugzilla.suse.com/1245676"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38107"
},
{
"cve": "CVE-2025-38108",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38108"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: red: fix a race in __red_change()\n\nGerrard Tai reported a race condition in RED, whenever SFQ perturb timer\nfires at the wrong time.\n\nThe race is as follows:\n\nCPU 0 CPU 1\n[1]: lock root\n[2]: qdisc_tree_flush_backlog()\n[3]: unlock root\n |\n | [5]: lock root\n | [6]: rehash\n | [7]: qdisc_tree_reduce_backlog()\n |\n[4]: qdisc_put()\n\nThis can be abused to underflow a parent\u0027s qlen.\n\nCalling qdisc_purge_queue() instead of qdisc_tree_flush_backlog()\nshould fix the race, because all packets will be purged from the qdisc\nbefore releasing the lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38108",
"url": "https://www.suse.com/security/cve/CVE-2025-38108"
},
{
"category": "external",
"summary": "SUSE Bug 1245675 for CVE-2025-38108",
"url": "https://bugzilla.suse.com/1245675"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38108"
},
{
"cve": "CVE-2025-38109",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38109"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix ECVF vports unload on shutdown flow\n\nFix shutdown flow UAF when a virtual function is created on the embedded\nchip (ECVF) of a BlueField device. In such case the vport acl ingress\ntable is not properly destroyed.\n\nECVF functionality is independent of ecpf_vport_exists capability and\nthus functions mlx5_eswitch_(enable|disable)_pf_vf_vports() should not\ntest it when enabling/disabling ECVF vports.\n\nkernel log:\n[] refcount_t: underflow; use-after-free.\n[] WARNING: CPU: 3 PID: 1 at lib/refcount.c:28\n refcount_warn_saturate+0x124/0x220\n----------------\n[] Call trace:\n[] refcount_warn_saturate+0x124/0x220\n[] tree_put_node+0x164/0x1e0 [mlx5_core]\n[] mlx5_destroy_flow_table+0x98/0x2c0 [mlx5_core]\n[] esw_acl_ingress_table_destroy+0x28/0x40 [mlx5_core]\n[] esw_acl_ingress_lgcy_cleanup+0x80/0xf4 [mlx5_core]\n[] esw_legacy_vport_acl_cleanup+0x44/0x60 [mlx5_core]\n[] esw_vport_cleanup+0x64/0x90 [mlx5_core]\n[] mlx5_esw_vport_disable+0xc0/0x1d0 [mlx5_core]\n[] mlx5_eswitch_unload_ec_vf_vports+0xcc/0x150 [mlx5_core]\n[] mlx5_eswitch_disable_sriov+0x198/0x2a0 [mlx5_core]\n[] mlx5_device_disable_sriov+0xb8/0x1e0 [mlx5_core]\n[] mlx5_sriov_detach+0x40/0x50 [mlx5_core]\n[] mlx5_unload+0x40/0xc4 [mlx5_core]\n[] mlx5_unload_one_devl_locked+0x6c/0xe4 [mlx5_core]\n[] mlx5_unload_one+0x3c/0x60 [mlx5_core]\n[] shutdown+0x7c/0xa4 [mlx5_core]\n[] pci_device_shutdown+0x3c/0xa0\n[] device_shutdown+0x170/0x340\n[] __do_sys_reboot+0x1f4/0x2a0\n[] __arm64_sys_reboot+0x2c/0x40\n[] invoke_syscall+0x78/0x100\n[] el0_svc_common.constprop.0+0x54/0x184\n[] do_el0_svc+0x30/0xac\n[] el0_svc+0x48/0x160\n[] el0t_64_sync_handler+0xa4/0x12c\n[] el0t_64_sync+0x1a4/0x1a8\n[] --[ end trace 9c4601d68c70030e ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38109",
"url": "https://www.suse.com/security/cve/CVE-2025-38109"
},
{
"category": "external",
"summary": "SUSE Bug 1245684 for CVE-2025-38109",
"url": "https://bugzilla.suse.com/1245684"
},
{
"category": "external",
"summary": "SUSE Bug 1245685 for CVE-2025-38109",
"url": "https://bugzilla.suse.com/1245685"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38109"
},
{
"cve": "CVE-2025-38110",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38110"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mdiobus: Fix potential out-of-bounds clause 45 read/write access\n\nWhen using publicly available tools like \u0027mdio-tools\u0027 to read/write data\nfrom/to network interface and its PHY via C45 (clause 45) mdiobus,\nthere is no verification of parameters passed to the ioctl and\nit accepts any mdio address.\nCurrently there is support for 32 addresses in kernel via PHY_MAX_ADDR define,\nbut it is possible to pass higher value than that via ioctl.\nWhile read/write operation should generally fail in this case,\nmdiobus provides stats array, where wrong address may allow out-of-bounds\nread/write.\n\nFix that by adding address verification before C45 read/write operation.\nWhile this excludes this access from any statistics, it improves security of\nread/write operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38110",
"url": "https://www.suse.com/security/cve/CVE-2025-38110"
},
{
"category": "external",
"summary": "SUSE Bug 1245665 for CVE-2025-38110",
"url": "https://bugzilla.suse.com/1245665"
},
{
"category": "external",
"summary": "SUSE Bug 1249458 for CVE-2025-38110",
"url": "https://bugzilla.suse.com/1249458"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38110"
},
{
"cve": "CVE-2025-38111",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38111"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mdiobus: Fix potential out-of-bounds read/write access\n\nWhen using publicly available tools like \u0027mdio-tools\u0027 to read/write data\nfrom/to network interface and its PHY via mdiobus, there is no verification of\nparameters passed to the ioctl and it accepts any mdio address.\nCurrently there is support for 32 addresses in kernel via PHY_MAX_ADDR define,\nbut it is possible to pass higher value than that via ioctl.\nWhile read/write operation should generally fail in this case,\nmdiobus provides stats array, where wrong address may allow out-of-bounds\nread/write.\n\nFix that by adding address verification before read/write operation.\nWhile this excludes this access from any statistics, it improves security of\nread/write operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38111",
"url": "https://www.suse.com/security/cve/CVE-2025-38111"
},
{
"category": "external",
"summary": "SUSE Bug 1245666 for CVE-2025-38111",
"url": "https://bugzilla.suse.com/1245666"
},
{
"category": "external",
"summary": "SUSE Bug 1249455 for CVE-2025-38111",
"url": "https://bugzilla.suse.com/1249455"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38111"
},
{
"cve": "CVE-2025-38112",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38112"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Fix TOCTOU issue in sk_is_readable()\n\nsk-\u003esk_prot-\u003esock_is_readable is a valid function pointer when sk resides\nin a sockmap. After the last sk_psock_put() (which usually happens when\nsocket is removed from sockmap), sk-\u003esk_prot gets restored and\nsk-\u003esk_prot-\u003esock_is_readable becomes NULL.\n\nThis makes sk_is_readable() racy, if the value of sk-\u003esk_prot is reloaded\nafter the initial check. Which in turn may lead to a null pointer\ndereference.\n\nEnsure the function pointer does not turn NULL after the check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38112",
"url": "https://www.suse.com/security/cve/CVE-2025-38112"
},
{
"category": "external",
"summary": "SUSE Bug 1245668 for CVE-2025-38112",
"url": "https://bugzilla.suse.com/1245668"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38112"
},
{
"cve": "CVE-2025-38113",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38113"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: CPPC: Fix NULL pointer dereference when nosmp is used\n\nWith nosmp in cmdline, other CPUs are not brought up, leaving\ntheir cpc_desc_ptr NULL. CPU0\u0027s iteration via for_each_possible_cpu()\ndereferences these NULL pointers, causing panic.\n\nPanic backtrace:\n\n[ 0.401123] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000b8\n...\n[ 0.403255] [\u003cffffffff809a5818\u003e] cppc_allow_fast_switch+0x6a/0xd4\n...\nKernel panic - not syncing: Attempted to kill init!\n\n[ rjw: New subject ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38113",
"url": "https://www.suse.com/security/cve/CVE-2025-38113"
},
{
"category": "external",
"summary": "SUSE Bug 1245683 for CVE-2025-38113",
"url": "https://bugzilla.suse.com/1245683"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38113"
},
{
"cve": "CVE-2025-38114",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38114"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ne1000: Move cancel_work_sync to avoid deadlock\n\nPreviously, e1000_down called cancel_work_sync for the e1000 reset task\n(via e1000_down_and_stop), which takes RTNL.\n\nAs reported by users and syzbot, a deadlock is possible in the following\nscenario:\n\nCPU 0:\n - RTNL is held\n - e1000_close\n - e1000_down\n - cancel_work_sync (cancel / wait for e1000_reset_task())\n\nCPU 1:\n - process_one_work\n - e1000_reset_task\n - take RTNL\n\nTo remedy this, avoid calling cancel_work_sync from e1000_down\n(e1000_reset_task does nothing if the device is down anyway). Instead,\ncall cancel_work_sync for e1000_reset_task when the device is being\nremoved.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38114",
"url": "https://www.suse.com/security/cve/CVE-2025-38114"
},
{
"category": "external",
"summary": "SUSE Bug 1245686 for CVE-2025-38114",
"url": "https://bugzilla.suse.com/1245686"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38114"
},
{
"cve": "CVE-2025-38117",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38117"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Protect mgmt_pending list with its own lock\n\nThis uses a mutex to protect from concurrent access of mgmt_pending\nlist which can cause crashes like:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in hci_sock_get_channel+0x60/0x68 net/bluetooth/hci_sock.c:91\nRead of size 2 at addr ffff0000c48885b2 by task syz.4.334/7318\n\nCPU: 0 UID: 0 PID: 7318 Comm: syz.4.334 Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025\nCall trace:\n show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:466 (C)\n __dump_stack+0x30/0x40 lib/dump_stack.c:94\n dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120\n print_address_description+0xa8/0x254 mm/kasan/report.c:408\n print_report+0x68/0x84 mm/kasan/report.c:521\n kasan_report+0xb0/0x110 mm/kasan/report.c:634\n __asan_report_load2_noabort+0x20/0x2c mm/kasan/report_generic.c:379\n hci_sock_get_channel+0x60/0x68 net/bluetooth/hci_sock.c:91\n mgmt_pending_find+0x7c/0x140 net/bluetooth/mgmt_util.c:223\n pending_find net/bluetooth/mgmt.c:947 [inline]\n remove_adv_monitor+0x44/0x1a4 net/bluetooth/mgmt.c:5445\n hci_mgmt_cmd+0x780/0xc00 net/bluetooth/hci_sock.c:1712\n hci_sock_sendmsg+0x544/0xbb0 net/bluetooth/hci_sock.c:1832\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg net/socket.c:727 [inline]\n sock_write_iter+0x25c/0x378 net/socket.c:1131\n new_sync_write fs/read_write.c:591 [inline]\n vfs_write+0x62c/0x97c fs/read_write.c:684\n ksys_write+0x120/0x210 fs/read_write.c:736\n __do_sys_write fs/read_write.c:747 [inline]\n __se_sys_write fs/read_write.c:744 [inline]\n __arm64_sys_write+0x7c/0x90 fs/read_write.c:744\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x58/0x17c arch/arm64/kernel/entry-common.c:767\n el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:786\n el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600\n\nAllocated by task 7037:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x40/0x78 mm/kasan/common.c:68\n kasan_save_alloc_info+0x44/0x54 mm/kasan/generic.c:562\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x9c/0xb4 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4327 [inline]\n __kmalloc_noprof+0x2fc/0x4c8 mm/slub.c:4339\n kmalloc_noprof include/linux/slab.h:909 [inline]\n sk_prot_alloc+0xc4/0x1f0 net/core/sock.c:2198\n sk_alloc+0x44/0x3ac net/core/sock.c:2254\n bt_sock_alloc+0x4c/0x300 net/bluetooth/af_bluetooth.c:148\n hci_sock_create+0xa8/0x194 net/bluetooth/hci_sock.c:2202\n bt_sock_create+0x14c/0x24c net/bluetooth/af_bluetooth.c:132\n __sock_create+0x43c/0x91c net/socket.c:1541\n sock_create net/socket.c:1599 [inline]\n __sys_socket_create net/socket.c:1636 [inline]\n __sys_socket+0xd4/0x1c0 net/socket.c:1683\n __do_sys_socket net/socket.c:1697 [inline]\n __se_sys_socket net/socket.c:1695 [inline]\n __arm64_sys_socket+0x7c/0x94 net/socket.c:1695\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x58/0x17c arch/arm64/kernel/entry-common.c:767\n el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:786\n el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600\n\nFreed by task 6607:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x40/0x78 mm/kasan/common.c:68\n kasan_save_free_info+0x58/0x70 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x68/0x88 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38117",
"url": "https://www.suse.com/security/cve/CVE-2025-38117"
},
{
"category": "external",
"summary": "SUSE Bug 1245695 for CVE-2025-38117",
"url": "https://bugzilla.suse.com/1245695"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38117"
},
{
"cve": "CVE-2025-38118",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38118"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete\n\nThis reworks MGMT_OP_REMOVE_ADV_MONITOR to not use mgmt_pending_add to\navoid crashes like bellow:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in mgmt_remove_adv_monitor_complete+0xe5/0x540 net/bluetooth/mgmt.c:5406\nRead of size 8 at addr ffff88801c53f318 by task kworker/u5:5/5341\n\nCPU: 0 UID: 0 PID: 5341 Comm: kworker/u5:5 Not tainted 6.15.0-syzkaller-10402-g4cb6c8af8591 #0 PREEMPT(full)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xd2/0x2b0 mm/kasan/report.c:521\n kasan_report+0x118/0x150 mm/kasan/report.c:634\n mgmt_remove_adv_monitor_complete+0xe5/0x540 net/bluetooth/mgmt.c:5406\n hci_cmd_sync_work+0x261/0x3a0 net/bluetooth/hci_sync.c:334\n process_one_work kernel/workqueue.c:3238 [inline]\n process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3321\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402\n kthread+0x711/0x8a0 kernel/kthread.c:464\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nAllocated by task 5987:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4358\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1039 [inline]\n mgmt_pending_new+0x65/0x240 net/bluetooth/mgmt_util.c:252\n mgmt_pending_add+0x34/0x120 net/bluetooth/mgmt_util.c:279\n remove_adv_monitor+0x103/0x1b0 net/bluetooth/mgmt.c:5454\n hci_mgmt_cmd+0x9c9/0xef0 net/bluetooth/hci_sock.c:1719\n hci_sock_sendmsg+0x6ca/0xef0 net/bluetooth/hci_sock.c:1839\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg+0x219/0x270 net/socket.c:727\n sock_write_iter+0x258/0x330 net/socket.c:1131\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x548/0xa90 fs/read_write.c:686\n ksys_write+0x145/0x250 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 5989:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x62/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2380 [inline]\n slab_free mm/slub.c:4642 [inline]\n kfree+0x18e/0x440 mm/slub.c:4841\n mgmt_pending_foreach+0xc9/0x120 net/bluetooth/mgmt_util.c:242\n mgmt_index_removed+0x10d/0x2f0 net/bluetooth/mgmt.c:9366\n hci_sock_bind+0xbe9/0x1000 net/bluetooth/hci_sock.c:1314\n __sys_bind_socket net/socket.c:1810 [inline]\n __sys_bind+0x2c3/0x3e0 net/socket.c:1841\n __do_sys_bind net/socket.c:1846 [inline]\n __se_sys_bind net/socket.c:1844 [inline]\n __x64_sys_bind+0x7a/0x90 net/socket.c:1844\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38118",
"url": "https://www.suse.com/security/cve/CVE-2025-38118"
},
{
"category": "external",
"summary": "SUSE Bug 1245670 for CVE-2025-38118",
"url": "https://bugzilla.suse.com/1245670"
},
{
"category": "external",
"summary": "SUSE Bug 1250826 for CVE-2025-38118",
"url": "https://bugzilla.suse.com/1250826"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38118"
},
{
"cve": "CVE-2025-38119",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38119"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: core: ufs: Fix a hang in the error handler\n\nufshcd_err_handling_prepare() calls ufshcd_rpm_get_sync(). The latter\nfunction can only succeed if UFSHCD_EH_IN_PROGRESS is not set because\nresuming involves submitting a SCSI command and ufshcd_queuecommand()\nreturns SCSI_MLQUEUE_HOST_BUSY if UFSHCD_EH_IN_PROGRESS is set. Fix this\nhang by setting UFSHCD_EH_IN_PROGRESS after ufshcd_rpm_get_sync() has\nbeen called instead of before.\n\nBacktrace:\n__switch_to+0x174/0x338\n__schedule+0x600/0x9e4\nschedule+0x7c/0xe8\nschedule_timeout+0xa4/0x1c8\nio_schedule_timeout+0x48/0x70\nwait_for_common_io+0xa8/0x160 //waiting on START_STOP\nwait_for_completion_io_timeout+0x10/0x20\nblk_execute_rq+0xe4/0x1e4\nscsi_execute_cmd+0x108/0x244\nufshcd_set_dev_pwr_mode+0xe8/0x250\n__ufshcd_wl_resume+0x94/0x354\nufshcd_wl_runtime_resume+0x3c/0x174\nscsi_runtime_resume+0x64/0xa4\nrpm_resume+0x15c/0xa1c\n__pm_runtime_resume+0x4c/0x90 // Runtime resume ongoing\nufshcd_err_handler+0x1a0/0xd08\nprocess_one_work+0x174/0x808\nworker_thread+0x15c/0x490\nkthread+0xf4/0x1ec\nret_from_fork+0x10/0x20\n\n[ bvanassche: rewrote patch description ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38119",
"url": "https://www.suse.com/security/cve/CVE-2025-38119"
},
{
"category": "external",
"summary": "SUSE Bug 1245700 for CVE-2025-38119",
"url": "https://bugzilla.suse.com/1245700"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38119"
},
{
"cve": "CVE-2025-38120",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38120"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_set_pipapo_avx2: fix initial map fill\n\nIf the first field doesn\u0027t cover the entire start map, then we must zero\nout the remainder, else we leak those bits into the next match round map.\n\nThe early fix was incomplete and did only fix up the generic C\nimplementation.\n\nA followup patch adds a test case to nft_concat_range.sh.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38120",
"url": "https://www.suse.com/security/cve/CVE-2025-38120"
},
{
"category": "external",
"summary": "SUSE Bug 1245711 for CVE-2025-38120",
"url": "https://bugzilla.suse.com/1245711"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38120"
},
{
"cve": "CVE-2025-38122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38122"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngve: add missing NULL check for gve_alloc_pending_packet() in TX DQO\n\ngve_alloc_pending_packet() can return NULL, but gve_tx_add_skb_dqo()\ndid not check for this case before dereferencing the returned pointer.\n\nAdd a missing NULL check to prevent a potential NULL pointer\ndereference when allocation fails.\n\nThis improves robustness in low-memory scenarios.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38122",
"url": "https://www.suse.com/security/cve/CVE-2025-38122"
},
{
"category": "external",
"summary": "SUSE Bug 1245746 for CVE-2025-38122",
"url": "https://bugzilla.suse.com/1245746"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38122"
},
{
"cve": "CVE-2025-38123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38123"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: wwan: t7xx: Fix napi rx poll issue\n\nWhen driver handles the napi rx polling requests, the netdev might\nhave been released by the dellink logic triggered by the disconnect\noperation on user plane. However, in the logic of processing skb in\npolling, an invalid netdev is still being used, which causes a panic.\n\nBUG: kernel NULL pointer dereference, address: 00000000000000f1\nOops: 0000 [#1] PREEMPT SMP NOPTI\nRIP: 0010:dev_gro_receive+0x3a/0x620\n[...]\nCall Trace:\n \u003cIRQ\u003e\n ? __die_body+0x68/0xb0\n ? page_fault_oops+0x379/0x3e0\n ? exc_page_fault+0x4f/0xa0\n ? asm_exc_page_fault+0x22/0x30\n ? __pfx_t7xx_ccmni_recv_skb+0x10/0x10 [mtk_t7xx (HASH:1400 7)]\n ? dev_gro_receive+0x3a/0x620\n napi_gro_receive+0xad/0x170\n t7xx_ccmni_recv_skb+0x48/0x70 [mtk_t7xx (HASH:1400 7)]\n t7xx_dpmaif_napi_rx_poll+0x590/0x800 [mtk_t7xx (HASH:1400 7)]\n net_rx_action+0x103/0x470\n irq_exit_rcu+0x13a/0x310\n sysvec_apic_timer_interrupt+0x56/0x90\n \u003c/IRQ\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38123",
"url": "https://www.suse.com/security/cve/CVE-2025-38123"
},
{
"category": "external",
"summary": "SUSE Bug 1245688 for CVE-2025-38123",
"url": "https://bugzilla.suse.com/1245688"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38123"
},
{
"cve": "CVE-2025-38124",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38124"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix udp gso skb_segment after pull from frag_list\n\nCommit a1e40ac5b5e9 (\"net: gso: fix udp gso fraglist segmentation after\npull from frag_list\") detected invalid geometry in frag_list skbs and\nredirects them from skb_segment_list to more robust skb_segment. But some\npackets with modified geometry can also hit bugs in that code. We don\u0027t\nknow how many such cases exist. Addressing each one by one also requires\ntouching the complex skb_segment code, which risks introducing bugs for\nother types of skbs. Instead, linearize all these packets that fail the\nbasic invariants on gso fraglist skbs. That is more robust.\n\nIf only part of the fraglist payload is pulled into head_skb, it will\nalways cause exception when splitting skbs by skb_segment. For detailed\ncall stack information, see below.\n\nValid SKB_GSO_FRAGLIST skbs\n- consist of two or more segments\n- the head_skb holds the protocol headers plus first gso_size\n- one or more frag_list skbs hold exactly one segment\n- all but the last must be gso_size\n\nOptional datapath hooks such as NAT and BPF (bpf_skb_pull_data) can\nmodify fraglist skbs, breaking these invariants.\n\nIn extreme cases they pull one part of data into skb linear. For UDP,\nthis causes three payloads with lengths of (11,11,10) bytes were\npulled tail to become (12,10,10) bytes.\n\nThe skbs no longer meets the above SKB_GSO_FRAGLIST conditions because\npayload was pulled into head_skb, it needs to be linearized before pass\nto regular skb_segment.\n\n skb_segment+0xcd0/0xd14\n __udp_gso_segment+0x334/0x5f4\n udp4_ufo_fragment+0x118/0x15c\n inet_gso_segment+0x164/0x338\n skb_mac_gso_segment+0xc4/0x13c\n __skb_gso_segment+0xc4/0x124\n validate_xmit_skb+0x9c/0x2c0\n validate_xmit_skb_list+0x4c/0x80\n sch_direct_xmit+0x70/0x404\n __dev_queue_xmit+0x64c/0xe5c\n neigh_resolve_output+0x178/0x1c4\n ip_finish_output2+0x37c/0x47c\n __ip_finish_output+0x194/0x240\n ip_finish_output+0x20/0xf4\n ip_output+0x100/0x1a0\n NF_HOOK+0xc4/0x16c\n ip_forward+0x314/0x32c\n ip_rcv+0x90/0x118\n __netif_receive_skb+0x74/0x124\n process_backlog+0xe8/0x1a4\n __napi_poll+0x5c/0x1f8\n net_rx_action+0x154/0x314\n handle_softirqs+0x154/0x4b8\n\n [118.376811] [C201134] rxq0_pus: [name:bug\u0026]kernel BUG at net/core/skbuff.c:4278!\n [118.376829] [C201134] rxq0_pus: [name:traps\u0026]Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP\n [118.470774] [C201134] rxq0_pus: [name:mrdump\u0026]Kernel Offset: 0x178cc00000 from 0xffffffc008000000\n [118.470810] [C201134] rxq0_pus: [name:mrdump\u0026]PHYS_OFFSET: 0x40000000\n [118.470827] [C201134] rxq0_pus: [name:mrdump\u0026]pstate: 60400005 (nZCv daif +PAN -UAO)\n [118.470848] [C201134] rxq0_pus: [name:mrdump\u0026]pc : [0xffffffd79598aefc] skb_segment+0xcd0/0xd14\n [118.470900] [C201134] rxq0_pus: [name:mrdump\u0026]lr : [0xffffffd79598a5e8] skb_segment+0x3bc/0xd14\n [118.470928] [C201134] rxq0_pus: [name:mrdump\u0026]sp : ffffffc008013770",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38124",
"url": "https://www.suse.com/security/cve/CVE-2025-38124"
},
{
"category": "external",
"summary": "SUSE Bug 1245690 for CVE-2025-38124",
"url": "https://bugzilla.suse.com/1245690"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38124"
},
{
"cve": "CVE-2025-38125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38125"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: make sure that ptp_rate is not 0 before configuring EST\n\nIf the ptp_rate recorded earlier in the driver happens to be 0, this\nbogus value will propagate up to EST configuration, where it will\ntrigger a division by 0.\n\nPrevent this division by 0 by adding the corresponding check and error\ncode.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38125",
"url": "https://www.suse.com/security/cve/CVE-2025-38125"
},
{
"category": "external",
"summary": "SUSE Bug 1245710 for CVE-2025-38125",
"url": "https://bugzilla.suse.com/1245710"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38125"
},
{
"cve": "CVE-2025-38127",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38127"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix Tx scheduler error handling in XDP callback\n\nWhen the XDP program is loaded, the XDP callback adds new Tx queues.\nThis means that the callback must update the Tx scheduler with the new\nqueue number. In the event of a Tx scheduler failure, the XDP callback\nshould also fail and roll back any changes previously made for XDP\npreparation.\n\nThe previous implementation had a bug that not all changes made by the\nXDP callback were rolled back. This caused the crash with the following\ncall trace:\n\n[ +9.549584] ice 0000:ca:00.0: Failed VSI LAN queue config for XDP, error: -5\n[ +0.382335] Oops: general protection fault, probably for non-canonical address 0x50a2250a90495525: 0000 [#1] SMP NOPTI\n[ +0.010710] CPU: 103 UID: 0 PID: 0 Comm: swapper/103 Not tainted 6.14.0-net-next-mar-31+ #14 PREEMPT(voluntary)\n[ +0.010175] Hardware name: Intel Corporation M50CYP2SBSTD/M50CYP2SBSTD, BIOS SE5C620.86B.01.01.0005.2202160810 02/16/2022\n[ +0.010946] RIP: 0010:__ice_update_sample+0x39/0xe0 [ice]\n\n[...]\n\n[ +0.002715] Call Trace:\n[ +0.002452] \u003cIRQ\u003e\n[ +0.002021] ? __die_body.cold+0x19/0x29\n[ +0.003922] ? die_addr+0x3c/0x60\n[ +0.003319] ? exc_general_protection+0x17c/0x400\n[ +0.004707] ? asm_exc_general_protection+0x26/0x30\n[ +0.004879] ? __ice_update_sample+0x39/0xe0 [ice]\n[ +0.004835] ice_napi_poll+0x665/0x680 [ice]\n[ +0.004320] __napi_poll+0x28/0x190\n[ +0.003500] net_rx_action+0x198/0x360\n[ +0.003752] ? update_rq_clock+0x39/0x220\n[ +0.004013] handle_softirqs+0xf1/0x340\n[ +0.003840] ? sched_clock_cpu+0xf/0x1f0\n[ +0.003925] __irq_exit_rcu+0xc2/0xe0\n[ +0.003665] common_interrupt+0x85/0xa0\n[ +0.003839] \u003c/IRQ\u003e\n[ +0.002098] \u003cTASK\u003e\n[ +0.002106] asm_common_interrupt+0x26/0x40\n[ +0.004184] RIP: 0010:cpuidle_enter_state+0xd3/0x690\n\nFix this by performing the missing unmapping of XDP queues from\nq_vectors and setting the XDP rings pointer back to NULL after all those\nqueues are released.\nAlso, add an immediate exit from the XDP callback in case of ring\npreparation failure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38127",
"url": "https://www.suse.com/security/cve/CVE-2025-38127"
},
{
"category": "external",
"summary": "SUSE Bug 1245705 for CVE-2025-38127",
"url": "https://bugzilla.suse.com/1245705"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38127"
},
{
"cve": "CVE-2025-38128",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38128"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: reject malformed HCI_CMD_SYNC commands\n\nIn \u0027mgmt_hci_cmd_sync()\u0027, check whether the size of parameters passed\nin \u0027struct mgmt_cp_hci_cmd_sync\u0027 matches the total size of the data\n(i.e. \u0027sizeof(struct mgmt_cp_hci_cmd_sync)\u0027 plus trailing bytes).\nOtherwise, large invalid \u0027params_len\u0027 will cause \u0027hci_cmd_sync_alloc()\u0027\nto do \u0027skb_put_data()\u0027 from an area beyond the one actually passed to\n\u0027mgmt_hci_cmd_sync()\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38128",
"url": "https://www.suse.com/security/cve/CVE-2025-38128"
},
{
"category": "external",
"summary": "SUSE Bug 1245703 for CVE-2025-38128",
"url": "https://bugzilla.suse.com/1245703"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38128"
},
{
"cve": "CVE-2025-38129",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38129"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npage_pool: Fix use-after-free in page_pool_recycle_in_ring\n\nsyzbot reported a uaf in page_pool_recycle_in_ring:\n\nBUG: KASAN: slab-use-after-free in lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862\nRead of size 8 at addr ffff8880286045a0 by task syz.0.284/6943\n\nCPU: 0 UID: 0 PID: 6943 Comm: syz.0.284 Not tainted 6.13.0-rc3-syzkaller-gdfa94ce54f41 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862\n __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:165 [inline]\n _raw_spin_unlock_bh+0x1b/0x40 kernel/locking/spinlock.c:210\n spin_unlock_bh include/linux/spinlock.h:396 [inline]\n ptr_ring_produce_bh include/linux/ptr_ring.h:164 [inline]\n page_pool_recycle_in_ring net/core/page_pool.c:707 [inline]\n page_pool_put_unrefed_netmem+0x748/0xb00 net/core/page_pool.c:826\n page_pool_put_netmem include/net/page_pool/helpers.h:323 [inline]\n page_pool_put_full_netmem include/net/page_pool/helpers.h:353 [inline]\n napi_pp_put_page+0x149/0x2b0 net/core/skbuff.c:1036\n skb_pp_recycle net/core/skbuff.c:1047 [inline]\n skb_free_head net/core/skbuff.c:1094 [inline]\n skb_release_data+0x6c4/0x8a0 net/core/skbuff.c:1125\n skb_release_all net/core/skbuff.c:1190 [inline]\n __kfree_skb net/core/skbuff.c:1204 [inline]\n sk_skb_reason_drop+0x1c9/0x380 net/core/skbuff.c:1242\n kfree_skb_reason include/linux/skbuff.h:1263 [inline]\n __skb_queue_purge_reason include/linux/skbuff.h:3343 [inline]\n\nroot cause is:\n\npage_pool_recycle_in_ring\n ptr_ring_produce\n spin_lock(\u0026r-\u003eproducer_lock);\n WRITE_ONCE(r-\u003equeue[r-\u003eproducer++], ptr)\n //recycle last page to pool\n\t\t\t\tpage_pool_release\n\t\t\t\t page_pool_scrub\n\t\t\t\t page_pool_empty_ring\n\t\t\t\t ptr_ring_consume\n\t\t\t\t page_pool_return_page //release all page\n\t\t\t\t __page_pool_destroy\n\t\t\t\t free_percpu(pool-\u003erecycle_stats);\n\t\t\t\t free(pool) //free\n\n spin_unlock(\u0026r-\u003eproducer_lock); //pool-\u003ering uaf read\n recycle_stat_inc(pool, ring);\n\npage_pool can be free while page pool recycle the last page in ring.\nAdd producer-lock barrier to page_pool_release to prevent the page\npool from being free before all pages have been recycled.\n\nrecycle_stat_inc() is empty when CONFIG_PAGE_POOL_STATS is not\nenabled, which will trigger Wempty-body build warning. Add definition\nfor pool stat macro to fix warning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38129",
"url": "https://www.suse.com/security/cve/CVE-2025-38129"
},
{
"category": "external",
"summary": "SUSE Bug 1245723 for CVE-2025-38129",
"url": "https://bugzilla.suse.com/1245723"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38129"
},
{
"cve": "CVE-2025-38134",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38134"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: acpi: Prevent null pointer dereference in usb_acpi_add_usb4_devlink()\n\nAs demonstrated by the fix for update_port_device_state,\ncommit 12783c0b9e2c (\"usb: core: Prevent null pointer dereference in update_port_device_state\"),\nusb_hub_to_struct_hub() can return NULL in certain scenarios,\nsuch as during hub driver unbind or teardown race conditions,\neven if the underlying usb_device structure exists.\n\nPlus, all other places that call usb_hub_to_struct_hub() in the same file\ndo check for NULL return values.\n\nIf usb_hub_to_struct_hub() returns NULL, the subsequent access to\nhub-\u003eports[udev-\u003eportnum - 1] will cause a null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38134",
"url": "https://www.suse.com/security/cve/CVE-2025-38134"
},
{
"category": "external",
"summary": "SUSE Bug 1245678 for CVE-2025-38134",
"url": "https://bugzilla.suse.com/1245678"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38134"
},
{
"cve": "CVE-2025-38135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38135"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: Fix potential null-ptr-deref in mlb_usio_probe()\n\ndevm_ioremap() can return NULL on error. Currently, mlb_usio_probe()\ndoes not check for this case, which could result in a NULL pointer\ndereference.\n\nAdd NULL check after devm_ioremap() to prevent this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38135",
"url": "https://www.suse.com/security/cve/CVE-2025-38135"
},
{
"category": "external",
"summary": "SUSE Bug 1246023 for CVE-2025-38135",
"url": "https://bugzilla.suse.com/1246023"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38135"
},
{
"cve": "CVE-2025-38136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38136"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: renesas_usbhs: Reorder clock handling and power management in probe\n\nReorder the initialization sequence in `usbhs_probe()` to enable runtime\nPM before accessing registers, preventing potential crashes due to\nuninitialized clocks.\n\nCurrently, in the probe path, registers are accessed before enabling the\nclocks, leading to a synchronous external abort on the RZ/V2H SoC.\nThe problematic call flow is as follows:\n\n usbhs_probe()\n usbhs_sys_clock_ctrl()\n usbhs_bset()\n usbhs_write()\n iowrite16() \u003c-- Register access before enabling clocks\n\nSince `iowrite16()` is performed without ensuring the required clocks are\nenabled, this can lead to access errors. To fix this, enable PM runtime\nearly in the probe function and ensure clocks are acquired before register\naccess, preventing crashes like the following on RZ/V2H:\n\n[13.272640] Internal error: synchronous external abort: 0000000096000010 [#1] PREEMPT SMP\n[13.280814] Modules linked in: cec renesas_usbhs(+) drm_kms_helper fuse drm backlight ipv6\n[13.289088] CPU: 1 UID: 0 PID: 195 Comm: (udev-worker) Not tainted 6.14.0-rc7+ #98\n[13.296640] Hardware name: Renesas RZ/V2H EVK Board based on r9a09g057h44 (DT)\n[13.303834] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[13.310770] pc : usbhs_bset+0x14/0x4c [renesas_usbhs]\n[13.315831] lr : usbhs_probe+0x2e4/0x5ac [renesas_usbhs]\n[13.321138] sp : ffff8000827e3850\n[13.324438] x29: ffff8000827e3860 x28: 0000000000000000 x27: ffff8000827e3ca0\n[13.331554] x26: ffff8000827e3ba0 x25: ffff800081729668 x24: 0000000000000025\n[13.338670] x23: ffff0000c0f08000 x22: 0000000000000000 x21: ffff0000c0f08010\n[13.345783] x20: 0000000000000000 x19: ffff0000c3b52080 x18: 00000000ffffffff\n[13.352895] x17: 0000000000000000 x16: 0000000000000000 x15: ffff8000827e36ce\n[13.360009] x14: 00000000000003d7 x13: 00000000000003d7 x12: 0000000000000000\n[13.367122] x11: 0000000000000000 x10: 0000000000000aa0 x9 : ffff8000827e3750\n[13.374235] x8 : ffff0000c1850b00 x7 : 0000000003826060 x6 : 000000000000001c\n[13.381347] x5 : 000000030d5fcc00 x4 : ffff8000825c0000 x3 : 0000000000000000\n[13.388459] x2 : 0000000000000400 x1 : 0000000000000000 x0 : ffff0000c3b52080\n[13.395574] Call trace:\n[13.398013] usbhs_bset+0x14/0x4c [renesas_usbhs] (P)\n[13.403076] platform_probe+0x68/0xdc\n[13.406738] really_probe+0xbc/0x2c0\n[13.410306] __driver_probe_device+0x78/0x120\n[13.414653] driver_probe_device+0x3c/0x154\n[13.418825] __driver_attach+0x90/0x1a0\n[13.422647] bus_for_each_dev+0x7c/0xe0\n[13.426470] driver_attach+0x24/0x30\n[13.430032] bus_add_driver+0xe4/0x208\n[13.433766] driver_register+0x68/0x130\n[13.437587] __platform_driver_register+0x24/0x30\n[13.442273] renesas_usbhs_driver_init+0x20/0x1000 [renesas_usbhs]\n[13.448450] do_one_initcall+0x60/0x1d4\n[13.452276] do_init_module+0x54/0x1f8\n[13.456014] load_module+0x1754/0x1c98\n[13.459750] init_module_from_file+0x88/0xcc\n[13.464004] __arm64_sys_finit_module+0x1c4/0x328\n[13.468689] invoke_syscall+0x48/0x104\n[13.472426] el0_svc_common.constprop.0+0xc0/0xe0\n[13.477113] do_el0_svc+0x1c/0x28\n[13.480415] el0_svc+0x30/0xcc\n[13.483460] el0t_64_sync_handler+0x10c/0x138\n[13.487800] el0t_64_sync+0x198/0x19c\n[13.491453] Code: 2a0103e1 12003c42 12003c63 8b010084 (79400084)\n[13.497522] ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38136",
"url": "https://www.suse.com/security/cve/CVE-2025-38136"
},
{
"category": "external",
"summary": "SUSE Bug 1245691 for CVE-2025-38136",
"url": "https://bugzilla.suse.com/1245691"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38136"
},
{
"cve": "CVE-2025-38137",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38137"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/pwrctrl: Cancel outstanding rescan work when unregistering\n\nIt\u0027s possible to trigger use-after-free here by:\n\n (a) forcing rescan_work_func() to take a long time and\n (b) utilizing a pwrctrl driver that may be unloaded for some reason\n\nCancel outstanding work to ensure it is finished before we allow our data\nstructures to be cleaned up.\n\n[bhelgaas: tidy commit log]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38137",
"url": "https://www.suse.com/security/cve/CVE-2025-38137"
},
{
"category": "external",
"summary": "SUSE Bug 1245721 for CVE-2025-38137",
"url": "https://bugzilla.suse.com/1245721"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38137"
},
{
"cve": "CVE-2025-38138",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38138"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: ti: Add NULL check in udma_probe()\n\ndevm_kasprintf() returns NULL when memory allocation fails. Currently,\nudma_probe() does not check for this case, which results in a NULL\npointer dereference.\n\nAdd NULL check after devm_kasprintf() to prevent this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38138",
"url": "https://www.suse.com/security/cve/CVE-2025-38138"
},
{
"category": "external",
"summary": "SUSE Bug 1245719 for CVE-2025-38138",
"url": "https://bugzilla.suse.com/1245719"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38138"
},
{
"cve": "CVE-2025-38140",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38140"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: limit swapping tables for devices with zone write plugs\n\ndm_revalidate_zones() only allowed new or previously unzoned devices to\ncall blk_revalidate_disk_zones(). If the device was already zoned,\ndisk-\u003enr_zones would always equal md-\u003enr_zones, so dm_revalidate_zones()\nreturned without doing any work. This would make the zoned settings for\nthe device not match the new table. If the device had zone write plug\nresources, it could run into errors like bdev_zone_is_seq() reading\ninvalid memory because disk-\u003econv_zones_bitmap was the wrong size.\n\nIf the device doesn\u0027t have any zone write plug resources, calling\nblk_revalidate_disk_zones() will always correctly update device. If\nblk_revalidate_disk_zones() fails, it can still overwrite or clear the\ncurrent disk-\u003enr_zones value. In this case, DM must restore the previous\nvalue of disk-\u003enr_zones, so that the zoned settings will continue to\nmatch the previous value that it fell back to.\n\nIf the device already has zone write plug resources,\nblk_revalidate_disk_zones() will not correctly update them, if it is\ncalled for arbitrary zoned device changes. Since there is not much need\nfor this ability, the easiest solution is to disallow any table reloads\nthat change the zoned settings, for devices that already have zone plug\nresources. Specifically, if a device already has zone plug resources\nallocated, it can only switch to another zoned table that also emulates\nzone append. Also, it cannot change the device size or the zone size. A\ndevice can switch to an error target.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38140",
"url": "https://www.suse.com/security/cve/CVE-2025-38140"
},
{
"category": "external",
"summary": "SUSE Bug 1245717 for CVE-2025-38140",
"url": "https://bugzilla.suse.com/1245717"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38140"
},
{
"cve": "CVE-2025-38141",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38141"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: fix dm_blk_report_zones\n\nIf dm_get_live_table() returned NULL, dm_put_live_table() was never\ncalled. Also, it is possible that md-\u003ezone_revalidate_map will change\nwhile calling this function. Only read it once, so that we are always\nusing the same value. Otherwise we might miss a call to\ndm_put_live_table().\n\nFinally, while md-\u003ezone_revalidate_map is set and a process is calling\nblk_revalidate_disk_zones() to set up the zone append emulation\nresources, it is possible that another process, perhaps triggered by\nblkdev_report_zones_ioctl(), will call dm_blk_report_zones(). If\nblk_revalidate_disk_zones() fails, these resources can be freed while\nthe other process is still using them, causing a use-after-free error.\n\nblk_revalidate_disk_zones() will only ever be called when initially\nsetting up the zone append emulation resources, such as when setting up\na zoned dm-crypt table for the first time. Further table swaps will not\nset md-\u003ezone_revalidate_map or call blk_revalidate_disk_zones().\nHowever it must be called using the new table (referenced by\nmd-\u003ezone_revalidate_map) and the new queue limits while the DM device is\nsuspended. dm_blk_report_zones() needs some way to distinguish between a\ncall from blk_revalidate_disk_zones(), which must be allowed to use\nmd-\u003ezone_revalidate_map to access this not yet activated table, and all\nother calls to dm_blk_report_zones(), which should not be allowed while\nthe device is suspended and cannot use md-\u003ezone_revalidate_map, since\nthe zone resources might be freed by the process currently calling\nblk_revalidate_disk_zones().\n\nSolve this by tracking the process that sets md-\u003ezone_revalidate_map in\ndm_revalidate_zones() and only allowing that process to make use of it\nin dm_blk_report_zones().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38141",
"url": "https://www.suse.com/security/cve/CVE-2025-38141"
},
{
"category": "external",
"summary": "SUSE Bug 1245715 for CVE-2025-38141",
"url": "https://bugzilla.suse.com/1245715"
},
{
"category": "external",
"summary": "SUSE Bug 1245716 for CVE-2025-38141",
"url": "https://bugzilla.suse.com/1245716"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38141"
},
{
"cve": "CVE-2025-38142",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38142"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (asus-ec-sensors) check sensor index in read_string()\n\nPrevent a potential invalid memory access when the requested sensor\nis not found.\n\nfind_ec_sensor_index() may return a negative value (e.g. -ENOENT),\nbut its result was used without checking, which could lead to\nundefined behavior when passed to get_sensor_info().\n\nAdd a proper check to return -EINVAL if sensor_index is negative.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[groeck: Return error code returned from find_ec_sensor_index]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38142",
"url": "https://www.suse.com/security/cve/CVE-2025-38142"
},
{
"category": "external",
"summary": "SUSE Bug 1245713 for CVE-2025-38142",
"url": "https://bugzilla.suse.com/1245713"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38142"
},
{
"cve": "CVE-2025-38143",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38143"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbacklight: pm8941: Add NULL check in wled_configure()\n\ndevm_kasprintf() returns NULL when memory allocation fails. Currently,\nwled_configure() does not check for this case, which results in a NULL\npointer dereference.\n\nAdd NULL check after devm_kasprintf() to prevent this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38143",
"url": "https://www.suse.com/security/cve/CVE-2025-38143"
},
{
"category": "external",
"summary": "SUSE Bug 1245714 for CVE-2025-38143",
"url": "https://bugzilla.suse.com/1245714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38143"
},
{
"cve": "CVE-2025-38145",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38145"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: aspeed: Add NULL check in aspeed_lpc_enable_snoop()\n\ndevm_kasprintf() returns NULL when memory allocation fails. Currently,\naspeed_lpc_enable_snoop() does not check for this case, which results in a\nNULL pointer dereference.\n\nAdd NULL check after devm_kasprintf() to prevent this issue.\n\n[arj: Fix Fixes: tag to use subject from 3772e5da4454]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38145",
"url": "https://www.suse.com/security/cve/CVE-2025-38145"
},
{
"category": "external",
"summary": "SUSE Bug 1245765 for CVE-2025-38145",
"url": "https://bugzilla.suse.com/1245765"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38145"
},
{
"cve": "CVE-2025-38146",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38146"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: openvswitch: Fix the dead loop of MPLS parse\n\nThe unexpected MPLS packet may not end with the bottom label stack.\nWhen there are many stacks, The label count value has wrapped around.\nA dead loop occurs, soft lockup/CPU stuck finally.\n\nstack backtrace:\nUBSAN: array-index-out-of-bounds in /build/linux-0Pa0xK/linux-5.15.0/net/openvswitch/flow.c:662:26\nindex -1 is out of range for type \u0027__be32 [3]\u0027\nCPU: 34 PID: 0 Comm: swapper/34 Kdump: loaded Tainted: G OE 5.15.0-121-generic #131-Ubuntu\nHardware name: Dell Inc. PowerEdge C6420/0JP9TF, BIOS 2.12.2 07/14/2021\nCall Trace:\n \u003cIRQ\u003e\n show_stack+0x52/0x5c\n dump_stack_lvl+0x4a/0x63\n dump_stack+0x10/0x16\n ubsan_epilogue+0x9/0x36\n __ubsan_handle_out_of_bounds.cold+0x44/0x49\n key_extract_l3l4+0x82a/0x840 [openvswitch]\n ? kfree_skbmem+0x52/0xa0\n key_extract+0x9c/0x2b0 [openvswitch]\n ovs_flow_key_extract+0x124/0x350 [openvswitch]\n ovs_vport_receive+0x61/0xd0 [openvswitch]\n ? kernel_init_free_pages.part.0+0x4a/0x70\n ? get_page_from_freelist+0x353/0x540\n netdev_port_receive+0xc4/0x180 [openvswitch]\n ? netdev_port_receive+0x180/0x180 [openvswitch]\n netdev_frame_hook+0x1f/0x40 [openvswitch]\n __netif_receive_skb_core.constprop.0+0x23a/0xf00\n __netif_receive_skb_list_core+0xfa/0x240\n netif_receive_skb_list_internal+0x18e/0x2a0\n napi_complete_done+0x7a/0x1c0\n bnxt_poll+0x155/0x1c0 [bnxt_en]\n __napi_poll+0x30/0x180\n net_rx_action+0x126/0x280\n ? bnxt_msix+0x67/0x80 [bnxt_en]\n handle_softirqs+0xda/0x2d0\n irq_exit_rcu+0x96/0xc0\n common_interrupt+0x8e/0xa0\n \u003c/IRQ\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38146",
"url": "https://www.suse.com/security/cve/CVE-2025-38146"
},
{
"category": "external",
"summary": "SUSE Bug 1245767 for CVE-2025-38146",
"url": "https://bugzilla.suse.com/1245767"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38146"
},
{
"cve": "CVE-2025-38148",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38148"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: mscc: Fix memory leak when using one step timestamping\n\nFix memory leak when running one-step timestamping. When running\none-step sync timestamping, the HW is configured to insert the TX time\ninto the frame, so there is no reason to keep the skb anymore. As in\nthis case the HW will never generate an interrupt to say that the frame\nwas timestamped, then the frame will never released.\nFix this by freeing the frame in case of one-step timestamping.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38148",
"url": "https://www.suse.com/security/cve/CVE-2025-38148"
},
{
"category": "external",
"summary": "SUSE Bug 1245735 for CVE-2025-38148",
"url": "https://bugzilla.suse.com/1245735"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38148"
},
{
"cve": "CVE-2025-38149",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38149"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: clear phydev-\u003edevlink when the link is deleted\n\nThere is a potential crash issue when disabling and re-enabling the\nnetwork port. When disabling the network port, phy_detach() calls\ndevice_link_del() to remove the device link, but it does not clear\nphydev-\u003edevlink, so phydev-\u003edevlink is not a NULL pointer. Then the\nnetwork port is re-enabled, but if phy_attach_direct() fails before\ncalling device_link_add(), the code jumps to the \"error\" label and\ncalls phy_detach(). Since phydev-\u003edevlink retains the old value from\nthe previous attach/detach cycle, device_link_del() uses the old value,\nwhich accesses a NULL pointer and causes a crash. The simplified crash\nlog is as follows.\n\n[ 24.702421] Call trace:\n[ 24.704856] device_link_put_kref+0x20/0x120\n[ 24.709124] device_link_del+0x30/0x48\n[ 24.712864] phy_detach+0x24/0x168\n[ 24.716261] phy_attach_direct+0x168/0x3a4\n[ 24.720352] phylink_fwnode_phy_connect+0xc8/0x14c\n[ 24.725140] phylink_of_phy_connect+0x1c/0x34\n\nTherefore, phydev-\u003edevlink needs to be cleared when the device link is\ndeleted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38149",
"url": "https://www.suse.com/security/cve/CVE-2025-38149"
},
{
"category": "external",
"summary": "SUSE Bug 1245737 for CVE-2025-38149",
"url": "https://bugzilla.suse.com/1245737"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38149"
},
{
"cve": "CVE-2025-38151",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38151"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/cma: Fix hang when cma_netevent_callback fails to queue_work\n\nThe cited commit fixed a crash when cma_netevent_callback was called for\na cma_id while work on that id from a previous call had not yet started.\nThe work item was re-initialized in the second call, which corrupted the\nwork item currently in the work queue.\n\nHowever, it left a problem when queue_work fails (because the item is\nstill pending in the work queue from a previous call). In this case,\ncma_id_put (which is called in the work handler) is therefore not\ncalled. This results in a userspace process hang (zombie process).\n\nFix this by calling cma_id_put() if queue_work fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38151",
"url": "https://www.suse.com/security/cve/CVE-2025-38151"
},
{
"category": "external",
"summary": "SUSE Bug 1245745 for CVE-2025-38151",
"url": "https://bugzilla.suse.com/1245745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38151"
},
{
"cve": "CVE-2025-38153",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38153"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: aqc111: fix error handling of usbnet read calls\n\nSyzkaller, courtesy of syzbot, identified an error (see report [1]) in\naqc111 driver, caused by incomplete sanitation of usb read calls\u0027\nresults. This problem is quite similar to the one fixed in commit\n920a9fa27e78 (\"net: asix: add proper error handling of usb read errors\").\n\nFor instance, usbnet_read_cmd() may read fewer than \u0027size\u0027 bytes,\neven if the caller expected the full amount, and aqc111_read_cmd()\nwill not check its result properly. As [1] shows, this may lead\nto MAC address in aqc111_bind() being only partly initialized,\ntriggering KMSAN warnings.\n\nFix the issue by verifying that the number of bytes read is\nas expected and not less.\n\n[1] Partial syzbot report:\nBUG: KMSAN: uninit-value in is_valid_ether_addr include/linux/etherdevice.h:208 [inline]\nBUG: KMSAN: uninit-value in usbnet_probe+0x2e57/0x4390 drivers/net/usb/usbnet.c:1830\n is_valid_ether_addr include/linux/etherdevice.h:208 [inline]\n usbnet_probe+0x2e57/0x4390 drivers/net/usb/usbnet.c:1830\n usb_probe_interface+0xd01/0x1310 drivers/usb/core/driver.c:396\n call_driver_probe drivers/base/dd.c:-1 [inline]\n really_probe+0x4d1/0xd90 drivers/base/dd.c:658\n __driver_probe_device+0x268/0x380 drivers/base/dd.c:800\n...\n\nUninit was stored to memory at:\n dev_addr_mod+0xb0/0x550 net/core/dev_addr_lists.c:582\n __dev_addr_set include/linux/netdevice.h:4874 [inline]\n eth_hw_addr_set include/linux/etherdevice.h:325 [inline]\n aqc111_bind+0x35f/0x1150 drivers/net/usb/aqc111.c:717\n usbnet_probe+0xbe6/0x4390 drivers/net/usb/usbnet.c:1772\n usb_probe_interface+0xd01/0x1310 drivers/usb/core/driver.c:396\n...\n\nUninit was stored to memory at:\n ether_addr_copy include/linux/etherdevice.h:305 [inline]\n aqc111_read_perm_mac drivers/net/usb/aqc111.c:663 [inline]\n aqc111_bind+0x794/0x1150 drivers/net/usb/aqc111.c:713\n usbnet_probe+0xbe6/0x4390 drivers/net/usb/usbnet.c:1772\n usb_probe_interface+0xd01/0x1310 drivers/usb/core/driver.c:396\n call_driver_probe drivers/base/dd.c:-1 [inline]\n...\n\nLocal variable buf.i created at:\n aqc111_read_perm_mac drivers/net/usb/aqc111.c:656 [inline]\n aqc111_bind+0x221/0x1150 drivers/net/usb/aqc111.c:713\n usbnet_probe+0xbe6/0x4390 drivers/net/usb/usbnet.c:1772",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38153",
"url": "https://www.suse.com/security/cve/CVE-2025-38153"
},
{
"category": "external",
"summary": "SUSE Bug 1245744 for CVE-2025-38153",
"url": "https://bugzilla.suse.com/1245744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38153"
},
{
"cve": "CVE-2025-38154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38154"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Avoid using sk_socket after free when sending\n\nThe sk-\u003esk_socket is not locked or referenced in backlog thread, and\nduring the call to skb_send_sock(), there is a race condition with\nthe release of sk_socket. All types of sockets(tcp/udp/unix/vsock)\nwill be affected.\n\nRace conditions:\n\u0027\u0027\u0027\nCPU0 CPU1\n\nbacklog::skb_send_sock\n sendmsg_unlocked\n sock_sendmsg\n sock_sendmsg_nosec\n close(fd):\n ...\n ops-\u003erelease() -\u003e sock_map_close()\n sk_socket-\u003eops = NULL\n free(socket)\n sock-\u003eops-\u003esendmsg\n ^\n panic here\n\u0027\u0027\u0027\n\nThe ref of psock become 0 after sock_map_close() executed.\n\u0027\u0027\u0027\nvoid sock_map_close()\n{\n ...\n if (likely(psock)) {\n ...\n // !! here we remove psock and the ref of psock become 0\n sock_map_remove_links(sk, psock)\n psock = sk_psock_get(sk);\n if (unlikely(!psock))\n goto no_psock; \u003c=== Control jumps here via goto\n ...\n cancel_delayed_work_sync(\u0026psock-\u003ework); \u003c=== not executed\n sk_psock_put(sk, psock);\n ...\n}\n\u0027\u0027\u0027\n\nBased on the fact that we already wait for the workqueue to finish in\nsock_map_close() if psock is held, we simply increase the psock\nreference count to avoid race conditions.\n\nWith this patch, if the backlog thread is running, sock_map_close() will\nwait for the backlog thread to complete and cancel all pending work.\n\nIf no backlog running, any pending work that hasn\u0027t started by then will\nfail when invoked by sk_psock_get(), as the psock reference count have\nbeen zeroed, and sk_psock_drop() will cancel all jobs via\ncancel_delayed_work_sync().\n\nIn summary, we require synchronization to coordinate the backlog thread\nand close() thread.\n\nThe panic I catched:\n\u0027\u0027\u0027\nWorkqueue: events sk_psock_backlog\nRIP: 0010:sock_sendmsg+0x21d/0x440\nRAX: 0000000000000000 RBX: ffffc9000521fad8 RCX: 0000000000000001\n...\nCall Trace:\n \u003cTASK\u003e\n ? die_addr+0x40/0xa0\n ? exc_general_protection+0x14c/0x230\n ? asm_exc_general_protection+0x26/0x30\n ? sock_sendmsg+0x21d/0x440\n ? sock_sendmsg+0x3e0/0x440\n ? __pfx_sock_sendmsg+0x10/0x10\n __skb_send_sock+0x543/0xb70\n sk_psock_backlog+0x247/0xb80\n...\n\u0027\u0027\u0027",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38154",
"url": "https://www.suse.com/security/cve/CVE-2025-38154"
},
{
"category": "external",
"summary": "SUSE Bug 1245749 for CVE-2025-38154",
"url": "https://bugzilla.suse.com/1245749"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38154"
},
{
"cve": "CVE-2025-38155",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38155"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7915: Fix null-ptr-deref in mt7915_mmio_wed_init()\n\ndevm_ioremap() returns NULL on error. Currently, mt7915_mmio_wed_init()\ndoes not check for this case, which results in a NULL pointer\ndereference.\n\nPrevent null pointer dereference in mt7915_mmio_wed_init().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38155",
"url": "https://www.suse.com/security/cve/CVE-2025-38155"
},
{
"category": "external",
"summary": "SUSE Bug 1245748 for CVE-2025-38155",
"url": "https://bugzilla.suse.com/1245748"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38155"
},
{
"cve": "CVE-2025-38156",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38156"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7996: Fix null-ptr-deref in mt7996_mmio_wed_init()\n\ndevm_ioremap() returns NULL on error. Currently, mt7996_mmio_wed_init()\ndoes not check for this case, which results in a NULL pointer\ndereference.\n\nPrevent null pointer dereference in mt7996_mmio_wed_init()",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38156",
"url": "https://www.suse.com/security/cve/CVE-2025-38156"
},
{
"category": "external",
"summary": "SUSE Bug 1246034 for CVE-2025-38156",
"url": "https://bugzilla.suse.com/1246034"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38156"
},
{
"cve": "CVE-2025-38157",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38157"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k_htc: Abort software beacon handling if disabled\n\nA malicious USB device can send a WMI_SWBA_EVENTID event from an\nath9k_htc-managed device before beaconing has been enabled. This causes\na device-by-zero error in the driver, leading to either a crash or an\nout of bounds read.\n\nPrevent this by aborting the handling in ath9k_htc_swba() if beacons are\nnot enabled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38157",
"url": "https://www.suse.com/security/cve/CVE-2025-38157"
},
{
"category": "external",
"summary": "SUSE Bug 1245747 for CVE-2025-38157",
"url": "https://bugzilla.suse.com/1245747"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38157"
},
{
"cve": "CVE-2025-38159",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38159"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: fix the \u0027para\u0027 buffer size to avoid reading out of bounds\n\nSet the size to 6 instead of 2, since \u0027para\u0027 array is passed to\n\u0027rtw_fw_bt_wifi_control(rtwdev, para[0], \u0026para[1])\u0027, which reads\n5 bytes:\n\nvoid rtw_fw_bt_wifi_control(struct rtw_dev *rtwdev, u8 op_code, u8 *data)\n{\n ...\n SET_BT_WIFI_CONTROL_DATA1(h2c_pkt, *data);\n SET_BT_WIFI_CONTROL_DATA2(h2c_pkt, *(data + 1));\n ...\n SET_BT_WIFI_CONTROL_DATA5(h2c_pkt, *(data + 4));\n\nDetected using the static analysis tool - Svace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38159",
"url": "https://www.suse.com/security/cve/CVE-2025-38159"
},
{
"category": "external",
"summary": "SUSE Bug 1245751 for CVE-2025-38159",
"url": "https://bugzilla.suse.com/1245751"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38159"
},
{
"cve": "CVE-2025-38160",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38160"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: bcm: rpi: Add NULL check in raspberrypi_clk_register()\n\ndevm_kasprintf() returns NULL when memory allocation fails. Currently,\nraspberrypi_clk_register() does not check for this case, which results\nin a NULL pointer dereference.\n\nAdd NULL check after devm_kasprintf() to prevent this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38160",
"url": "https://www.suse.com/security/cve/CVE-2025-38160"
},
{
"category": "external",
"summary": "SUSE Bug 1245780 for CVE-2025-38160",
"url": "https://bugzilla.suse.com/1245780"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38160"
},
{
"cve": "CVE-2025-38161",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38161"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix error flow upon firmware failure for RQ destruction\n\nUpon RQ destruction if the firmware command fails which is the\nlast resource to be destroyed some SW resources were already cleaned\nregardless of the failure.\n\nNow properly rollback the object to its original state upon such failure.\n\nIn order to avoid a use-after free in case someone tries to destroy the\nobject again, which results in the following kernel trace:\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 0 PID: 37589 at lib/refcount.c:28 refcount_warn_saturate+0xf4/0x148\nModules linked in: rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) mlx5_ib(OE) rfkill mlx5_core(OE) mlxdevm(OE) ib_uverbs(OE) ib_core(OE) psample mlxfw(OE) mlx_compat(OE) macsec tls pci_hyperv_intf sunrpc vfat fat virtio_net net_failover failover fuse loop nfnetlink vsock_loopback vmw_vsock_virtio_transport_common vmw_vsock_vmci_transport vmw_vmci vsock xfs crct10dif_ce ghash_ce sha2_ce sha256_arm64 sha1_ce virtio_console virtio_gpu virtio_blk virtio_dma_buf virtio_mmio dm_mirror dm_region_hash dm_log dm_mod xpmem(OE)\nCPU: 0 UID: 0 PID: 37589 Comm: python3 Kdump: loaded Tainted: G OE ------- --- 6.12.0-54.el10.aarch64 #1\nTainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\nHardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015\npstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : refcount_warn_saturate+0xf4/0x148\nlr : refcount_warn_saturate+0xf4/0x148\nsp : ffff80008b81b7e0\nx29: ffff80008b81b7e0 x28: ffff000133d51600 x27: 0000000000000001\nx26: 0000000000000000 x25: 00000000ffffffea x24: ffff00010ae80f00\nx23: ffff00010ae80f80 x22: ffff0000c66e5d08 x21: 0000000000000000\nx20: ffff0000c66e0000 x19: ffff00010ae80340 x18: 0000000000000006\nx17: 0000000000000000 x16: 0000000000000020 x15: ffff80008b81b37f\nx14: 0000000000000000 x13: 2e656572662d7265 x12: ffff80008283ef78\nx11: ffff80008257efd0 x10: ffff80008283efd0 x9 : ffff80008021ed90\nx8 : 0000000000000001 x7 : 00000000000bffe8 x6 : c0000000ffff7fff\nx5 : ffff0001fb8e3408 x4 : 0000000000000000 x3 : ffff800179993000\nx2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff000133d51600\nCall trace:\n refcount_warn_saturate+0xf4/0x148\n mlx5_core_put_rsc+0x88/0xa0 [mlx5_ib]\n mlx5_core_destroy_rq_tracked+0x64/0x98 [mlx5_ib]\n mlx5_ib_destroy_wq+0x34/0x80 [mlx5_ib]\n ib_destroy_wq_user+0x30/0xc0 [ib_core]\n uverbs_free_wq+0x28/0x58 [ib_uverbs]\n destroy_hw_idr_uobject+0x34/0x78 [ib_uverbs]\n uverbs_destroy_uobject+0x48/0x240 [ib_uverbs]\n __uverbs_cleanup_ufile+0xd4/0x1a8 [ib_uverbs]\n uverbs_destroy_ufile_hw+0x48/0x120 [ib_uverbs]\n ib_uverbs_close+0x2c/0x100 [ib_uverbs]\n __fput+0xd8/0x2f0\n __fput_sync+0x50/0x70\n __arm64_sys_close+0x40/0x90\n invoke_syscall.constprop.0+0x74/0xd0\n do_el0_svc+0x48/0xe8\n el0_svc+0x44/0x1d0\n el0t_64_sync_handler+0x120/0x130\n el0t_64_sync+0x1a4/0x1a8",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38161",
"url": "https://www.suse.com/security/cve/CVE-2025-38161"
},
{
"category": "external",
"summary": "SUSE Bug 1245777 for CVE-2025-38161",
"url": "https://bugzilla.suse.com/1245777"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38161"
},
{
"cve": "CVE-2025-38165",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38165"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Fix panic when calling skb_linearize\n\nThe panic can be reproduced by executing the command:\n./bench sockmap -c 2 -p 1 -a --rx-verdict-ingress --rx-strp 100000\n\nThen a kernel panic was captured:\n\u0027\u0027\u0027\n[ 657.460555] kernel BUG at net/core/skbuff.c:2178!\n[ 657.462680] Tainted: [W]=WARN\n[ 657.463287] Workqueue: events sk_psock_backlog\n...\n[ 657.469610] \u003cTASK\u003e\n[ 657.469738] ? die+0x36/0x90\n[ 657.469916] ? do_trap+0x1d0/0x270\n[ 657.470118] ? pskb_expand_head+0x612/0xf40\n[ 657.470376] ? pskb_expand_head+0x612/0xf40\n[ 657.470620] ? do_error_trap+0xa3/0x170\n[ 657.470846] ? pskb_expand_head+0x612/0xf40\n[ 657.471092] ? handle_invalid_op+0x2c/0x40\n[ 657.471335] ? pskb_expand_head+0x612/0xf40\n[ 657.471579] ? exc_invalid_op+0x2d/0x40\n[ 657.471805] ? asm_exc_invalid_op+0x1a/0x20\n[ 657.472052] ? pskb_expand_head+0xd1/0xf40\n[ 657.472292] ? pskb_expand_head+0x612/0xf40\n[ 657.472540] ? lock_acquire+0x18f/0x4e0\n[ 657.472766] ? find_held_lock+0x2d/0x110\n[ 657.472999] ? __pfx_pskb_expand_head+0x10/0x10\n[ 657.473263] ? __kmalloc_cache_noprof+0x5b/0x470\n[ 657.473537] ? __pfx___lock_release.isra.0+0x10/0x10\n[ 657.473826] __pskb_pull_tail+0xfd/0x1d20\n[ 657.474062] ? __kasan_slab_alloc+0x4e/0x90\n[ 657.474707] sk_psock_skb_ingress_enqueue+0x3bf/0x510\n[ 657.475392] ? __kasan_kmalloc+0xaa/0xb0\n[ 657.476010] sk_psock_backlog+0x5cf/0xd70\n[ 657.476637] process_one_work+0x858/0x1a20\n\u0027\u0027\u0027\n\nThe panic originates from the assertion BUG_ON(skb_shared(skb)) in\nskb_linearize(). A previous commit(see Fixes tag) introduced skb_get()\nto avoid race conditions between skb operations in the backlog and skb\nrelease in the recvmsg path. However, this caused the panic to always\noccur when skb_linearize is executed.\n\nThe \"--rx-strp 100000\" parameter forces the RX path to use the strparser\nmodule which aggregates data until it reaches 100KB before calling sockmap\nlogic. The 100KB payload exceeds MAX_MSG_FRAGS, triggering skb_linearize.\n\nTo fix this issue, just move skb_get into sk_psock_skb_ingress_enqueue.\n\n\u0027\u0027\u0027\nsk_psock_backlog:\n sk_psock_handle_skb\n skb_get(skb) \u003c== we move it into \u0027sk_psock_skb_ingress_enqueue\u0027\n sk_psock_skb_ingress____________\n v\n |\n | -\u003e sk_psock_skb_ingress_self\n | sk_psock_skb_ingress_enqueue\nsk_psock_verdict_apply_________________^ skb_linearize\n\u0027\u0027\u0027\n\nNote that for verdict_apply path, the skb_get operation is unnecessary so\nwe add \u0027take_ref\u0027 param to control it\u0027s behavior.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38165",
"url": "https://www.suse.com/security/cve/CVE-2025-38165"
},
{
"category": "external",
"summary": "SUSE Bug 1245757 for CVE-2025-38165",
"url": "https://bugzilla.suse.com/1245757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38165"
},
{
"cve": "CVE-2025-38168",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38168"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: arm-ni: Unregister PMUs on probe failure\n\nWhen a resource allocation fails in one clock domain of an NI device,\nwe need to properly roll back all previously registered perf PMUs in\nother clock domains of the same device.\n\nOtherwise, it can lead to kernel panics.\n\nCalling arm_ni_init+0x0/0xff8 [arm_ni] @ 2374\narm-ni ARMHCB70:00: Failed to request PMU region 0x1f3c13000\narm-ni ARMHCB70:00: probe with driver arm-ni failed with error -16\nlist_add corruption: next-\u003eprev should be prev (fffffd01e9698a18),\nbut was 0000000000000000. (next=ffff10001a0decc8).\npstate: 6340009 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)\npc : list_add_valid_or_report+0x7c/0xb8\nlr : list_add_valid_or_report+0x7c/0xb8\nCall trace:\n __list_add_valid_or_report+0x7c/0xb8\n perf_pmu_register+0x22c/0x3a0\n arm_ni_probe+0x554/0x70c [arm_ni]\n platform_probe+0x70/0xe8\n really_probe+0xc6/0x4d8\n driver_probe_device+0x48/0x170\n __driver_attach+0x8e/0x1c0\n bus_for_each_dev+0x64/0xf0\n driver_add+0x138/0x260\n bus_add_driver+0x68/0x138\n __platform_driver_register+0x2c/0x40\n arm_ni_init+0x14/0x2a [arm_ni]\n do_init_module+0x36/0x298\n---[ end trace 0000000000000000 ]---\nKernel panic - not syncing: Oops - BUG: Fatal exception\nSMP: stopping secondary CPUs",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38168",
"url": "https://www.suse.com/security/cve/CVE-2025-38168"
},
{
"category": "external",
"summary": "SUSE Bug 1245763 for CVE-2025-38168",
"url": "https://bugzilla.suse.com/1245763"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38168"
},
{
"cve": "CVE-2025-38169",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38169"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64/fpsimd: Avoid clobbering kernel FPSIMD state with SMSTOP\n\nOn system with SME, a thread\u0027s kernel FPSIMD state may be erroneously\nclobbered during a context switch immediately after that state is\nrestored. Systems without SME are unaffected.\n\nIf the CPU happens to be in streaming SVE mode before a context switch\nto a thread with kernel FPSIMD state, fpsimd_thread_switch() will\nrestore the kernel FPSIMD state using fpsimd_load_kernel_state() while\nthe CPU is still in streaming SVE mode. When fpsimd_thread_switch()\nsubsequently calls fpsimd_flush_cpu_state(), this will execute an\nSMSTOP, causing an exit from streaming SVE mode. The exit from\nstreaming SVE mode will cause the hardware to reset a number of\nFPSIMD/SVE/SME registers, clobbering the FPSIMD state.\n\nFix this by calling fpsimd_flush_cpu_state() before restoring the kernel\nFPSIMD state.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38169",
"url": "https://www.suse.com/security/cve/CVE-2025-38169"
},
{
"category": "external",
"summary": "SUSE Bug 1245784 for CVE-2025-38169",
"url": "https://bugzilla.suse.com/1245784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "low"
}
],
"title": "CVE-2025-38169"
},
{
"cve": "CVE-2025-38170",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38170"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64/fpsimd: Discard stale CPU state when handling SME traps\n\nThe logic for handling SME traps manipulates saved FPSIMD/SVE/SME state\nincorrectly, and a race with preemption can result in a task having\nTIF_SME set and TIF_FOREIGN_FPSTATE clear even though the live CPU state\nis stale (e.g. with SME traps enabled). This can result in warnings from\ndo_sme_acc() where SME traps are not expected while TIF_SME is set:\n\n| /* With TIF_SME userspace shouldn\u0027t generate any traps */\n| if (test_and_set_thread_flag(TIF_SME))\n| WARN_ON(1);\n\nThis is very similar to the SVE issue we fixed in commit:\n\n 751ecf6afd6568ad (\"arm64/sve: Discard stale CPU state when handling SVE traps\")\n\nThe race can occur when the SME trap handler is preempted before and\nafter manipulating the saved FPSIMD/SVE/SME state, starting and ending on\nthe same CPU, e.g.\n\n| void do_sme_acc(unsigned long esr, struct pt_regs *regs)\n| {\n| // Trap on CPU 0 with TIF_SME clear, SME traps enabled\n| // task-\u003efpsimd_cpu is 0.\n| // per_cpu_ptr(\u0026fpsimd_last_state, 0) is task.\n|\n| ...\n|\n| // Preempted; migrated from CPU 0 to CPU 1.\n| // TIF_FOREIGN_FPSTATE is set.\n|\n| get_cpu_fpsimd_context();\n|\n| /* With TIF_SME userspace shouldn\u0027t generate any traps */\n| if (test_and_set_thread_flag(TIF_SME))\n| WARN_ON(1);\n|\n| if (!test_thread_flag(TIF_FOREIGN_FPSTATE)) {\n| unsigned long vq_minus_one =\n| sve_vq_from_vl(task_get_sme_vl(current)) - 1;\n| sme_set_vq(vq_minus_one);\n|\n| fpsimd_bind_task_to_cpu();\n| }\n|\n| put_cpu_fpsimd_context();\n|\n| // Preempted; migrated from CPU 1 to CPU 0.\n| // task-\u003efpsimd_cpu is still 0\n| // If per_cpu_ptr(\u0026fpsimd_last_state, 0) is still task then:\n| // - Stale HW state is reused (with SME traps enabled)\n| // - TIF_FOREIGN_FPSTATE is cleared\n| // - A return to userspace skips HW state restore\n| }\n\nFix the case where the state is not live and TIF_FOREIGN_FPSTATE is set\nby calling fpsimd_flush_task_state() to detach from the saved CPU\nstate. This ensures that a subsequent context switch will not reuse the\nstale CPU state, and will instead set TIF_FOREIGN_FPSTATE, forcing the\nnew state to be reloaded from memory prior to a return to userspace.\n\nNote: this was originallly posted as [1].\n\n[ Rutland: rewrite commit message ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38170",
"url": "https://www.suse.com/security/cve/CVE-2025-38170"
},
{
"category": "external",
"summary": "SUSE Bug 1245785 for CVE-2025-38170",
"url": "https://bugzilla.suse.com/1245785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38170"
},
{
"cve": "CVE-2025-38172",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38172"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: avoid using multiple devices with different type\n\nFor multiple devices, both primary and extra devices should be the\nsame type. `erofs_init_device` has already guaranteed that if the\nprimary is a file-backed device, extra devices should also be\nregular files.\n\nHowever, if the primary is a block device while the extra device\nis a file-backed device, `erofs_init_device` will get an ENOTBLK,\nwhich is not treated as an error in `erofs_fc_get_tree`, and that\nleads to an UAF:\n\n erofs_fc_get_tree\n get_tree_bdev_flags(erofs_fc_fill_super)\n erofs_read_superblock\n erofs_init_device // sbi-\u003edif0 is not inited yet,\n // return -ENOTBLK\n deactivate_locked_super\n free(sbi)\n if (err is -ENOTBLK)\n sbi-\u003edif0.file = filp_open() // sbi UAF\n\nSo if -ENOTBLK is hitted in `erofs_init_device`, it means the\nprimary device must be a block device, and the extra device\nis not a block device. The error can be converted to -EINVAL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38172",
"url": "https://www.suse.com/security/cve/CVE-2025-38172"
},
{
"category": "external",
"summary": "SUSE Bug 1245787 for CVE-2025-38172",
"url": "https://bugzilla.suse.com/1245787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38172"
},
{
"cve": "CVE-2025-38173",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38173"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: marvell/cesa - Handle zero-length skcipher requests\n\nDo not access random memory for zero-length skcipher requests.\nJust return 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38173",
"url": "https://www.suse.com/security/cve/CVE-2025-38173"
},
{
"category": "external",
"summary": "SUSE Bug 1245769 for CVE-2025-38173",
"url": "https://bugzilla.suse.com/1245769"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38173"
},
{
"cve": "CVE-2025-38174",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38174"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nthunderbolt: Do not double dequeue a configuration request\n\nSome of our devices crash in tb_cfg_request_dequeue():\n\n general protection fault, probably for non-canonical address 0xdead000000000122\n\n CPU: 6 PID: 91007 Comm: kworker/6:2 Tainted: G U W 6.6.65\n RIP: 0010:tb_cfg_request_dequeue+0x2d/0xa0\n Call Trace:\n \u003cTASK\u003e\n ? tb_cfg_request_dequeue+0x2d/0xa0\n tb_cfg_request_work+0x33/0x80\n worker_thread+0x386/0x8f0\n kthread+0xed/0x110\n ret_from_fork+0x38/0x50\n ret_from_fork_asm+0x1b/0x30\n\nThe circumstances are unclear, however, the theory is that\ntb_cfg_request_work() can be scheduled twice for a request:\nfirst time via frame.callback from ring_work() and second\ntime from tb_cfg_request(). Both times kworkers will execute\ntb_cfg_request_dequeue(), which results in double list_del()\nfrom the ctl-\u003erequest_queue (the list poison deference hints\nat it: 0xdead000000000122).\n\nDo not dequeue requests that don\u0027t have TB_CFG_REQUEST_ACTIVE\nbit set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38174",
"url": "https://www.suse.com/security/cve/CVE-2025-38174"
},
{
"category": "external",
"summary": "SUSE Bug 1245781 for CVE-2025-38174",
"url": "https://bugzilla.suse.com/1245781"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38174"
},
{
"cve": "CVE-2025-38177",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38177"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsch_hfsc: make hfsc_qlen_notify() idempotent\n\nhfsc_qlen_notify() is not idempotent either and not friendly\nto its callers, like fq_codel_dequeue(). Let\u0027s make it idempotent\nto ease qdisc_tree_reduce_backlog() callers\u0027 life:\n\n1. update_vf() decreases cl-\u003ecl_nactive, so we can check whether it is\nnon-zero before calling it.\n\n2. eltree_remove() always removes RB node cl-\u003eel_node, but we can use\n RB_EMPTY_NODE() + RB_CLEAR_NODE() to make it safe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38177",
"url": "https://www.suse.com/security/cve/CVE-2025-38177"
},
{
"category": "external",
"summary": "SUSE Bug 1237312 for CVE-2025-38177",
"url": "https://bugzilla.suse.com/1237312"
},
{
"category": "external",
"summary": "SUSE Bug 1245986 for CVE-2025-38177",
"url": "https://bugzilla.suse.com/1245986"
},
{
"category": "external",
"summary": "SUSE Bug 1246356 for CVE-2025-38177",
"url": "https://bugzilla.suse.com/1246356"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-38177",
"url": "https://bugzilla.suse.com/1247374"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38177"
},
{
"cve": "CVE-2025-38180",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38180"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: atm: fix /proc/net/atm/lec handling\n\n/proc/net/atm/lec must ensure safety against dev_lec[] changes.\n\nIt appears it had dev_put() calls without prior dev_hold(),\nleading to imbalance and UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38180",
"url": "https://www.suse.com/security/cve/CVE-2025-38180"
},
{
"category": "external",
"summary": "SUSE Bug 1245970 for CVE-2025-38180",
"url": "https://bugzilla.suse.com/1245970"
},
{
"category": "external",
"summary": "SUSE Bug 1245971 for CVE-2025-38180",
"url": "https://bugzilla.suse.com/1245971"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38180"
},
{
"cve": "CVE-2025-38181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38181"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncalipso: Fix null-ptr-deref in calipso_req_{set,del}attr().\n\nsyzkaller reported a null-ptr-deref in sock_omalloc() while allocating\na CALIPSO option. [0]\n\nThe NULL is of struct sock, which was fetched by sk_to_full_sk() in\ncalipso_req_setattr().\n\nSince commit a1a5344ddbe8 (\"tcp: avoid two atomic ops for syncookies\"),\nreqsk-\u003ersk_listener could be NULL when SYN Cookie is returned to its\nclient, as hinted by the leading SYN Cookie log.\n\nHere are 3 options to fix the bug:\n\n 1) Return 0 in calipso_req_setattr()\n 2) Return an error in calipso_req_setattr()\n 3) Alaways set rsk_listener\n\n1) is no go as it bypasses LSM, but 2) effectively disables SYN Cookie\nfor CALIPSO. 3) is also no go as there have been many efforts to reduce\natomic ops and make TCP robust against DDoS. See also commit 3b24d854cb35\n(\"tcp/dccp: do not touch listener sk_refcnt under synflood\").\n\nAs of the blamed commit, SYN Cookie already did not need refcounting,\nand no one has stumbled on the bug for 9 years, so no CALIPSO user will\ncare about SYN Cookie.\n\nLet\u0027s return an error in calipso_req_setattr() and calipso_req_delattr()\nin the SYN Cookie case.\n\nThis can be reproduced by [1] on Fedora and now connect() of nc times out.\n\n[0]:\nTCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]\nCPU: 3 UID: 0 PID: 12262 Comm: syz.1.2611 Not tainted 6.14.0 #2\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nRIP: 0010:read_pnet include/net/net_namespace.h:406 [inline]\nRIP: 0010:sock_net include/net/sock.h:655 [inline]\nRIP: 0010:sock_kmalloc+0x35/0x170 net/core/sock.c:2806\nCode: 89 d5 41 54 55 89 f5 53 48 89 fb e8 25 e3 c6 fd e8 f0 91 e3 00 48 8d 7b 30 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 26 01 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b\nRSP: 0018:ffff88811af89038 EFLAGS: 00010216\nRAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffff888105266400\nRDX: 0000000000000006 RSI: ffff88800c890000 RDI: 0000000000000030\nRBP: 0000000000000050 R08: 0000000000000000 R09: ffff88810526640e\nR10: ffffed1020a4cc81 R11: ffff88810526640f R12: 0000000000000000\nR13: 0000000000000820 R14: ffff888105266400 R15: 0000000000000050\nFS: 00007f0653a07640(0000) GS:ffff88811af80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f863ba096f4 CR3: 00000000163c0005 CR4: 0000000000770ef0\nPKRU: 80000000\nCall Trace:\n \u003cIRQ\u003e\n ipv6_renew_options+0x279/0x950 net/ipv6/exthdrs.c:1288\n calipso_req_setattr+0x181/0x340 net/ipv6/calipso.c:1204\n calipso_req_setattr+0x56/0x80 net/netlabel/netlabel_calipso.c:597\n netlbl_req_setattr+0x18a/0x440 net/netlabel/netlabel_kapi.c:1249\n selinux_netlbl_inet_conn_request+0x1fb/0x320 security/selinux/netlabel.c:342\n selinux_inet_conn_request+0x1eb/0x2c0 security/selinux/hooks.c:5551\n security_inet_conn_request+0x50/0xa0 security/security.c:4945\n tcp_v6_route_req+0x22c/0x550 net/ipv6/tcp_ipv6.c:825\n tcp_conn_request+0xec8/0x2b70 net/ipv4/tcp_input.c:7275\n tcp_v6_conn_request+0x1e3/0x440 net/ipv6/tcp_ipv6.c:1328\n tcp_rcv_state_process+0xafa/0x52b0 net/ipv4/tcp_input.c:6781\n tcp_v6_do_rcv+0x8a6/0x1a40 net/ipv6/tcp_ipv6.c:1667\n tcp_v6_rcv+0x505e/0x5b50 net/ipv6/tcp_ipv6.c:1904\n ip6_protocol_deliver_rcu+0x17c/0x1da0 net/ipv6/ip6_input.c:436\n ip6_input_finish+0x103/0x180 net/ipv6/ip6_input.c:480\n NF_HOOK include/linux/netfilter.h:314 [inline]\n NF_HOOK include/linux/netfilter.h:308 [inline]\n ip6_input+0x13c/0x6b0 net/ipv6/ip6_input.c:491\n dst_input include/net/dst.h:469 [inline]\n ip6_rcv_finish net/ipv6/ip6_input.c:79 [inline]\n ip6_rcv_finish+0xb6/0x490 net/ipv6/ip6_input.c:69\n NF_HOOK include/linux/netfilter.h:314 [inline]\n NF_HOOK include/linux/netf\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38181",
"url": "https://www.suse.com/security/cve/CVE-2025-38181"
},
{
"category": "external",
"summary": "SUSE Bug 1246000 for CVE-2025-38181",
"url": "https://bugzilla.suse.com/1246000"
},
{
"category": "external",
"summary": "SUSE Bug 1246001 for CVE-2025-38181",
"url": "https://bugzilla.suse.com/1246001"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38181"
},
{
"cve": "CVE-2025-38182",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38182"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nublk: santizize the arguments from userspace when adding a device\n\nSanity check the values for queue depth and number of queues\nwe get from userspace when adding a device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38182",
"url": "https://www.suse.com/security/cve/CVE-2025-38182"
},
{
"category": "external",
"summary": "SUSE Bug 1245937 for CVE-2025-38182",
"url": "https://bugzilla.suse.com/1245937"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38182"
},
{
"cve": "CVE-2025-38184",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38184"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer\n\nThe reproduction steps:\n1. create a tun interface\n2. enable l2 bearer\n3. TIPC_NL_UDP_GET_REMOTEIP with media name set to tun\n\ntipc: Started in network mode\ntipc: Node identity 8af312d38a21, cluster identity 4711\ntipc: Enabled bearer \u003ceth:syz_tun\u003e, priority 1\nOops: general protection fault\nKASAN: null-ptr-deref in range\nCPU: 1 UID: 1000 PID: 559 Comm: poc Not tainted 6.16.0-rc1+ #117 PREEMPT\nHardware name: QEMU Ubuntu 24.04 PC\nRIP: 0010:tipc_udp_nl_dump_remoteip+0x4a4/0x8f0\n\nthe ub was in fact a struct dev.\n\nwhen bid != 0 \u0026\u0026 skip_cnt != 0, bearer_list[bid] may be NULL or\nother media when other thread changes it.\n\nfix this by checking media_id.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38184",
"url": "https://www.suse.com/security/cve/CVE-2025-38184"
},
{
"category": "external",
"summary": "SUSE Bug 1245956 for CVE-2025-38184",
"url": "https://bugzilla.suse.com/1245956"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38184"
},
{
"cve": "CVE-2025-38185",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38185"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: atmtcp: Free invalid length skb in atmtcp_c_send().\n\nsyzbot reported the splat below. [0]\n\nvcc_sendmsg() copies data passed from userspace to skb and passes\nit to vcc-\u003edev-\u003eops-\u003esend().\n\natmtcp_c_send() accesses skb-\u003edata as struct atmtcp_hdr after\nchecking if skb-\u003elen is 0, but it\u0027s not enough.\n\nAlso, when skb-\u003elen == 0, skb and sk (vcc) were leaked because\ndev_kfree_skb() is not called and sk_wmem_alloc adjustment is missing\nto revert atm_account_tx() in vcc_sendmsg(), which is expected\nto be done in atm_pop_raw().\n\nLet\u0027s properly free skb with an invalid length in atmtcp_c_send().\n\n[0]:\nBUG: KMSAN: uninit-value in atmtcp_c_send+0x255/0xed0 drivers/atm/atmtcp.c:294\n atmtcp_c_send+0x255/0xed0 drivers/atm/atmtcp.c:294\n vcc_sendmsg+0xd7c/0xff0 net/atm/common.c:644\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg+0x330/0x3d0 net/socket.c:727\n ____sys_sendmsg+0x7e0/0xd80 net/socket.c:2566\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2620\n __sys_sendmsg net/socket.c:2652 [inline]\n __do_sys_sendmsg net/socket.c:2657 [inline]\n __se_sys_sendmsg net/socket.c:2655 [inline]\n __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2655\n x64_sys_call+0x32fb/0x3db0 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:4154 [inline]\n slab_alloc_node mm/slub.c:4197 [inline]\n kmem_cache_alloc_node_noprof+0x818/0xf00 mm/slub.c:4249\n kmalloc_reserve+0x13c/0x4b0 net/core/skbuff.c:579\n __alloc_skb+0x347/0x7d0 net/core/skbuff.c:670\n alloc_skb include/linux/skbuff.h:1336 [inline]\n vcc_sendmsg+0xb40/0xff0 net/atm/common.c:628\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg+0x330/0x3d0 net/socket.c:727\n ____sys_sendmsg+0x7e0/0xd80 net/socket.c:2566\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2620\n __sys_sendmsg net/socket.c:2652 [inline]\n __do_sys_sendmsg net/socket.c:2657 [inline]\n __se_sys_sendmsg net/socket.c:2655 [inline]\n __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2655\n x64_sys_call+0x32fb/0x3db0 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCPU: 1 UID: 0 PID: 5798 Comm: syz-executor192 Not tainted 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0 PREEMPT(undef)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38185",
"url": "https://www.suse.com/security/cve/CVE-2025-38185"
},
{
"category": "external",
"summary": "SUSE Bug 1246012 for CVE-2025-38185",
"url": "https://bugzilla.suse.com/1246012"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38185"
},
{
"cve": "CVE-2025-38186",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38186"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Fix double invocation of bnxt_ulp_stop()/bnxt_ulp_start()\n\nBefore the commit under the Fixes tag below, bnxt_ulp_stop() and\nbnxt_ulp_start() were always invoked in pairs. After that commit,\nthe new bnxt_ulp_restart() can be invoked after bnxt_ulp_stop()\nhas been called. This may result in the RoCE driver\u0027s aux driver\n.suspend() method being invoked twice. The 2nd bnxt_re_suspend()\ncall will crash when it dereferences a NULL pointer:\n\n(NULL ib_device): Handle device suspend call\nBUG: kernel NULL pointer dereference, address: 0000000000000b78\nPGD 0 P4D 0\nOops: Oops: 0000 [#1] SMP PTI\nCPU: 20 UID: 0 PID: 181 Comm: kworker/u96:5 Tainted: G S 6.15.0-rc1 #4 PREEMPT(voluntary)\nTainted: [S]=CPU_OUT_OF_SPEC\nHardware name: Dell Inc. PowerEdge R730/072T6D, BIOS 2.4.3 01/17/2017\nWorkqueue: bnxt_pf_wq bnxt_sp_task [bnxt_en]\nRIP: 0010:bnxt_re_suspend+0x45/0x1f0 [bnxt_re]\nCode: 8b 05 a7 3c 5b f5 48 89 44 24 18 31 c0 49 8b 5c 24 08 4d 8b 2c 24 e8 ea 06 0a f4 48 c7 c6 04 60 52 c0 48 89 df e8 1b ce f9 ff \u003c48\u003e 8b 83 78 0b 00 00 48 8b 80 38 03 00 00 a8 40 0f 85 b5 00 00 00\nRSP: 0018:ffffa2e84084fd88 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001\nRDX: 0000000000000000 RSI: ffffffffb4b6b934 RDI: 00000000ffffffff\nRBP: ffffa1760954c9c0 R08: 0000000000000000 R09: c0000000ffffdfff\nR10: 0000000000000001 R11: ffffa2e84084fb50 R12: ffffa176031ef070\nR13: ffffa17609775000 R14: ffffa17603adc180 R15: 0000000000000000\nFS: 0000000000000000(0000) GS:ffffa17daa397000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000b78 CR3: 00000004aaa30003 CR4: 00000000003706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\nbnxt_ulp_stop+0x69/0x90 [bnxt_en]\nbnxt_sp_task+0x678/0x920 [bnxt_en]\n? __schedule+0x514/0xf50\nprocess_scheduled_works+0x9d/0x400\nworker_thread+0x11c/0x260\n? __pfx_worker_thread+0x10/0x10\nkthread+0xfe/0x1e0\n? __pfx_kthread+0x10/0x10\nret_from_fork+0x2b/0x40\n? __pfx_kthread+0x10/0x10\nret_from_fork_asm+0x1a/0x30\n\nCheck the BNXT_EN_FLAG_ULP_STOPPED flag and do not proceed if the flag\nis already set. This will preserve the original symmetrical\nbnxt_ulp_stop() and bnxt_ulp_start().\n\nAlso, inside bnxt_ulp_start(), clear the BNXT_EN_FLAG_ULP_STOPPED\nflag after taking the mutex to avoid any race condition. And for\nsymmetry, only proceed in bnxt_ulp_start() if the\nBNXT_EN_FLAG_ULP_STOPPED is set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38186",
"url": "https://www.suse.com/security/cve/CVE-2025-38186"
},
{
"category": "external",
"summary": "SUSE Bug 1245955 for CVE-2025-38186",
"url": "https://bugzilla.suse.com/1245955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38186"
},
{
"cve": "CVE-2025-38188",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38188"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/a7xx: Call CP_RESET_CONTEXT_STATE\n\nCalling this packet is necessary when we switch contexts because there\nare various pieces of state used by userspace to synchronize between BR\nand BV that are persistent across submits and we need to make sure that\nthey are in a \"safe\" state when switching contexts. Otherwise a\nuserspace submission in one context could cause another context to\nfunction incorrectly and hang, effectively a denial of service (although\nwithout leaking data). This was missed during initial a7xx bringup.\n\nPatchwork: https://patchwork.freedesktop.org/patch/654924/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38188",
"url": "https://www.suse.com/security/cve/CVE-2025-38188"
},
{
"category": "external",
"summary": "SUSE Bug 1246098 for CVE-2025-38188",
"url": "https://bugzilla.suse.com/1246098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38188"
},
{
"cve": "CVE-2025-38189",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38189"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Avoid NULL pointer dereference in `v3d_job_update_stats()`\n\nThe following kernel Oops was recently reported by Mesa CI:\n\n[ 800.139824] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000588\n[ 800.148619] Mem abort info:\n[ 800.151402] ESR = 0x0000000096000005\n[ 800.155141] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 800.160444] SET = 0, FnV = 0\n[ 800.163488] EA = 0, S1PTW = 0\n[ 800.166619] FSC = 0x05: level 1 translation fault\n[ 800.171487] Data abort info:\n[ 800.174357] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n[ 800.179832] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 800.184873] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 800.190176] user pgtable: 4k pages, 39-bit VAs, pgdp=00000001014c2000\n[ 800.196607] [0000000000000588] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n[ 800.205305] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n[ 800.211564] Modules linked in: vc4 snd_soc_hdmi_codec drm_display_helper v3d cec gpu_sched drm_dma_helper drm_shmem_helper drm_kms_helper drm drm_panel_orientation_quirks snd_soc_core snd_compress snd_pcm_dmaengine snd_pcm i2c_brcmstb snd_timer snd backlight\n[ 800.234448] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.25+rpt-rpi-v8 #1 Debian 1:6.12.25-1+rpt1\n[ 800.244182] Hardware name: Raspberry Pi 4 Model B Rev 1.4 (DT)\n[ 800.250005] pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 800.256959] pc : v3d_job_update_stats+0x60/0x130 [v3d]\n[ 800.262112] lr : v3d_job_update_stats+0x48/0x130 [v3d]\n[ 800.267251] sp : ffffffc080003e60\n[ 800.270555] x29: ffffffc080003e60 x28: ffffffd842784980 x27: 0224012000000000\n[ 800.277687] x26: ffffffd84277f630 x25: ffffff81012fd800 x24: 0000000000000020\n[ 800.284818] x23: ffffff8040238b08 x22: 0000000000000570 x21: 0000000000000158\n[ 800.291948] x20: 0000000000000000 x19: ffffff8040238000 x18: 0000000000000000\n[ 800.299078] x17: ffffffa8c1bd2000 x16: ffffffc080000000 x15: 0000000000000000\n[ 800.306208] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n[ 800.313338] x11: 0000000000000040 x10: 0000000000001a40 x9 : ffffffd83b39757c\n[ 800.320468] x8 : ffffffd842786420 x7 : 7fffffffffffffff x6 : 0000000000ef32b0\n[ 800.327598] x5 : 00ffffffffffffff x4 : 0000000000000015 x3 : ffffffd842784980\n[ 800.334728] x2 : 0000000000000004 x1 : 0000000000010002 x0 : 000000ba4c0ca382\n[ 800.341859] Call trace:\n[ 800.344294] v3d_job_update_stats+0x60/0x130 [v3d]\n[ 800.349086] v3d_irq+0x124/0x2e0 [v3d]\n[ 800.352835] __handle_irq_event_percpu+0x58/0x218\n[ 800.357539] handle_irq_event+0x54/0xb8\n[ 800.361369] handle_fasteoi_irq+0xac/0x240\n[ 800.365458] handle_irq_desc+0x48/0x68\n[ 800.369200] generic_handle_domain_irq+0x24/0x38\n[ 800.373810] gic_handle_irq+0x48/0xd8\n[ 800.377464] call_on_irq_stack+0x24/0x58\n[ 800.381379] do_interrupt_handler+0x88/0x98\n[ 800.385554] el1_interrupt+0x34/0x68\n[ 800.389123] el1h_64_irq_handler+0x18/0x28\n[ 800.393211] el1h_64_irq+0x64/0x68\n[ 800.396603] default_idle_call+0x3c/0x168\n[ 800.400606] do_idle+0x1fc/0x230\n[ 800.403827] cpu_startup_entry+0x40/0x50\n[ 800.407742] rest_init+0xe4/0xf0\n[ 800.410962] start_kernel+0x5e8/0x790\n[ 800.414616] __primary_switched+0x80/0x90\n[ 800.418622] Code: 8b170277 8b160296 11000421 b9000861 (b9401ac1)\n[ 800.424707] ---[ end trace 0000000000000000 ]---\n[ 800.457313] ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---\n\nThis issue happens when the file descriptor is closed before the jobs\nsubmitted by it are completed. When the job completes, we update the\nglobal GPU stats and the per-fd GPU stats, which are exposed through\nfdinfo. If the file descriptor was closed, then the struct `v3d_file_priv`\nand its stats were already freed and we can\u0027t update the per-fd stats.\n\nTherefore, if the file descriptor was already closed, don\u0027t u\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38189",
"url": "https://www.suse.com/security/cve/CVE-2025-38189"
},
{
"category": "external",
"summary": "SUSE Bug 1245812 for CVE-2025-38189",
"url": "https://bugzilla.suse.com/1245812"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38189"
},
{
"cve": "CVE-2025-38190",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38190"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: Revert atm_account_tx() if copy_from_iter_full() fails.\n\nIn vcc_sendmsg(), we account skb-\u003etruesize to sk-\u003esk_wmem_alloc by\natm_account_tx().\n\nIt is expected to be reverted by atm_pop_raw() later called by\nvcc-\u003edev-\u003eops-\u003esend(vcc, skb).\n\nHowever, vcc_sendmsg() misses the same revert when copy_from_iter_full()\nfails, and then we will leak a socket.\n\nLet\u0027s factorise the revert part as atm_return_tx() and call it in\nthe failure path.\n\nNote that the corresponding sk_wmem_alloc operation can be found in\nalloc_tx() as of the blamed commit.\n\n $ git blame -L:alloc_tx net/atm/common.c c55fa3cccbc2c~",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38190",
"url": "https://www.suse.com/security/cve/CVE-2025-38190"
},
{
"category": "external",
"summary": "SUSE Bug 1245973 for CVE-2025-38190",
"url": "https://bugzilla.suse.com/1245973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38190"
},
{
"cve": "CVE-2025-38193",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38193"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: sch_sfq: reject invalid perturb period\n\nGerrard Tai reported that SFQ perturb_period has no range check yet,\nand this can be used to trigger a race condition fixed in a separate patch.\n\nWe want to make sure ctl-\u003eperturb_period * HZ will not overflow\nand is positive.\n\n\ntc qd add dev lo root sfq perturb -10 # negative value : error\nError: sch_sfq: invalid perturb period.\n\ntc qd add dev lo root sfq perturb 1000000000 # too big : error\nError: sch_sfq: invalid perturb period.\n\ntc qd add dev lo root sfq perturb 2000000 # acceptable value\ntc -s -d qd sh dev lo\nqdisc sfq 8005: root refcnt 2 limit 127p quantum 64Kb depth 127 flows 128 divisor 1024 perturb 2000000sec\n Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)\n backlog 0b 0p requeues 0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38193",
"url": "https://www.suse.com/security/cve/CVE-2025-38193"
},
{
"category": "external",
"summary": "SUSE Bug 1245945 for CVE-2025-38193",
"url": "https://bugzilla.suse.com/1245945"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38193"
},
{
"cve": "CVE-2025-38197",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38197"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: dell_rbu: Fix list usage\n\nPass the correct list head to list_for_each_entry*() when looping through\nthe packet list.\n\nWithout this patch, reading the packet data via sysfs will show the data\nincorrectly (because it starts at the wrong packet), and clearing the\npacket list will result in a NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38197",
"url": "https://www.suse.com/security/cve/CVE-2025-38197"
},
{
"category": "external",
"summary": "SUSE Bug 1246047 for CVE-2025-38197",
"url": "https://bugzilla.suse.com/1246047"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38197"
},
{
"cve": "CVE-2025-38198",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38198"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbcon: Make sure modelist not set on unregistered console\n\nIt looks like attempting to write to the \"store_modes\" sysfs node will\nrun afoul of unregistered consoles:\n\nUBSAN: array-index-out-of-bounds in drivers/video/fbdev/core/fbcon.c:122:28\nindex -1 is out of range for type \u0027fb_info *[32]\u0027\n...\n fbcon_info_from_console+0x192/0x1a0 drivers/video/fbdev/core/fbcon.c:122\n fbcon_new_modelist+0xbf/0x2d0 drivers/video/fbdev/core/fbcon.c:3048\n fb_new_modelist+0x328/0x440 drivers/video/fbdev/core/fbmem.c:673\n store_modes+0x1c9/0x3e0 drivers/video/fbdev/core/fbsysfs.c:113\n dev_attr_store+0x55/0x80 drivers/base/core.c:2439\n\nstatic struct fb_info *fbcon_registered_fb[FB_MAX];\n...\nstatic signed char con2fb_map[MAX_NR_CONSOLES];\n...\nstatic struct fb_info *fbcon_info_from_console(int console)\n...\n return fbcon_registered_fb[con2fb_map[console]];\n\nIf con2fb_map contains a -1 things go wrong here. Instead, return NULL,\nas callers of fbcon_info_from_console() are trying to compare against\nexisting \"info\" pointers, so error handling should kick in correctly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38198",
"url": "https://www.suse.com/security/cve/CVE-2025-38198"
},
{
"category": "external",
"summary": "SUSE Bug 1245952 for CVE-2025-38198",
"url": "https://bugzilla.suse.com/1245952"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38198"
},
{
"cve": "CVE-2025-38201",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38201"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX\n\nOtherwise, it is possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof()\nwhen resizing hashtable because __GFP_NOWARN is unset.\n\nSimilar to:\n\n b541ba7d1f5a (\"netfilter: conntrack: clamp maximum hashtable size to INT_MAX\")",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38201",
"url": "https://www.suse.com/security/cve/CVE-2025-38201"
},
{
"category": "external",
"summary": "SUSE Bug 1245977 for CVE-2025-38201",
"url": "https://bugzilla.suse.com/1245977"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38201"
},
{
"cve": "CVE-2025-38205",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38205"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid divide by zero by initializing dummy pitch to 1\n\n[Why]\nIf the dummy values in `populate_dummy_dml_surface_cfg()` aren\u0027t updated\nthen they can lead to a divide by zero in downstream callers like\nCalculateVMAndRowBytes()\n\n[How]\nInitialize dummy value to a value to avoid divide by zero.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38205",
"url": "https://www.suse.com/security/cve/CVE-2025-38205"
},
{
"category": "external",
"summary": "SUSE Bug 1246005 for CVE-2025-38205",
"url": "https://bugzilla.suse.com/1246005"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38205"
},
{
"cve": "CVE-2025-38208",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38208"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: add NULL check in automount_fullpath\n\npage is checked for null in __build_path_from_dentry_optional_prefix\nwhen tcon-\u003eorigin_fullpath is not set. However, the check is missing when\nit is set.\nAdd a check to prevent a potential NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38208",
"url": "https://www.suse.com/security/cve/CVE-2025-38208"
},
{
"category": "external",
"summary": "SUSE Bug 1245815 for CVE-2025-38208",
"url": "https://bugzilla.suse.com/1245815"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38208"
},
{
"cve": "CVE-2025-38209",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38209"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-tcp: remove tag set when second admin queue config fails\n\nCommit 104d0e2f6222 (\"nvme-fabrics: reset admin connection for secure\nconcatenation\") modified nvme_tcp_setup_ctrl() to call\nnvme_tcp_configure_admin_queue() twice. The first call prepares for\nDH-CHAP negotitation, and the second call is required for secure\nconcatenation. However, this change triggered BUG KASAN slab-use-after-\nfree in blk_mq_queue_tag_busy_iter(). This BUG can be recreated by\nrepeating the blktests test case nvme/063 a few times [1].\n\nWhen the BUG happens, nvme_tcp_create_ctrl() fails in the call chain\nbelow:\n\nnvme_tcp_create_ctrl()\n nvme_tcp_alloc_ctrl() new=true ... Alloc nvme_tcp_ctrl and admin_tag_set\n nvme_tcp_setup_ctrl() new=true\n nvme_tcp_configure_admin_queue() new=true ... Succeed\n nvme_alloc_admin_tag_set() ... Alloc the tag set for admin_tag_set\n nvme_stop_keep_alive()\n nvme_tcp_teardown_admin_queue() remove=false\n nvme_tcp_configure_admin_queue() new=false\n nvme_tcp_alloc_admin_queue() ... Fail, but do not call nvme_remove_admin_tag_set()\n nvme_uninit_ctrl()\n nvme_put_ctrl() ... Free up the nvme_tcp_ctrl and admin_tag_set\n\nThe first call of nvme_tcp_configure_admin_queue() succeeds with\nnew=true argument. The second call fails with new=false argument. This\nsecond call does not call nvme_remove_admin_tag_set() on failure, due to\nthe new=false argument. Then the admin tag set is not removed. However,\nnvme_tcp_create_ctrl() assumes that nvme_tcp_setup_ctrl() would call\nnvme_remove_admin_tag_set(). Then it frees up struct nvme_tcp_ctrl which\nhas admin_tag_set field. Later on, the timeout handler accesses the\nadmin_tag_set field and causes the BUG KASAN slab-use-after-free.\n\nTo not leave the admin tag set, call nvme_remove_admin_tag_set() when\nthe second nvme_tcp_configure_admin_queue() call fails. Do not return\nfrom nvme_tcp_setup_ctrl() on failure. Instead, jump to \"destroy_admin\"\ngo-to label to call nvme_tcp_teardown_admin_queue() which calls\nnvme_remove_admin_tag_set().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38209",
"url": "https://www.suse.com/security/cve/CVE-2025-38209"
},
{
"category": "external",
"summary": "SUSE Bug 1246022 for CVE-2025-38209",
"url": "https://bugzilla.suse.com/1246022"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38209"
},
{
"cve": "CVE-2025-38211",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38211"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/iwcm: Fix use-after-free of work objects after cm_id destruction\n\nThe commit 59c68ac31e15 (\"iw_cm: free cm_id resources on the last\nderef\") simplified cm_id resource management by freeing cm_id once all\nreferences to the cm_id were removed. The references are removed either\nupon completion of iw_cm event handlers or when the application destroys\nthe cm_id. This commit introduced the use-after-free condition where\ncm_id_private object could still be in use by event handler works during\nthe destruction of cm_id. The commit aee2424246f9 (\"RDMA/iwcm: Fix a\nuse-after-free related to destroying CM IDs\") addressed this use-after-\nfree by flushing all pending works at the cm_id destruction.\n\nHowever, still another use-after-free possibility remained. It happens\nwith the work objects allocated for each cm_id_priv within\nalloc_work_entries() during cm_id creation, and subsequently freed in\ndealloc_work_entries() once all references to the cm_id are removed.\nIf the cm_id\u0027s last reference is decremented in the event handler work,\nthe work object for the work itself gets removed, and causes the use-\nafter-free BUG below:\n\n BUG: KASAN: slab-use-after-free in __pwq_activate_work+0x1ff/0x250\n Read of size 8 at addr ffff88811f9cf800 by task kworker/u16:1/147091\n\n CPU: 2 UID: 0 PID: 147091 Comm: kworker/u16:1 Not tainted 6.15.0-rc2+ #27 PREEMPT(voluntary)\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014\n Workqueue: 0x0 (iw_cm_wq)\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x6a/0x90\n print_report+0x174/0x554\n ? __virt_addr_valid+0x208/0x430\n ? __pwq_activate_work+0x1ff/0x250\n kasan_report+0xae/0x170\n ? __pwq_activate_work+0x1ff/0x250\n __pwq_activate_work+0x1ff/0x250\n pwq_dec_nr_in_flight+0x8c5/0xfb0\n process_one_work+0xc11/0x1460\n ? __pfx_process_one_work+0x10/0x10\n ? assign_work+0x16c/0x240\n worker_thread+0x5ef/0xfd0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x3b0/0x770\n ? __pfx_kthread+0x10/0x10\n ? rcu_is_watching+0x11/0xb0\n ? _raw_spin_unlock_irq+0x24/0x50\n ? rcu_is_watching+0x11/0xb0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x30/0x70\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\n Allocated by task 147416:\n kasan_save_stack+0x2c/0x50\n kasan_save_track+0x10/0x30\n __kasan_kmalloc+0xa6/0xb0\n alloc_work_entries+0xa9/0x260 [iw_cm]\n iw_cm_connect+0x23/0x4a0 [iw_cm]\n rdma_connect_locked+0xbfd/0x1920 [rdma_cm]\n nvme_rdma_cm_handler+0x8e5/0x1b60 [nvme_rdma]\n cma_cm_event_handler+0xae/0x320 [rdma_cm]\n cma_work_handler+0x106/0x1b0 [rdma_cm]\n process_one_work+0x84f/0x1460\n worker_thread+0x5ef/0xfd0\n kthread+0x3b0/0x770\n ret_from_fork+0x30/0x70\n ret_from_fork_asm+0x1a/0x30\n\n Freed by task 147091:\n kasan_save_stack+0x2c/0x50\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x37/0x60\n __kasan_slab_free+0x4b/0x70\n kfree+0x13a/0x4b0\n dealloc_work_entries+0x125/0x1f0 [iw_cm]\n iwcm_deref_id+0x6f/0xa0 [iw_cm]\n cm_work_handler+0x136/0x1ba0 [iw_cm]\n process_one_work+0x84f/0x1460\n worker_thread+0x5ef/0xfd0\n kthread+0x3b0/0x770\n ret_from_fork+0x30/0x70\n ret_from_fork_asm+0x1a/0x30\n\n Last potentially related work creation:\n kasan_save_stack+0x2c/0x50\n kasan_record_aux_stack+0xa3/0xb0\n __queue_work+0x2ff/0x1390\n queue_work_on+0x67/0xc0\n cm_event_handler+0x46a/0x820 [iw_cm]\n siw_cm_upcall+0x330/0x650 [siw]\n siw_cm_work_handler+0x6b9/0x2b20 [siw]\n process_one_work+0x84f/0x1460\n worker_thread+0x5ef/0xfd0\n kthread+0x3b0/0x770\n ret_from_fork+0x30/0x70\n ret_from_fork_asm+0x1a/0x30\n\nThis BUG is reproducible by repeating the blktests test case nvme/061\nfor the rdma transport and the siw driver.\n\nTo avoid the use-after-free of cm_id_private work objects, ensure that\nthe last reference to the cm_id is decremented not in the event handler\nworks, but in the cm_id destruction context. For that purpose, mo\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38211",
"url": "https://www.suse.com/security/cve/CVE-2025-38211"
},
{
"category": "external",
"summary": "SUSE Bug 1246008 for CVE-2025-38211",
"url": "https://bugzilla.suse.com/1246008"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38211"
},
{
"cve": "CVE-2025-38213",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38213"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38213",
"url": "https://www.suse.com/security/cve/CVE-2025-38213"
},
{
"category": "external",
"summary": "SUSE Bug 1246037 for CVE-2025-38213",
"url": "https://bugzilla.suse.com/1246037"
},
{
"category": "external",
"summary": "SUSE Bug 1246039 for CVE-2025-38213",
"url": "https://bugzilla.suse.com/1246039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38213"
},
{
"cve": "CVE-2025-38214",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38214"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var\n\nIf fb_add_videomode() in fb_set_var() fails to allocate memory for\nfb_videomode, later it may lead to a null-ptr dereference in\nfb_videomode_to_var(), as the fb_info is registered while not having the\nmode in modelist that is expected to be there, i.e. the one that is\ndescribed in fb_info-\u003evar.\n\n================================================================\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 1 PID: 30371 Comm: syz-executor.1 Not tainted 5.10.226-syzkaller #0\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nRIP: 0010:fb_videomode_to_var+0x24/0x610 drivers/video/fbdev/core/modedb.c:901\nCall Trace:\n display_to_var+0x3a/0x7c0 drivers/video/fbdev/core/fbcon.c:929\n fbcon_resize+0x3e2/0x8f0 drivers/video/fbdev/core/fbcon.c:2071\n resize_screen drivers/tty/vt/vt.c:1176 [inline]\n vc_do_resize+0x53a/0x1170 drivers/tty/vt/vt.c:1263\n fbcon_modechanged+0x3ac/0x6e0 drivers/video/fbdev/core/fbcon.c:2720\n fbcon_update_vcs+0x43/0x60 drivers/video/fbdev/core/fbcon.c:2776\n do_fb_ioctl+0x6d2/0x740 drivers/video/fbdev/core/fbmem.c:1128\n fb_ioctl+0xe7/0x150 drivers/video/fbdev/core/fbmem.c:1203\n vfs_ioctl fs/ioctl.c:48 [inline]\n __do_sys_ioctl fs/ioctl.c:753 [inline]\n __se_sys_ioctl fs/ioctl.c:739 [inline]\n __x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:739\n do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\n================================================================\n\nThe reason is that fb_info-\u003evar is being modified in fb_set_var(), and\nthen fb_videomode_to_var() is called. If it fails to add the mode to\nfb_info-\u003emodelist, fb_set_var() returns error, but does not restore the\nold value of fb_info-\u003evar. Restore fb_info-\u003evar on failure the same way\nit is done earlier in the function.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38214",
"url": "https://www.suse.com/security/cve/CVE-2025-38214"
},
{
"category": "external",
"summary": "SUSE Bug 1246042 for CVE-2025-38214",
"url": "https://bugzilla.suse.com/1246042"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38214"
},
{
"cve": "CVE-2025-38215",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38215"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var\n\nIf fb_add_videomode() in do_register_framebuffer() fails to allocate\nmemory for fb_videomode, it will later lead to a null-ptr dereference in\nfb_videomode_to_var(), as the fb_info is registered while not having the\nmode in modelist that is expected to be there, i.e. the one that is\ndescribed in fb_info-\u003evar.\n\n================================================================\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 1 PID: 30371 Comm: syz-executor.1 Not tainted 5.10.226-syzkaller #0\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nRIP: 0010:fb_videomode_to_var+0x24/0x610 drivers/video/fbdev/core/modedb.c:901\nCall Trace:\n display_to_var+0x3a/0x7c0 drivers/video/fbdev/core/fbcon.c:929\n fbcon_resize+0x3e2/0x8f0 drivers/video/fbdev/core/fbcon.c:2071\n resize_screen drivers/tty/vt/vt.c:1176 [inline]\n vc_do_resize+0x53a/0x1170 drivers/tty/vt/vt.c:1263\n fbcon_modechanged+0x3ac/0x6e0 drivers/video/fbdev/core/fbcon.c:2720\n fbcon_update_vcs+0x43/0x60 drivers/video/fbdev/core/fbcon.c:2776\n do_fb_ioctl+0x6d2/0x740 drivers/video/fbdev/core/fbmem.c:1128\n fb_ioctl+0xe7/0x150 drivers/video/fbdev/core/fbmem.c:1203\n vfs_ioctl fs/ioctl.c:48 [inline]\n __do_sys_ioctl fs/ioctl.c:753 [inline]\n __se_sys_ioctl fs/ioctl.c:739 [inline]\n __x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:739\n do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\n================================================================\n\nEven though fbcon_init() checks beforehand if fb_match_mode() in\nvar_to_display() fails, it can not prevent the panic because fbcon_init()\ndoes not return error code. Considering this and the comment in the code\nabout fb_match_mode() returning NULL - \"This should not happen\" - it is\nbetter to prevent registering the fb_info if its mode was not set\nsuccessfully. Also move fb_add_videomode() closer to the beginning of\ndo_register_framebuffer() to avoid having to do the cleanup on fail.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38215",
"url": "https://www.suse.com/security/cve/CVE-2025-38215"
},
{
"category": "external",
"summary": "SUSE Bug 1246109 for CVE-2025-38215",
"url": "https://bugzilla.suse.com/1246109"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38215"
},
{
"cve": "CVE-2025-38216",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38216"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Restore context entry setup order for aliased devices\n\nCommit 2031c469f816 (\"iommu/vt-d: Add support for static identity domain\")\nchanged the context entry setup during domain attachment from a\nset-and-check policy to a clear-and-reset approach. This inadvertently\nintroduced a regression affecting PCI aliased devices behind PCIe-to-PCI\nbridges.\n\nSpecifically, keyboard and touchpad stopped working on several Apple\nMacbooks with below messages:\n\n kernel: platform pxa2xx-spi.3: Adding to iommu group 20\n kernel: input: Apple SPI Keyboard as\n /devices/pci0000:00/0000:00:1e.3/pxa2xx-spi.3/spi_master/spi2/spi-APP000D:00/input/input0\n kernel: DMAR: DRHD: handling fault status reg 3\n kernel: DMAR: [DMA Read NO_PASID] Request device [00:1e.3] fault addr\n 0xffffa000 [fault reason 0x06] PTE Read access is not set\n kernel: DMAR: DRHD: handling fault status reg 3\n kernel: DMAR: [DMA Read NO_PASID] Request device [00:1e.3] fault addr\n 0xffffa000 [fault reason 0x06] PTE Read access is not set\n kernel: applespi spi-APP000D:00: Error writing to device: 01 0e 00 00\n kernel: DMAR: DRHD: handling fault status reg 3\n kernel: DMAR: [DMA Read NO_PASID] Request device [00:1e.3] fault addr\n 0xffffa000 [fault reason 0x06] PTE Read access is not set\n kernel: DMAR: DRHD: handling fault status reg 3\n kernel: applespi spi-APP000D:00: Error writing to device: 01 0e 00 00\n\nFix this by restoring the previous context setup order.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38216",
"url": "https://www.suse.com/security/cve/CVE-2025-38216"
},
{
"category": "external",
"summary": "SUSE Bug 1245963 for CVE-2025-38216",
"url": "https://bugzilla.suse.com/1245963"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38216"
},
{
"cve": "CVE-2025-38217",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38217"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (ftsteutates) Fix TOCTOU race in fts_read()\n\nIn the fts_read() function, when handling hwmon_pwm_auto_channels_temp,\nthe code accesses the shared variable data-\u003efan_source[channel] twice\nwithout holding any locks. It is first checked against\nFTS_FAN_SOURCE_INVALID, and if the check passes, it is read again\nwhen used as an argument to the BIT() macro.\n\nThis creates a Time-of-Check to Time-of-Use (TOCTOU) race condition.\nAnother thread executing fts_update_device() can modify the value of\ndata-\u003efan_source[channel] between the check and its use. If the value\nis changed to FTS_FAN_SOURCE_INVALID (0xff) during this window, the\nBIT() macro will be called with a large shift value (BIT(255)).\nA bit shift by a value greater than or equal to the type width is\nundefined behavior and can lead to a crash or incorrect values being\nreturned to userspace.\n\nFix this by reading data-\u003efan_source[channel] into a local variable\nonce, eliminating the race condition. Additionally, add a bounds check\nto ensure the value is less than BITS_PER_LONG before passing it to\nthe BIT() macro, making the code more robust against undefined behavior.\n\nThis possible bug was found by an experimental static analysis tool\ndeveloped by our team.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38217",
"url": "https://www.suse.com/security/cve/CVE-2025-38217"
},
{
"category": "external",
"summary": "SUSE Bug 1246002 for CVE-2025-38217",
"url": "https://bugzilla.suse.com/1246002"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38217"
},
{
"cve": "CVE-2025-38220",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38220"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: only dirty folios when data journaling regular files\n\nfstest generic/388 occasionally reproduces a crash that looks as\nfollows:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n...\nCall Trace:\n \u003cTASK\u003e\n ext4_block_zero_page_range+0x30c/0x380 [ext4]\n ext4_truncate+0x436/0x440 [ext4]\n ext4_process_orphan+0x5d/0x110 [ext4]\n ext4_orphan_cleanup+0x124/0x4f0 [ext4]\n ext4_fill_super+0x262d/0x3110 [ext4]\n get_tree_bdev_flags+0x132/0x1d0\n vfs_get_tree+0x26/0xd0\n vfs_cmd_create+0x59/0xe0\n __do_sys_fsconfig+0x4ed/0x6b0\n do_syscall_64+0x82/0x170\n ...\n\nThis occurs when processing a symlink inode from the orphan list. The\npartial block zeroing code in the truncate path calls\next4_dirty_journalled_data() -\u003e folio_mark_dirty(). The latter calls\nmapping-\u003ea_ops-\u003edirty_folio(), but symlink inodes are not assigned an\na_ops vector in ext4, hence the crash.\n\nTo avoid this problem, update the ext4_dirty_journalled_data() helper to\nonly mark the folio dirty on regular files (for which a_ops is\nassigned). This also matches the journaling logic in the ext4_symlink()\ncreation path, where ext4_handle_dirty_metadata() is called directly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38220",
"url": "https://www.suse.com/security/cve/CVE-2025-38220"
},
{
"category": "external",
"summary": "SUSE Bug 1245966 for CVE-2025-38220",
"url": "https://bugzilla.suse.com/1245966"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38220"
},
{
"cve": "CVE-2025-38222",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38222"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: inline: fix len overflow in ext4_prepare_inline_data\n\nWhen running the following code on an ext4 filesystem with inline_data\nfeature enabled, it will lead to the bug below.\n\n fd = open(\"file1\", O_RDWR | O_CREAT | O_TRUNC, 0666);\n ftruncate(fd, 30);\n pwrite(fd, \"a\", 1, (1UL \u003c\u003c 40) + 5UL);\n\nThat happens because write_begin will succeed as when\next4_generic_write_inline_data calls ext4_prepare_inline_data, pos + len\nwill be truncated, leading to ext4_prepare_inline_data parameter to be 6\ninstead of 0x10000000006.\n\nThen, later when write_end is called, we hit:\n\n BUG_ON(pos + len \u003e EXT4_I(inode)-\u003ei_inline_size);\n\nat ext4_write_inline_data.\n\nFix it by using a loff_t type for the len parameter in\next4_prepare_inline_data instead of an unsigned int.\n\n[ 44.545164] ------------[ cut here ]------------\n[ 44.545530] kernel BUG at fs/ext4/inline.c:240!\n[ 44.545834] Oops: invalid opcode: 0000 [#1] SMP NOPTI\n[ 44.546172] CPU: 3 UID: 0 PID: 343 Comm: test Not tainted 6.15.0-rc2-00003-g9080916f4863 #45 PREEMPT(full) 112853fcebfdb93254270a7959841d2c6aa2c8bb\n[ 44.546523] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 44.546523] RIP: 0010:ext4_write_inline_data+0xfe/0x100\n[ 44.546523] Code: 3c 0e 48 83 c7 48 48 89 de 5b 41 5c 41 5d 41 5e 41 5f 5d e9 e4 fa 43 01 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc 0f 0b \u003c0f\u003e 0b 0f 1f 44 00 00 55 41 57 41 56 41 55 41 54 53 48 83 ec 20 49\n[ 44.546523] RSP: 0018:ffffb342008b79a8 EFLAGS: 00010216\n[ 44.546523] RAX: 0000000000000001 RBX: ffff9329c579c000 RCX: 0000010000000006\n[ 44.546523] RDX: 000000000000003c RSI: ffffb342008b79f0 RDI: ffff9329c158e738\n[ 44.546523] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000\n[ 44.546523] R10: 00007ffffffff000 R11: ffffffff9bd0d910 R12: 0000006210000000\n[ 44.546523] R13: fffffc7e4015e700 R14: 0000010000000005 R15: ffff9329c158e738\n[ 44.546523] FS: 00007f4299934740(0000) GS:ffff932a60179000(0000) knlGS:0000000000000000\n[ 44.546523] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 44.546523] CR2: 00007f4299a1ec90 CR3: 0000000002886002 CR4: 0000000000770eb0\n[ 44.546523] PKRU: 55555554\n[ 44.546523] Call Trace:\n[ 44.546523] \u003cTASK\u003e\n[ 44.546523] ext4_write_inline_data_end+0x126/0x2d0\n[ 44.546523] generic_perform_write+0x17e/0x270\n[ 44.546523] ext4_buffered_write_iter+0xc8/0x170\n[ 44.546523] vfs_write+0x2be/0x3e0\n[ 44.546523] __x64_sys_pwrite64+0x6d/0xc0\n[ 44.546523] do_syscall_64+0x6a/0xf0\n[ 44.546523] ? __wake_up+0x89/0xb0\n[ 44.546523] ? xas_find+0x72/0x1c0\n[ 44.546523] ? next_uptodate_folio+0x317/0x330\n[ 44.546523] ? set_pte_range+0x1a6/0x270\n[ 44.546523] ? filemap_map_pages+0x6ee/0x840\n[ 44.546523] ? ext4_setattr+0x2fa/0x750\n[ 44.546523] ? do_pte_missing+0x128/0xf70\n[ 44.546523] ? security_inode_post_setattr+0x3e/0xd0\n[ 44.546523] ? ___pte_offset_map+0x19/0x100\n[ 44.546523] ? handle_mm_fault+0x721/0xa10\n[ 44.546523] ? do_user_addr_fault+0x197/0x730\n[ 44.546523] ? do_syscall_64+0x76/0xf0\n[ 44.546523] ? arch_exit_to_user_mode_prepare+0x1e/0x60\n[ 44.546523] ? irqentry_exit_to_user_mode+0x79/0x90\n[ 44.546523] entry_SYSCALL_64_after_hwframe+0x55/0x5d\n[ 44.546523] RIP: 0033:0x7f42999c6687\n[ 44.546523] Code: 48 89 fa 4c 89 df e8 58 b3 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 \u003c5b\u003e c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff\n[ 44.546523] RSP: 002b:00007ffeae4a7930 EFLAGS: 00000202 ORIG_RAX: 0000000000000012\n[ 44.546523] RAX: ffffffffffffffda RBX: 00007f4299934740 RCX: 00007f42999c6687\n[ 44.546523] RDX: 0000000000000001 RSI: 000055ea6149200f RDI: 0000000000000003\n[ 44.546523] RBP: 00007ffeae4a79a0 R08: 0000000000000000 R09: 0000000000000000\n[ 44.546523] R10: 0000010000000005 R11: 0000000000000202 R12: 0000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38222",
"url": "https://www.suse.com/security/cve/CVE-2025-38222"
},
{
"category": "external",
"summary": "SUSE Bug 1245976 for CVE-2025-38222",
"url": "https://bugzilla.suse.com/1245976"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38222"
},
{
"cve": "CVE-2025-38224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38224"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: kvaser_pciefd: refine error prone echo_skb_max handling logic\n\necho_skb_max should define the supported upper limit of echo_skb[]\nallocated inside the netdevice\u0027s priv. The corresponding size value\nprovided by this driver to alloc_candev() is KVASER_PCIEFD_CAN_TX_MAX_COUNT\nwhich is 17.\n\nBut later echo_skb_max is rounded up to the nearest power of two (for the\nmax case, that would be 32) and the tx/ack indices calculated further\nduring tx/rx may exceed the upper array boundary. Kasan reported this for\nthe ack case inside kvaser_pciefd_handle_ack_packet(), though the xmit\nfunction has actually caught the same thing earlier.\n\n BUG: KASAN: slab-out-of-bounds in kvaser_pciefd_handle_ack_packet+0x2d7/0x92a drivers/net/can/kvaser_pciefd.c:1528\n Read of size 8 at addr ffff888105e4f078 by task swapper/4/0\n\n CPU: 4 UID: 0 PID: 0 Comm: swapper/4 Not tainted 6.15.0 #12 PREEMPT(voluntary)\n Call Trace:\n \u003cIRQ\u003e\n dump_stack_lvl lib/dump_stack.c:122\n print_report mm/kasan/report.c:521\n kasan_report mm/kasan/report.c:634\n kvaser_pciefd_handle_ack_packet drivers/net/can/kvaser_pciefd.c:1528\n kvaser_pciefd_read_packet drivers/net/can/kvaser_pciefd.c:1605\n kvaser_pciefd_read_buffer drivers/net/can/kvaser_pciefd.c:1656\n kvaser_pciefd_receive_irq drivers/net/can/kvaser_pciefd.c:1684\n kvaser_pciefd_irq_handler drivers/net/can/kvaser_pciefd.c:1733\n __handle_irq_event_percpu kernel/irq/handle.c:158\n handle_irq_event kernel/irq/handle.c:210\n handle_edge_irq kernel/irq/chip.c:833\n __common_interrupt arch/x86/kernel/irq.c:296\n common_interrupt arch/x86/kernel/irq.c:286\n \u003c/IRQ\u003e\n\nTx max count definitely matters for kvaser_pciefd_tx_avail(), but for seq\nnumbers\u0027 generation that\u0027s not the case - we\u0027re free to calculate them as\nwould be more convenient, not taking tx max count into account. The only\ndownside is that the size of echo_skb[] should correspond to the max seq\nnumber (not tx max count), so in some situations a bit more memory would\nbe consumed than could be.\n\nThus make the size of the underlying echo_skb[] sufficient for the rounded\nmax tx value.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38224",
"url": "https://www.suse.com/security/cve/CVE-2025-38224"
},
{
"category": "external",
"summary": "SUSE Bug 1246166 for CVE-2025-38224",
"url": "https://bugzilla.suse.com/1246166"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38224"
},
{
"cve": "CVE-2025-38225",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38225"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-jpeg: Cleanup after an allocation error\n\nWhen allocation failures are not cleaned up by the driver, further\nallocation errors will be false-positives, which will cause buffers to\nremain uninitialized and cause NULL pointer dereferences.\nEnsure proper cleanup of failed allocations to prevent these issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38225",
"url": "https://www.suse.com/security/cve/CVE-2025-38225"
},
{
"category": "external",
"summary": "SUSE Bug 1246041 for CVE-2025-38225",
"url": "https://bugzilla.suse.com/1246041"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38225"
},
{
"cve": "CVE-2025-38226",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38226"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: vivid: Change the siize of the composing\n\nsyzkaller found a bug:\n\nBUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_pattern drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2608 [inline]\nBUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_buffer+0x1a9c/0x5af0 drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2705\nWrite of size 1440 at addr ffffc9000d0ffda0 by task vivid-000-vid-c/5304\n\nCPU: 0 UID: 0 PID: 5304 Comm: vivid-000-vid-c Not tainted 6.14.0-rc2-syzkaller-00039-g09fbf3d50205 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n kasan_check_range+0x282/0x290 mm/kasan/generic.c:189\n __asan_memcpy+0x40/0x70 mm/kasan/shadow.c:106\n tpg_fill_plane_pattern drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2608 [inline]\n tpg_fill_plane_buffer+0x1a9c/0x5af0 drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2705\n vivid_fillbuff drivers/media/test-drivers/vivid/vivid-kthread-cap.c:470 [inline]\n vivid_thread_vid_cap_tick+0xf8e/0x60d0 drivers/media/test-drivers/vivid/vivid-kthread-cap.c:629\n vivid_thread_vid_cap+0x8aa/0xf30 drivers/media/test-drivers/vivid/vivid-kthread-cap.c:767\n kthread+0x7a9/0x920 kernel/kthread.c:464\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\nThe composition size cannot be larger than the size of fmt_cap_rect.\nSo execute v4l2_rect_map_inside() even if has_compose_cap == 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38226",
"url": "https://www.suse.com/security/cve/CVE-2025-38226"
},
{
"category": "external",
"summary": "SUSE Bug 1246050 for CVE-2025-38226",
"url": "https://bugzilla.suse.com/1246050"
},
{
"category": "external",
"summary": "SUSE Bug 1246051 for CVE-2025-38226",
"url": "https://bugzilla.suse.com/1246051"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38226"
},
{
"cve": "CVE-2025-38227",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38227"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: vidtv: Terminating the subsequent process of initialization failure\n\nsyzbot reported a slab-use-after-free Read in vidtv_mux_init. [1]\n\nAfter PSI initialization fails, the si member is accessed again, resulting\nin this uaf.\n\nAfter si initialization fails, the subsequent process needs to be exited.\n\n[1]\nBUG: KASAN: slab-use-after-free in vidtv_mux_pid_ctx_init drivers/media/test-drivers/vidtv/vidtv_mux.c:78 [inline]\nBUG: KASAN: slab-use-after-free in vidtv_mux_init+0xac2/0xbe0 drivers/media/test-drivers/vidtv/vidtv_mux.c:524\nRead of size 8 at addr ffff88802fa42acc by task syz.2.37/6059\n\nCPU: 0 UID: 0 PID: 6059 Comm: syz.2.37 Not tainted 6.14.0-rc5-syzkaller #0\nHardware name: Google Compute Engine, BIOS Google 02/12/2025\nCall Trace:\n\u003cTASK\u003e\n__dump_stack lib/dump_stack.c:94 [inline]\ndump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\nprint_address_description mm/kasan/report.c:408 [inline]\nprint_report+0xc3/0x670 mm/kasan/report.c:521\nkasan_report+0xd9/0x110 mm/kasan/report.c:634\nvidtv_mux_pid_ctx_init drivers/media/test-drivers/vidtv/vidtv_mux.c:78\nvidtv_mux_init+0xac2/0xbe0 drivers/media/test-drivers/vidtv/vidtv_mux.c:524\nvidtv_start_streaming drivers/media/test-drivers/vidtv/vidtv_bridge.c:194\nvidtv_start_feed drivers/media/test-drivers/vidtv/vidtv_bridge.c:239\ndmx_section_feed_start_filtering drivers/media/dvb-core/dvb_demux.c:973\ndvb_dmxdev_feed_start drivers/media/dvb-core/dmxdev.c:508 [inline]\ndvb_dmxdev_feed_restart.isra.0 drivers/media/dvb-core/dmxdev.c:537\ndvb_dmxdev_filter_stop+0x2b4/0x3a0 drivers/media/dvb-core/dmxdev.c:564\ndvb_dmxdev_filter_free drivers/media/dvb-core/dmxdev.c:840 [inline]\ndvb_demux_release+0x92/0x550 drivers/media/dvb-core/dmxdev.c:1246\n__fput+0x3ff/0xb70 fs/file_table.c:464\ntask_work_run+0x14e/0x250 kernel/task_work.c:227\nexit_task_work include/linux/task_work.h:40 [inline]\ndo_exit+0xad8/0x2d70 kernel/exit.c:938\ndo_group_exit+0xd3/0x2a0 kernel/exit.c:1087\n__do_sys_exit_group kernel/exit.c:1098 [inline]\n__se_sys_exit_group kernel/exit.c:1096 [inline]\n__x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1096\nx64_sys_call+0x151f/0x1720 arch/x86/include/generated/asm/syscalls_64.h:232\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f871d58d169\nCode: Unable to access opcode bytes at 0x7f871d58d13f.\nRSP: 002b:00007fff4b19a788 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f871d58d169\nRDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: 00007fff4b19a7ec R08: 0000000b4b19a87f R09: 00000000000927c0\nR10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000003\nR13: 00000000000927c0 R14: 000000000001d553 R15: 00007fff4b19a840\n \u003c/TASK\u003e\n\nAllocated by task 6059:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394\n kmalloc_noprof include/linux/slab.h:901 [inline]\n kzalloc_noprof include/linux/slab.h:1037 [inline]\n vidtv_psi_pat_table_init drivers/media/test-drivers/vidtv/vidtv_psi.c:970\n vidtv_channel_si_init drivers/media/test-drivers/vidtv/vidtv_channel.c:423\n vidtv_mux_init drivers/media/test-drivers/vidtv/vidtv_mux.c:519\n vidtv_start_streaming drivers/media/test-drivers/vidtv/vidtv_bridge.c:194\n vidtv_start_feed drivers/media/test-drivers/vidtv/vidtv_bridge.c:239\n dmx_section_feed_start_filtering drivers/media/dvb-core/dvb_demux.c:973\n dvb_dmxdev_feed_start drivers/media/dvb-core/dmxdev.c:508 [inline]\n dvb_dmxdev_feed_restart.isra.0 drivers/media/dvb-core/dmxdev.c:537\n dvb_dmxdev_filter_stop+0x2b4/0x3a0 drivers/media/dvb-core/dmxdev.c:564\n dvb_dmxdev_filter_free drivers/media/dvb-core/dmxdev.c:840 [inline]\n dvb_demux_release+0x92/0x550 drivers/media/dvb-core/dmxdev.c:1246\n __fput+0x3ff/0xb70 fs/file_tabl\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38227",
"url": "https://www.suse.com/security/cve/CVE-2025-38227"
},
{
"category": "external",
"summary": "SUSE Bug 1246031 for CVE-2025-38227",
"url": "https://bugzilla.suse.com/1246031"
},
{
"category": "external",
"summary": "SUSE Bug 1246032 for CVE-2025-38227",
"url": "https://bugzilla.suse.com/1246032"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38227"
},
{
"cve": "CVE-2025-38228",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38228"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imagination: fix a potential memory leak in e5010_probe()\n\nAdd video_device_release() to release the memory allocated by\nvideo_device_alloc() if something goes wrong.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38228",
"url": "https://www.suse.com/security/cve/CVE-2025-38228"
},
{
"category": "external",
"summary": "SUSE Bug 1245814 for CVE-2025-38228",
"url": "https://bugzilla.suse.com/1245814"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "low"
}
],
"title": "CVE-2025-38228"
},
{
"cve": "CVE-2025-38229",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38229"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: cxusb: no longer judge rbuf when the write fails\n\nsyzbot reported a uninit-value in cxusb_i2c_xfer. [1]\n\nOnly when the write operation of usb_bulk_msg() in dvb_usb_generic_rw()\nsucceeds and rlen is greater than 0, the read operation of usb_bulk_msg()\nwill be executed to read rlen bytes of data from the dvb device into the\nrbuf.\n\nIn this case, although rlen is 1, the write operation failed which resulted\nin the dvb read operation not being executed, and ultimately variable i was\nnot initialized.\n\n[1]\nBUG: KMSAN: uninit-value in cxusb_gpio_tuner drivers/media/usb/dvb-usb/cxusb.c:124 [inline]\nBUG: KMSAN: uninit-value in cxusb_i2c_xfer+0x153a/0x1a60 drivers/media/usb/dvb-usb/cxusb.c:196\n cxusb_gpio_tuner drivers/media/usb/dvb-usb/cxusb.c:124 [inline]\n cxusb_i2c_xfer+0x153a/0x1a60 drivers/media/usb/dvb-usb/cxusb.c:196\n __i2c_transfer+0xe25/0x3150 drivers/i2c/i2c-core-base.c:-1\n i2c_transfer+0x317/0x4a0 drivers/i2c/i2c-core-base.c:2315\n i2c_transfer_buffer_flags+0x125/0x1e0 drivers/i2c/i2c-core-base.c:2343\n i2c_master_send include/linux/i2c.h:109 [inline]\n i2cdev_write+0x210/0x280 drivers/i2c/i2c-dev.c:183\n do_loop_readv_writev fs/read_write.c:848 [inline]\n vfs_writev+0x963/0x14e0 fs/read_write.c:1057\n do_writev+0x247/0x5c0 fs/read_write.c:1101\n __do_sys_writev fs/read_write.c:1169 [inline]\n __se_sys_writev fs/read_write.c:1166 [inline]\n __x64_sys_writev+0x98/0xe0 fs/read_write.c:1166\n x64_sys_call+0x2229/0x3c80 arch/x86/include/generated/asm/syscalls_64.h:21\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38229",
"url": "https://www.suse.com/security/cve/CVE-2025-38229"
},
{
"category": "external",
"summary": "SUSE Bug 1246049 for CVE-2025-38229",
"url": "https://bugzilla.suse.com/1246049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38229"
},
{
"cve": "CVE-2025-38231",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38231"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: Initialize ssc before laundromat_work to prevent NULL dereference\n\nIn nfs4_state_start_net(), laundromat_work may access nfsd_ssc through\nnfs4_laundromat -\u003e nfsd4_ssc_expire_umount. If nfsd_ssc isn\u0027t initialized,\nthis can cause NULL pointer dereference.\n\nNormally the delayed start of laundromat_work allows sufficient time for\nnfsd_ssc initialization to complete. However, when the kernel waits too\nlong for userspace responses (e.g. in nfs4_state_start_net -\u003e\nnfsd4_end_grace -\u003e nfsd4_record_grace_done -\u003e nfsd4_cld_grace_done -\u003e\ncld_pipe_upcall -\u003e __cld_pipe_upcall -\u003e wait_for_completion path), the\ndelayed work may start before nfsd_ssc initialization finishes.\n\nFix this by moving nfsd_ssc initialization before starting laundromat_work.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38231",
"url": "https://www.suse.com/security/cve/CVE-2025-38231"
},
{
"category": "external",
"summary": "SUSE Bug 1246055 for CVE-2025-38231",
"url": "https://bugzilla.suse.com/1246055"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38231"
},
{
"cve": "CVE-2025-38232",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38232"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: fix race between nfsd registration and exports_proc\n\nAs of now nfsd calls create_proc_exports_entry() at start of init_nfsd\nand cleanup by remove_proc_entry() at last of exit_nfsd.\n\nWhich causes kernel OOPs if there is race between below 2 operations:\n(i) exportfs -r\n(ii) mount -t nfsd none /proc/fs/nfsd\n\nfor 5.4 kernel ARM64:\n\nCPU 1:\nel1_irq+0xbc/0x180\narch_counter_get_cntvct+0x14/0x18\nrunning_clock+0xc/0x18\npreempt_count_add+0x88/0x110\nprep_new_page+0xb0/0x220\nget_page_from_freelist+0x2d8/0x1778\n__alloc_pages_nodemask+0x15c/0xef0\n__vmalloc_node_range+0x28c/0x478\n__vmalloc_node_flags_caller+0x8c/0xb0\nkvmalloc_node+0x88/0xe0\nnfsd_init_net+0x6c/0x108 [nfsd]\nops_init+0x44/0x170\nregister_pernet_operations+0x114/0x270\nregister_pernet_subsys+0x34/0x50\ninit_nfsd+0xa8/0x718 [nfsd]\ndo_one_initcall+0x54/0x2e0\n\nCPU 2 :\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000010\n\nPC is at : exports_net_open+0x50/0x68 [nfsd]\n\nCall trace:\nexports_net_open+0x50/0x68 [nfsd]\nexports_proc_open+0x2c/0x38 [nfsd]\nproc_reg_open+0xb8/0x198\ndo_dentry_open+0x1c4/0x418\nvfs_open+0x38/0x48\npath_openat+0x28c/0xf18\ndo_filp_open+0x70/0xe8\ndo_sys_open+0x154/0x248\n\nSometimes it crashes at exports_net_open() and sometimes cache_seq_next_rcu().\n\nand same is happening on latest 6.14 kernel as well:\n\n[ 0.000000] Linux version 6.14.0-rc5-next-20250304-dirty\n...\n[ 285.455918] Unable to handle kernel paging request at virtual address 00001f4800001f48\n...\n[ 285.464902] pc : cache_seq_next_rcu+0x78/0xa4\n...\n[ 285.469695] Call trace:\n[ 285.470083] cache_seq_next_rcu+0x78/0xa4 (P)\n[ 285.470488] seq_read+0xe0/0x11c\n[ 285.470675] proc_reg_read+0x9c/0xf0\n[ 285.470874] vfs_read+0xc4/0x2fc\n[ 285.471057] ksys_read+0x6c/0xf4\n[ 285.471231] __arm64_sys_read+0x1c/0x28\n[ 285.471428] invoke_syscall+0x44/0x100\n[ 285.471633] el0_svc_common.constprop.0+0x40/0xe0\n[ 285.471870] do_el0_svc_compat+0x1c/0x34\n[ 285.472073] el0_svc_compat+0x2c/0x80\n[ 285.472265] el0t_32_sync_handler+0x90/0x140\n[ 285.472473] el0t_32_sync+0x19c/0x1a0\n[ 285.472887] Code: f9400885 93407c23 937d7c27 11000421 (f86378a3)\n[ 285.473422] ---[ end trace 0000000000000000 ]---\n\nIt reproduced simply with below script:\nwhile [ 1 ]\ndo\n/exportfs -r\ndone \u0026\n\nwhile [ 1 ]\ndo\ninsmod /nfsd.ko\nmount -t nfsd none /proc/fs/nfsd\numount /proc/fs/nfsd\nrmmod nfsd\ndone \u0026\n\nSo exporting interfaces to user space shall be done at last and\ncleanup at first place.\n\nWith change there is no Kernel OOPs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38232",
"url": "https://www.suse.com/security/cve/CVE-2025-38232"
},
{
"category": "external",
"summary": "SUSE Bug 1246054 for CVE-2025-38232",
"url": "https://bugzilla.suse.com/1246054"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38232"
},
{
"cve": "CVE-2025-38233",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38233"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc64/ftrace: fix clobbered r15 during livepatching\n\nWhile r15 is clobbered always with PPC_FTRACE_OUT_OF_LINE, it is\nnot restored in livepatch sequence leading to not so obvious fails\nlike below:\n\n BUG: Unable to handle kernel data access on write at 0xc0000000000f9078\n Faulting instruction address: 0xc0000000018ff958\n Oops: Kernel access of bad area, sig: 11 [#1]\n ...\n NIP: c0000000018ff958 LR: c0000000018ff930 CTR: c0000000009c0790\n REGS: c00000005f2e7790 TRAP: 0300 Tainted: G K (6.14.0+)\n MSR: 8000000000009033 \u003cSF,EE,ME,IR,DR,RI,LE\u003e CR: 2822880b XER: 20040000\n CFAR: c0000000008addc0 DAR: c0000000000f9078 DSISR: 0a000000 IRQMASK: 1\n GPR00: c0000000018f2584 c00000005f2e7a30 c00000000280a900 c000000017ffa488\n GPR04: 0000000000000008 0000000000000000 c0000000018f24fc 000000000000000d\n GPR08: fffffffffffe0000 000000000000000d 0000000000000000 0000000000008000\n GPR12: c0000000009c0790 c000000017ffa480 c00000005f2e7c78 c0000000000f9070\n GPR16: c00000005f2e7c90 0000000000000000 0000000000000000 0000000000000000\n GPR20: 0000000000000000 c00000005f3efa80 c00000005f2e7c60 c00000005f2e7c88\n GPR24: c00000005f2e7c60 0000000000000001 c0000000000f9078 0000000000000000\n GPR28: 00007fff97960000 c000000017ffa480 0000000000000000 c0000000000f9078\n ...\n Call Trace:\n check_heap_object+0x34/0x390 (unreliable)\n __mutex_unlock_slowpath.isra.0+0xe4/0x230\n seq_read_iter+0x430/0xa90\n proc_reg_read_iter+0xa4/0x200\n vfs_read+0x41c/0x510\n ksys_read+0xa4/0x190\n system_call_exception+0x1d0/0x440\n system_call_vectored_common+0x15c/0x2ec\n\nFix it by restoring r15 always.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38233",
"url": "https://www.suse.com/security/cve/CVE-2025-38233"
},
{
"category": "external",
"summary": "SUSE Bug 1246053 for CVE-2025-38233",
"url": "https://bugzilla.suse.com/1246053"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38233"
},
{
"cve": "CVE-2025-38234",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38234"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/rt: Fix race in push_rt_task\n\nOverview\n========\nWhen a CPU chooses to call push_rt_task and picks a task to push to\nanother CPU\u0027s runqueue then it will call find_lock_lowest_rq method\nwhich would take a double lock on both CPUs\u0027 runqueues. If one of the\nlocks aren\u0027t readily available, it may lead to dropping the current\nrunqueue lock and reacquiring both the locks at once. During this window\nit is possible that the task is already migrated and is running on some\nother CPU. These cases are already handled. However, if the task is\nmigrated and has already been executed and another CPU is now trying to\nwake it up (ttwu) such that it is queued again on the runqeue\n(on_rq is 1) and also if the task was run by the same CPU, then the\ncurrent checks will pass even though the task was migrated out and is no\nlonger in the pushable tasks list.\n\nCrashes\n=======\nThis bug resulted in quite a few flavors of crashes triggering kernel\npanics with various crash signatures such as assert failures, page\nfaults, null pointer dereferences, and queue corruption errors all\ncoming from scheduler itself.\n\nSome of the crashes:\n-\u003e kernel BUG at kernel/sched/rt.c:1616! BUG_ON(idx \u003e= MAX_RT_PRIO)\n Call Trace:\n ? __die_body+0x1a/0x60\n ? die+0x2a/0x50\n ? do_trap+0x85/0x100\n ? pick_next_task_rt+0x6e/0x1d0\n ? do_error_trap+0x64/0xa0\n ? pick_next_task_rt+0x6e/0x1d0\n ? exc_invalid_op+0x4c/0x60\n ? pick_next_task_rt+0x6e/0x1d0\n ? asm_exc_invalid_op+0x12/0x20\n ? pick_next_task_rt+0x6e/0x1d0\n __schedule+0x5cb/0x790\n ? update_ts_time_stats+0x55/0x70\n schedule_idle+0x1e/0x40\n do_idle+0x15e/0x200\n cpu_startup_entry+0x19/0x20\n start_secondary+0x117/0x160\n secondary_startup_64_no_verify+0xb0/0xbb\n\n-\u003e BUG: kernel NULL pointer dereference, address: 00000000000000c0\n Call Trace:\n ? __die_body+0x1a/0x60\n ? no_context+0x183/0x350\n ? __warn+0x8a/0xe0\n ? exc_page_fault+0x3d6/0x520\n ? asm_exc_page_fault+0x1e/0x30\n ? pick_next_task_rt+0xb5/0x1d0\n ? pick_next_task_rt+0x8c/0x1d0\n __schedule+0x583/0x7e0\n ? update_ts_time_stats+0x55/0x70\n schedule_idle+0x1e/0x40\n do_idle+0x15e/0x200\n cpu_startup_entry+0x19/0x20\n start_secondary+0x117/0x160\n secondary_startup_64_no_verify+0xb0/0xbb\n\n-\u003e BUG: unable to handle page fault for address: ffff9464daea5900\n kernel BUG at kernel/sched/rt.c:1861! BUG_ON(rq-\u003ecpu != task_cpu(p))\n\n-\u003e kernel BUG at kernel/sched/rt.c:1055! BUG_ON(!rq-\u003enr_running)\n Call Trace:\n ? __die_body+0x1a/0x60\n ? die+0x2a/0x50\n ? do_trap+0x85/0x100\n ? dequeue_top_rt_rq+0xa2/0xb0\n ? do_error_trap+0x64/0xa0\n ? dequeue_top_rt_rq+0xa2/0xb0\n ? exc_invalid_op+0x4c/0x60\n ? dequeue_top_rt_rq+0xa2/0xb0\n ? asm_exc_invalid_op+0x12/0x20\n ? dequeue_top_rt_rq+0xa2/0xb0\n dequeue_rt_entity+0x1f/0x70\n dequeue_task_rt+0x2d/0x70\n __schedule+0x1a8/0x7e0\n ? blk_finish_plug+0x25/0x40\n schedule+0x3c/0xb0\n futex_wait_queue_me+0xb6/0x120\n futex_wait+0xd9/0x240\n do_futex+0x344/0xa90\n ? get_mm_exe_file+0x30/0x60\n ? audit_exe_compare+0x58/0x70\n ? audit_filter_rules.constprop.26+0x65e/0x1220\n __x64_sys_futex+0x148/0x1f0\n do_syscall_64+0x30/0x80\n entry_SYSCALL_64_after_hwframe+0x62/0xc7\n\n-\u003e BUG: unable to handle page fault for address: ffff8cf3608bc2c0\n Call Trace:\n ? __die_body+0x1a/0x60\n ? no_context+0x183/0x350\n ? spurious_kernel_fault+0x171/0x1c0\n ? exc_page_fault+0x3b6/0x520\n ? plist_check_list+0x15/0x40\n ? plist_check_list+0x2e/0x40\n ? asm_exc_page_fault+0x1e/0x30\n ? _cond_resched+0x15/0x30\n ? futex_wait_queue_me+0xc8/0x120\n ? futex_wait+0xd9/0x240\n ? try_to_wake_up+0x1b8/0x490\n ? futex_wake+0x78/0x160\n ? do_futex+0xcd/0xa90\n ? plist_check_list+0x15/0x40\n ? plist_check_list+0x2e/0x40\n ? plist_del+0x6a/0xd0\n ? plist_check_list+0x15/0x40\n ? plist_check_list+0x2e/0x40\n ? dequeue_pushable_task+0x20/0x70\n ? __schedule+0x382/0x7e0\n ? asm_sysvec_reschedule_i\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38234",
"url": "https://www.suse.com/security/cve/CVE-2025-38234"
},
{
"category": "external",
"summary": "SUSE Bug 1246057 for CVE-2025-38234",
"url": "https://bugzilla.suse.com/1246057"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38234"
},
{
"cve": "CVE-2025-38242",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38242"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: userfaultfd: fix race of userfaultfd_move and swap cache\n\nThis commit fixes two kinds of races, they may have different results:\n\nBarry reported a BUG_ON in commit c50f8e6053b0, we may see the same\nBUG_ON if the filemap lookup returned NULL and folio is added to swap\ncache after that.\n\nIf another kind of race is triggered (folio changed after lookup) we\nmay see RSS counter is corrupted:\n\n[ 406.893936] BUG: Bad rss-counter state mm:ffff0000c5a9ddc0\ntype:MM_ANONPAGES val:-1\n[ 406.894071] BUG: Bad rss-counter state mm:ffff0000c5a9ddc0\ntype:MM_SHMEMPAGES val:1\n\nBecause the folio is being accounted to the wrong VMA.\n\nI\u0027m not sure if there will be any data corruption though, seems no. \nThe issues above are critical already.\n\n\nOn seeing a swap entry PTE, userfaultfd_move does a lockless swap cache\nlookup, and tries to move the found folio to the faulting vma. Currently,\nit relies on checking the PTE value to ensure that the moved folio still\nbelongs to the src swap entry and that no new folio has been added to the\nswap cache, which turns out to be unreliable.\n\nWhile working and reviewing the swap table series with Barry, following\nexisting races are observed and reproduced [1]:\n\nIn the example below, move_pages_pte is moving src_pte to dst_pte, where\nsrc_pte is a swap entry PTE holding swap entry S1, and S1 is not in the\nswap cache:\n\nCPU1 CPU2\nuserfaultfd_move\n move_pages_pte()\n entry = pte_to_swp_entry(orig_src_pte);\n // Here it got entry = S1\n ... \u003c interrupted\u003e ...\n \u003cswapin src_pte, alloc and use folio A\u003e\n // folio A is a new allocated folio\n // and get installed into src_pte\n \u003cfrees swap entry S1\u003e\n // src_pte now points to folio A, S1\n // has swap count == 0, it can be freed\n // by folio_swap_swap or swap\n // allocator\u0027s reclaim.\n \u003ctry to swap out another folio B\u003e\n // folio B is a folio in another VMA.\n \u003cput folio B to swap cache using S1 \u003e\n // S1 is freed, folio B can use it\n // for swap out with no problem.\n ...\n folio = filemap_get_folio(S1)\n // Got folio B here !!!\n ... \u003c interrupted again\u003e ...\n \u003cswapin folio B and free S1\u003e\n // Now S1 is free to be used again.\n \u003cswapout src_pte \u0026 folio A using S1\u003e\n // Now src_pte is a swap entry PTE\n // holding S1 again.\n folio_trylock(folio)\n move_swap_pte\n double_pt_lock\n is_pte_pages_stable\n // Check passed because src_pte == S1\n folio_move_anon_rmap(...)\n // Moved invalid folio B here !!!\n\nThe race window is very short and requires multiple collisions of multiple\nrare events, so it\u0027s very unlikely to happen, but with a deliberately\nconstructed reproducer and increased time window, it can be reproduced\neasily.\n\nThis can be fixed by checking if the folio returned by filemap is the\nvalid swap cache folio after acquiring the folio lock.\n\nAnother similar race is possible: filemap_get_folio may return NULL, but\nfolio (A) could be swapped in and then swapped out again using the same\nswap entry after the lookup. In such a case, folio (A) may remain in the\nswap cache, so it must be moved too:\n\nCPU1 CPU2\nuserfaultfd_move\n move_pages_pte()\n entry = pte_to_swp_entry(orig_src_pte);\n // Here it got entry = S1, and S1 is not in swap cache\n folio = filemap_get\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38242",
"url": "https://www.suse.com/security/cve/CVE-2025-38242"
},
{
"category": "external",
"summary": "SUSE Bug 1246176 for CVE-2025-38242",
"url": "https://bugzilla.suse.com/1246176"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38242"
},
{
"cve": "CVE-2025-38244",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38244"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential deadlock when reconnecting channels\n\nFix cifs_signal_cifsd_for_reconnect() to take the correct lock order\nand prevent the following deadlock from happening\n\n======================================================\nWARNING: possible circular locking dependency detected\n6.16.0-rc3-build2+ #1301 Tainted: G S W\n------------------------------------------------------\ncifsd/6055 is trying to acquire lock:\nffff88810ad56038 (\u0026tcp_ses-\u003esrv_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0x134/0x200\n\nbut task is already holding lock:\nffff888119c64330 (\u0026ret_buf-\u003echan_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0xcf/0x200\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-\u003e #2 (\u0026ret_buf-\u003echan_lock){+.+.}-{3:3}:\n validate_chain+0x1cf/0x270\n __lock_acquire+0x60e/0x780\n lock_acquire.part.0+0xb4/0x1f0\n _raw_spin_lock+0x2f/0x40\n cifs_setup_session+0x81/0x4b0\n cifs_get_smb_ses+0x771/0x900\n cifs_mount_get_session+0x7e/0x170\n cifs_mount+0x92/0x2d0\n cifs_smb3_do_mount+0x161/0x460\n smb3_get_tree+0x55/0x90\n vfs_get_tree+0x46/0x180\n do_new_mount+0x1b0/0x2e0\n path_mount+0x6ee/0x740\n do_mount+0x98/0xe0\n __do_sys_mount+0x148/0x180\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n-\u003e #1 (\u0026ret_buf-\u003eses_lock){+.+.}-{3:3}:\n validate_chain+0x1cf/0x270\n __lock_acquire+0x60e/0x780\n lock_acquire.part.0+0xb4/0x1f0\n _raw_spin_lock+0x2f/0x40\n cifs_match_super+0x101/0x320\n sget+0xab/0x270\n cifs_smb3_do_mount+0x1e0/0x460\n smb3_get_tree+0x55/0x90\n vfs_get_tree+0x46/0x180\n do_new_mount+0x1b0/0x2e0\n path_mount+0x6ee/0x740\n do_mount+0x98/0xe0\n __do_sys_mount+0x148/0x180\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n-\u003e #0 (\u0026tcp_ses-\u003esrv_lock){+.+.}-{3:3}:\n check_noncircular+0x95/0xc0\n check_prev_add+0x115/0x2f0\n validate_chain+0x1cf/0x270\n __lock_acquire+0x60e/0x780\n lock_acquire.part.0+0xb4/0x1f0\n _raw_spin_lock+0x2f/0x40\n cifs_signal_cifsd_for_reconnect+0x134/0x200\n __cifs_reconnect+0x8f/0x500\n cifs_handle_standard+0x112/0x280\n cifs_demultiplex_thread+0x64d/0xbc0\n kthread+0x2f7/0x310\n ret_from_fork+0x2a/0x230\n ret_from_fork_asm+0x1a/0x30\n\nother info that might help us debug this:\n\nChain exists of:\n \u0026tcp_ses-\u003esrv_lock --\u003e \u0026ret_buf-\u003eses_lock --\u003e \u0026ret_buf-\u003echan_lock\n\n Possible unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(\u0026ret_buf-\u003echan_lock);\n lock(\u0026ret_buf-\u003eses_lock);\n lock(\u0026ret_buf-\u003echan_lock);\n lock(\u0026tcp_ses-\u003esrv_lock);\n\n *** DEADLOCK ***\n\n3 locks held by cifsd/6055:\n #0: ffffffff857de398 (\u0026cifs_tcp_ses_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0x7b/0x200\n #1: ffff888119c64060 (\u0026ret_buf-\u003eses_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0x9c/0x200\n #2: ffff888119c64330 (\u0026ret_buf-\u003echan_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0xcf/0x200",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38244",
"url": "https://www.suse.com/security/cve/CVE-2025-38244"
},
{
"category": "external",
"summary": "SUSE Bug 1246183 for CVE-2025-38244",
"url": "https://bugzilla.suse.com/1246183"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38244"
},
{
"cve": "CVE-2025-38245",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38245"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: Release atm_dev_mutex after removing procfs in atm_dev_deregister().\n\nsyzbot reported a warning below during atm_dev_register(). [0]\n\nBefore creating a new device and procfs/sysfs for it, atm_dev_register()\nlooks up a duplicated device by __atm_dev_lookup(). These operations are\ndone under atm_dev_mutex.\n\nHowever, when removing a device in atm_dev_deregister(), it releases the\nmutex just after removing the device from the list that __atm_dev_lookup()\niterates over.\n\nSo, there will be a small race window where the device does not exist on\nthe device list but procfs/sysfs are still not removed, triggering the\nsplat.\n\nLet\u0027s hold the mutex until procfs/sysfs are removed in\natm_dev_deregister().\n\n[0]:\nproc_dir_entry \u0027atm/atmtcp:0\u0027 already registered\nWARNING: CPU: 0 PID: 5919 at fs/proc/generic.c:377 proc_register+0x455/0x5f0 fs/proc/generic.c:377\nModules linked in:\nCPU: 0 UID: 0 PID: 5919 Comm: syz-executor284 Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nRIP: 0010:proc_register+0x455/0x5f0 fs/proc/generic.c:377\nCode: 48 89 f9 48 c1 e9 03 80 3c 01 00 0f 85 a2 01 00 00 48 8b 44 24 10 48 c7 c7 20 c0 c2 8b 48 8b b0 d8 00 00 00 e8 0c 02 1c ff 90 \u003c0f\u003e 0b 90 90 48 c7 c7 80 f2 82 8e e8 0b de 23 09 48 8b 4c 24 28 48\nRSP: 0018:ffffc9000466fa30 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817ae248\nRDX: ffff888026280000 RSI: ffffffff817ae255 RDI: 0000000000000001\nRBP: ffff8880232bed48 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000001 R12: ffff888076ed2140\nR13: dffffc0000000000 R14: ffff888078a61340 R15: ffffed100edda444\nFS: 00007f38b3b0c6c0(0000) GS:ffff888124753000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f38b3bdf953 CR3: 0000000076d58000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n proc_create_data+0xbe/0x110 fs/proc/generic.c:585\n atm_proc_dev_register+0x112/0x1e0 net/atm/proc.c:361\n atm_dev_register+0x46d/0x890 net/atm/resources.c:113\n atmtcp_create+0x77/0x210 drivers/atm/atmtcp.c:369\n atmtcp_attach drivers/atm/atmtcp.c:403 [inline]\n atmtcp_ioctl+0x2f9/0xd60 drivers/atm/atmtcp.c:464\n do_vcc_ioctl+0x12c/0x930 net/atm/ioctl.c:159\n sock_do_ioctl+0x115/0x280 net/socket.c:1190\n sock_ioctl+0x227/0x6b0 net/socket.c:1311\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl fs/ioctl.c:893 [inline]\n __x64_sys_ioctl+0x18b/0x210 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f38b3b74459\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f38b3b0c198 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007f38b3bfe318 RCX: 00007f38b3b74459\nRDX: 0000000000000000 RSI: 0000000000006180 RDI: 0000000000000005\nRBP: 00007f38b3bfe310 R08: 65732f636f72702f R09: 65732f636f72702f\nR10: 65732f636f72702f R11: 0000000000000246 R12: 00007f38b3bcb0ac\nR13: 00007f38b3b0c1a0 R14: 0000200000000200 R15: 00007f38b3bcb03b\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38245",
"url": "https://www.suse.com/security/cve/CVE-2025-38245"
},
{
"category": "external",
"summary": "SUSE Bug 1246193 for CVE-2025-38245",
"url": "https://bugzilla.suse.com/1246193"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38245"
},
{
"cve": "CVE-2025-38246",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38246"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt: properly flush XDP redirect lists\n\nWe encountered following crash when testing a XDP_REDIRECT feature\nin production:\n\n[56251.579676] list_add corruption. next-\u003eprev should be prev (ffff93120dd40f30), but was ffffb301ef3a6740. (next=ffff93120dd\n40f30).\n[56251.601413] ------------[ cut here ]------------\n[56251.611357] kernel BUG at lib/list_debug.c:29!\n[56251.621082] Oops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n[56251.632073] CPU: 111 UID: 0 PID: 0 Comm: swapper/111 Kdump: loaded Tainted: P O 6.12.33-cloudflare-2025.6.\n3 #1\n[56251.653155] Tainted: [P]=PROPRIETARY_MODULE, [O]=OOT_MODULE\n[56251.663877] Hardware name: MiTAC GC68B-B8032-G11P6-GPU/S8032GM-HE-CFR, BIOS V7.020.B10-sig 01/22/2025\n[56251.682626] RIP: 0010:__list_add_valid_or_report+0x4b/0xa0\n[56251.693203] Code: 0e 48 c7 c7 68 e7 d9 97 e8 42 16 fe ff 0f 0b 48 8b 52 08 48 39 c2 74 14 48 89 f1 48 c7 c7 90 e7 d9 97 48\n 89 c6 e8 25 16 fe ff \u003c0f\u003e 0b 4c 8b 02 49 39 f0 74 14 48 89 d1 48 c7 c7 e8 e7 d9 97 4c 89\n[56251.725811] RSP: 0018:ffff93120dd40b80 EFLAGS: 00010246\n[56251.736094] RAX: 0000000000000075 RBX: ffffb301e6bba9d8 RCX: 0000000000000000\n[56251.748260] RDX: 0000000000000000 RSI: ffff9149afda0b80 RDI: ffff9149afda0b80\n[56251.760349] RBP: ffff9131e49c8000 R08: 0000000000000000 R09: ffff93120dd40a18\n[56251.772382] R10: ffff9159cf2ce1a8 R11: 0000000000000003 R12: ffff911a80850000\n[56251.784364] R13: ffff93120fbc7000 R14: 0000000000000010 R15: ffff9139e7510e40\n[56251.796278] FS: 0000000000000000(0000) GS:ffff9149afd80000(0000) knlGS:0000000000000000\n[56251.809133] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[56251.819561] CR2: 00007f5e85e6f300 CR3: 00000038b85e2006 CR4: 0000000000770ef0\n[56251.831365] PKRU: 55555554\n[56251.838653] Call Trace:\n[56251.845560] \u003cIRQ\u003e\n[56251.851943] cpu_map_enqueue.cold+0x5/0xa\n[56251.860243] xdp_do_redirect+0x2d9/0x480\n[56251.868388] bnxt_rx_xdp+0x1d8/0x4c0 [bnxt_en]\n[56251.877028] bnxt_rx_pkt+0x5f7/0x19b0 [bnxt_en]\n[56251.885665] ? cpu_max_write+0x1e/0x100\n[56251.893510] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.902276] __bnxt_poll_work+0x190/0x340 [bnxt_en]\n[56251.911058] bnxt_poll+0xab/0x1b0 [bnxt_en]\n[56251.919041] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.927568] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.935958] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.944250] __napi_poll+0x2b/0x160\n[56251.951155] bpf_trampoline_6442548651+0x79/0x123\n[56251.959262] __napi_poll+0x5/0x160\n[56251.966037] net_rx_action+0x3d2/0x880\n[56251.973133] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.981265] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.989262] ? __hrtimer_run_queues+0x162/0x2a0\n[56251.996967] ? srso_alias_return_thunk+0x5/0xfbef5\n[56252.004875] ? srso_alias_return_thunk+0x5/0xfbef5\n[56252.012673] ? bnxt_msix+0x62/0x70 [bnxt_en]\n[56252.019903] handle_softirqs+0xcf/0x270\n[56252.026650] irq_exit_rcu+0x67/0x90\n[56252.032933] common_interrupt+0x85/0xa0\n[56252.039498] \u003c/IRQ\u003e\n[56252.044246] \u003cTASK\u003e\n[56252.048935] asm_common_interrupt+0x26/0x40\n[56252.055727] RIP: 0010:cpuidle_enter_state+0xb8/0x420\n[56252.063305] Code: dc 01 00 00 e8 f9 79 3b ff e8 64 f7 ff ff 49 89 c5 0f 1f 44 00 00 31 ff e8 a5 32 3a ff 45 84 ff 0f 85 ae\n 01 00 00 fb 45 85 f6 \u003c0f\u003e 88 88 01 00 00 48 8b 04 24 49 63 ce 4c 89 ea 48 6b f1 68 48 29\n[56252.088911] RSP: 0018:ffff93120c97fe98 EFLAGS: 00000202\n[56252.096912] RAX: ffff9149afd80000 RBX: ffff9141d3a72800 RCX: 0000000000000000\n[56252.106844] RDX: 00003329176c6b98 RSI: ffffffe36db3fdc7 RDI: 0000000000000000\n[56252.116733] RBP: 0000000000000002 R08: 0000000000000002 R09: 000000000000004e\n[56252.126652] R10: ffff9149afdb30c4 R11: 071c71c71c71c71c R12: ffffffff985ff860\n[56252.136637] R13: 00003329176c6b98 R14: 0000000000000002 R15: 0000000000000000\n[56252.146667] ? cpuidle_enter_state+0xab/0x420\n[56252.153909] cpuidle_enter+0x2d/0x40\n[56252.160360] do_idle+0x176/0x1c0\n[56252.166456\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38246",
"url": "https://www.suse.com/security/cve/CVE-2025-38246"
},
{
"category": "external",
"summary": "SUSE Bug 1246195 for CVE-2025-38246",
"url": "https://bugzilla.suse.com/1246195"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38246"
},
{
"cve": "CVE-2025-38249",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38249"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3()\n\nIn snd_usb_get_audioformat_uac3(), the length value returned from\nsnd_usb_ctl_msg() is used directly for memory allocation without\nvalidation. This length is controlled by the USB device.\n\nThe allocated buffer is cast to a uac3_cluster_header_descriptor\nand its fields are accessed without verifying that the buffer\nis large enough. If the device returns a smaller than expected\nlength, this leads to an out-of-bounds read.\n\nAdd a length check to ensure the buffer is large enough for\nuac3_cluster_header_descriptor.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38249",
"url": "https://www.suse.com/security/cve/CVE-2025-38249"
},
{
"category": "external",
"summary": "SUSE Bug 1246171 for CVE-2025-38249",
"url": "https://bugzilla.suse.com/1246171"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38249"
},
{
"cve": "CVE-2025-38251",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38251"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: clip: prevent NULL deref in clip_push()\n\nBlamed commit missed that vcc_destroy_socket() calls\nclip_push() with a NULL skb.\n\nIf clip_devs is NULL, clip_push() then crashes when reading\nskb-\u003etruesize.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38251",
"url": "https://www.suse.com/security/cve/CVE-2025-38251"
},
{
"category": "external",
"summary": "SUSE Bug 1246181 for CVE-2025-38251",
"url": "https://bugzilla.suse.com/1246181"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38251"
},
{
"cve": "CVE-2025-38253",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38253"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: wacom: fix crash in wacom_aes_battery_handler()\n\nCommit fd2a9b29dc9c (\"HID: wacom: Remove AES power_supply after extended\ninactivity\") introduced wacom_aes_battery_handler() which is scheduled\nas a delayed work (aes_battery_work).\n\nIn wacom_remove(), aes_battery_work is not canceled. Consequently, if\nthe device is removed while aes_battery_work is still pending, then hard\ncrashes or \"Oops: general protection fault...\" are experienced when\nwacom_aes_battery_handler() is finally called. E.g., this happens with\nbuilt-in USB devices after resume from hibernate when aes_battery_work\nwas still pending at the time of hibernation.\n\nSo, take care to cancel aes_battery_work in wacom_remove().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38253",
"url": "https://www.suse.com/security/cve/CVE-2025-38253"
},
{
"category": "external",
"summary": "SUSE Bug 1246192 for CVE-2025-38253",
"url": "https://bugzilla.suse.com/1246192"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38253"
},
{
"cve": "CVE-2025-38255",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38255"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlib/group_cpus: fix NULL pointer dereference from group_cpus_evenly()\n\nWhile testing null_blk with configfs, echo 0 \u003e poll_queues will trigger\nfollowing panic:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000010\nOops: Oops: 0000 [#1] SMP NOPTI\nCPU: 27 UID: 0 PID: 920 Comm: bash Not tainted 6.15.0-02023-gadbdb95c8696-dirty #1238 PREEMPT(undef)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014\nRIP: 0010:__bitmap_or+0x48/0x70\nCall Trace:\n \u003cTASK\u003e\n __group_cpus_evenly+0x822/0x8c0\n group_cpus_evenly+0x2d9/0x490\n blk_mq_map_queues+0x1e/0x110\n null_map_queues+0xc9/0x170 [null_blk]\n blk_mq_update_queue_map+0xdb/0x160\n blk_mq_update_nr_hw_queues+0x22b/0x560\n nullb_update_nr_hw_queues+0x71/0xf0 [null_blk]\n nullb_device_poll_queues_store+0xa4/0x130 [null_blk]\n configfs_write_iter+0x109/0x1d0\n vfs_write+0x26e/0x6f0\n ksys_write+0x79/0x180\n __x64_sys_write+0x1d/0x30\n x64_sys_call+0x45c4/0x45f0\n do_syscall_64+0xa5/0x240\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nRoot cause is that numgrps is set to 0, and ZERO_SIZE_PTR is returned from\nkcalloc(), and later ZERO_SIZE_PTR will be deferenced.\n\nFix the problem by checking numgrps first in group_cpus_evenly(), and\nreturn NULL directly if numgrps is zero.\n\n[yukuai3@huawei.com: also fix the non-SMP version]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38255",
"url": "https://www.suse.com/security/cve/CVE-2025-38255"
},
{
"category": "external",
"summary": "SUSE Bug 1246190 for CVE-2025-38255",
"url": "https://bugzilla.suse.com/1246190"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38255"
},
{
"cve": "CVE-2025-38256",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38256"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/rsrc: fix folio unpinning\n\nsyzbot complains about an unmapping failure:\n\n[ 108.070381][ T14] kernel BUG at mm/gup.c:71!\n[ 108.070502][ T14] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP\n[ 108.123672][ T14] Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20250221-8.fc42 02/21/2025\n[ 108.127458][ T14] Workqueue: iou_exit io_ring_exit_work\n[ 108.174205][ T14] Call trace:\n[ 108.175649][ T14] sanity_check_pinned_pages+0x7cc/0x7d0 (P)\n[ 108.178138][ T14] unpin_user_page+0x80/0x10c\n[ 108.180189][ T14] io_release_ubuf+0x84/0xf8\n[ 108.182196][ T14] io_free_rsrc_node+0x250/0x57c\n[ 108.184345][ T14] io_rsrc_data_free+0x148/0x298\n[ 108.186493][ T14] io_sqe_buffers_unregister+0x84/0xa0\n[ 108.188991][ T14] io_ring_ctx_free+0x48/0x480\n[ 108.191057][ T14] io_ring_exit_work+0x764/0x7d8\n[ 108.193207][ T14] process_one_work+0x7e8/0x155c\n[ 108.195431][ T14] worker_thread+0x958/0xed8\n[ 108.197561][ T14] kthread+0x5fc/0x75c\n[ 108.199362][ T14] ret_from_fork+0x10/0x20\n\nWe can pin a tail page of a folio, but then io_uring will try to unpin\nthe head page of the folio. While it should be fine in terms of keeping\nthe page actually alive, mm folks say it\u0027s wrong and triggers a debug\nwarning. Use unpin_user_folio() instead of unpin_user_page*.\n\n[axboe: adapt to current tree, massage commit message]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38256",
"url": "https://www.suse.com/security/cve/CVE-2025-38256"
},
{
"category": "external",
"summary": "SUSE Bug 1246188 for CVE-2025-38256",
"url": "https://bugzilla.suse.com/1246188"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38256"
},
{
"cve": "CVE-2025-38257",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38257"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pkey: Prevent overflow in size calculation for memdup_user()\n\nNumber of apqn target list entries contained in \u0027nr_apqns\u0027 variable is\ndetermined by userspace via an ioctl call so the result of the product in\ncalculation of size passed to memdup_user() may overflow.\n\nIn this case the actual size of the allocated area and the value\ndescribing it won\u0027t be in sync leading to various types of unpredictable\nbehaviour later.\n\nUse a proper memdup_array_user() helper which returns an error if an\noverflow is detected. Note that it is different from when nr_apqns is\ninitially zero - that case is considered valid and should be handled in\nsubsequent pkey_handler implementations.\n\nFound by Linux Verification Center (linuxtesting.org).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38257",
"url": "https://www.suse.com/security/cve/CVE-2025-38257"
},
{
"category": "external",
"summary": "SUSE Bug 1246186 for CVE-2025-38257",
"url": "https://bugzilla.suse.com/1246186"
},
{
"category": "external",
"summary": "SUSE Bug 1246189 for CVE-2025-38257",
"url": "https://bugzilla.suse.com/1246189"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38257"
},
{
"cve": "CVE-2025-38258",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38258"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter-\u003ememcg_path on write\n\nmemcg_path_store() assigns a newly allocated memory buffer to\nfilter-\u003ememcg_path, without deallocating the previously allocated and\nassigned memory buffer. As a result, users can leak kernel memory by\ncontinuously writing a data to memcg_path DAMOS sysfs file. Fix the leak\nby deallocating the previously set memory buffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38258",
"url": "https://www.suse.com/security/cve/CVE-2025-38258"
},
{
"category": "external",
"summary": "SUSE Bug 1246185 for CVE-2025-38258",
"url": "https://bugzilla.suse.com/1246185"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "low"
}
],
"title": "CVE-2025-38258"
},
{
"cve": "CVE-2025-38259",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38259"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: codecs: wcd9335: Fix missing free of regulator supplies\n\nDriver gets and enables all regulator supplies in probe path\n(wcd9335_parse_dt() and wcd9335_power_on_reset()), but does not cleanup\nin final error paths and in unbind (missing remove() callback). This\nleads to leaked memory and unbalanced regulator enable count during\nprobe errors or unbind.\n\nFix this by converting entire code into devm_regulator_bulk_get_enable()\nwhich also greatly simplifies the code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38259",
"url": "https://www.suse.com/security/cve/CVE-2025-38259"
},
{
"category": "external",
"summary": "SUSE Bug 1246220 for CVE-2025-38259",
"url": "https://bugzilla.suse.com/1246220"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38259"
},
{
"cve": "CVE-2025-38263",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38263"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbcache: fix NULL pointer in cache_set_flush()\n\n1. LINE#1794 - LINE#1887 is some codes about function of\n bch_cache_set_alloc().\n2. LINE#2078 - LINE#2142 is some codes about function of\n register_cache_set().\n3. register_cache_set() will call bch_cache_set_alloc() in LINE#2098.\n\n 1794 struct cache_set *bch_cache_set_alloc(struct cache_sb *sb)\n 1795 {\n ...\n 1860 if (!(c-\u003edevices = kcalloc(c-\u003enr_uuids, sizeof(void *), GFP_KERNEL)) ||\n 1861 mempool_init_slab_pool(\u0026c-\u003esearch, 32, bch_search_cache) ||\n 1862 mempool_init_kmalloc_pool(\u0026c-\u003ebio_meta, 2,\n 1863 sizeof(struct bbio) + sizeof(struct bio_vec) *\n 1864 bucket_pages(c)) ||\n 1865 mempool_init_kmalloc_pool(\u0026c-\u003efill_iter, 1, iter_size) ||\n 1866 bioset_init(\u0026c-\u003ebio_split, 4, offsetof(struct bbio, bio),\n 1867 BIOSET_NEED_BVECS|BIOSET_NEED_RESCUER) ||\n 1868 !(c-\u003euuids = alloc_bucket_pages(GFP_KERNEL, c)) ||\n 1869 !(c-\u003emoving_gc_wq = alloc_workqueue(\"bcache_gc\",\n 1870 WQ_MEM_RECLAIM, 0)) ||\n 1871 bch_journal_alloc(c) ||\n 1872 bch_btree_cache_alloc(c) ||\n 1873 bch_open_buckets_alloc(c) ||\n 1874 bch_bset_sort_state_init(\u0026c-\u003esort, ilog2(c-\u003ebtree_pages)))\n 1875 goto err;\n ^^^^^^^^\n 1876\n ...\n 1883 return c;\n 1884 err:\n 1885 bch_cache_set_unregister(c);\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^\n 1886 return NULL;\n 1887 }\n ...\n 2078 static const char *register_cache_set(struct cache *ca)\n 2079 {\n ...\n 2098 c = bch_cache_set_alloc(\u0026ca-\u003esb);\n 2099 if (!c)\n 2100 return err;\n ^^^^^^^^^^\n ...\n 2128 ca-\u003eset = c;\n 2129 ca-\u003eset-\u003ecache[ca-\u003esb.nr_this_dev] = ca;\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n ...\n 2138 return NULL;\n 2139 err:\n 2140 bch_cache_set_unregister(c);\n 2141 return err;\n 2142 }\n\n(1) If LINE#1860 - LINE#1874 is true, then do \u0027goto err\u0027(LINE#1875) and\n call bch_cache_set_unregister()(LINE#1885).\n(2) As (1) return NULL(LINE#1886), LINE#2098 - LINE#2100 would return.\n(3) As (2) has returned, LINE#2128 - LINE#2129 would do *not* give the\n value to c-\u003ecache[], it means that c-\u003ecache[] is NULL.\n\nLINE#1624 - LINE#1665 is some codes about function of cache_set_flush().\nAs (1), in LINE#1885 call\nbch_cache_set_unregister()\n---\u003e bch_cache_set_stop()\n ---\u003e closure_queue()\n -.-\u003e cache_set_flush() (as below LINE#1624)\n\n 1624 static void cache_set_flush(struct closure *cl)\n 1625 {\n ...\n 1654 for_each_cache(ca, c, i)\n 1655 if (ca-\u003ealloc_thread)\n ^^\n 1656 kthread_stop(ca-\u003ealloc_thread);\n ...\n 1665 }\n\n(4) In LINE#1655 ca is NULL(see (3)) in cache_set_flush() then the\n kernel crash occurred as below:\n[ 846.712887] bcache: register_cache() error drbd6: cannot allocate memory\n[ 846.713242] bcache: register_bcache() error : failed to register device\n[ 846.713336] bcache: cache_set_free() Cache set 2f84bdc1-498a-4f2f-98a7-01946bf54287 unregistered\n[ 846.713768] BUG: unable to handle kernel NULL pointer dereference at 00000000000009f8\n[ 846.714790] PGD 0 P4D 0\n[ 846.715129] Oops: 0000 [#1] SMP PTI\n[ 846.715472] CPU: 19 PID: 5057 Comm: kworker/19:16 Kdump: loaded Tainted: G OE --------- - - 4.18.0-147.5.1.el8_1.5es.3.x86_64 #1\n[ 846.716082] Hardware name: ESPAN GI-25212/X11DPL-i, BIOS 2.1 06/15/2018\n[ 846.716451] Workqueue: events cache_set_flush [bcache]\n[ 846.716808] RIP: 0010:cache_set_flush+0xc9/0x1b0 [bcache]\n[ 846.717155] Code: 00 4c 89 a5 b0 03 00 00 48 8b 85 68 f6 ff ff a8 08 0f 84 88 00 00 00 31 db 66 83 bd 3c f7 ff ff 00 48 8b 85 48 ff ff ff 74 28 \u003c48\u003e 8b b8 f8 09 00 0\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38263",
"url": "https://www.suse.com/security/cve/CVE-2025-38263"
},
{
"category": "external",
"summary": "SUSE Bug 1246248 for CVE-2025-38263",
"url": "https://bugzilla.suse.com/1246248"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38263"
},
{
"cve": "CVE-2025-38265",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38265"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: jsm: fix NPE during jsm_uart_port_init\n\nNo device was set which caused serial_base_ctrl_add to crash.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000050\n Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 16 UID: 0 PID: 368 Comm: (udev-worker) Not tainted 6.12.25-amd64 #1 Debian 6.12.25-1\n RIP: 0010:serial_base_ctrl_add+0x96/0x120\n Call Trace:\n \u003cTASK\u003e\n serial_core_register_port+0x1a0/0x580\n ? __setup_irq+0x39c/0x660\n ? __kmalloc_cache_noprof+0x111/0x310\n jsm_uart_port_init+0xe8/0x180 [jsm]\n jsm_probe_one+0x1f4/0x410 [jsm]\n local_pci_probe+0x42/0x90\n pci_device_probe+0x22f/0x270\n really_probe+0xdb/0x340\n ? pm_runtime_barrier+0x54/0x90\n ? __pfx___driver_attach+0x10/0x10\n __driver_probe_device+0x78/0x110\n driver_probe_device+0x1f/0xa0\n __driver_attach+0xba/0x1c0\n bus_for_each_dev+0x8c/0xe0\n bus_add_driver+0x112/0x1f0\n driver_register+0x72/0xd0\n jsm_init_module+0x36/0xff0 [jsm]\n ? __pfx_jsm_init_module+0x10/0x10 [jsm]\n do_one_initcall+0x58/0x310\n do_init_module+0x60/0x230\n\nTested with Digi Neo PCIe 8 port card.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38265",
"url": "https://www.suse.com/security/cve/CVE-2025-38265"
},
{
"category": "external",
"summary": "SUSE Bug 1246244 for CVE-2025-38265",
"url": "https://bugzilla.suse.com/1246244"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38265"
},
{
"cve": "CVE-2025-38267",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38267"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nring-buffer: Do not trigger WARN_ON() due to a commit_overrun\n\nWhen reading a memory mapped buffer the reader page is just swapped out\nwith the last page written in the write buffer. If the reader page is the\nsame as the commit buffer (the buffer that is currently being written to)\nit was assumed that it should never have missed events. If it does, it\ntriggers a WARN_ON_ONCE().\n\nBut there just happens to be one scenario where this can legitimately\nhappen. That is on a commit_overrun. A commit overrun is when an interrupt\npreempts an event being written to the buffer and then the interrupt adds\nso many new events that it fills and wraps the buffer back to the commit.\nAny new events would then be dropped and be reported as \"missed_events\".\n\nIn this case, the next page to read is the commit buffer and after the\nswap of the reader page, the reader page will be the commit buffer, but\nthis time there will be missed events and this triggers the following\nwarning:\n\n ------------[ cut here ]------------\n WARNING: CPU: 2 PID: 1127 at kernel/trace/ring_buffer.c:7357 ring_buffer_map_get_reader+0x49a/0x780\n Modules linked in: kvm_intel kvm irqbypass\n CPU: 2 UID: 0 PID: 1127 Comm: trace-cmd Not tainted 6.15.0-rc7-test-00004-g478bc2824b45-dirty #564 PREEMPT\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n RIP: 0010:ring_buffer_map_get_reader+0x49a/0x780\n Code: 00 00 00 48 89 fe 48 c1 ee 03 80 3c 2e 00 0f 85 ec 01 00 00 4d 3b a6 a8 00 00 00 0f 85 8a fd ff ff 48 85 c0 0f 84 55 fe ff ff \u003c0f\u003e 0b e9 4e fe ff ff be 08 00 00 00 4c 89 54 24 58 48 89 54 24 50\n RSP: 0018:ffff888121787dc0 EFLAGS: 00010002\n RAX: 00000000000006a2 RBX: ffff888100062800 RCX: ffffffff8190cb49\n RDX: ffff888126934c00 RSI: 1ffff11020200a15 RDI: ffff8881010050a8\n RBP: dffffc0000000000 R08: 0000000000000000 R09: ffffed1024d26982\n R10: ffff888126934c17 R11: ffff8881010050a8 R12: ffff888126934c00\n R13: ffff8881010050b8 R14: ffff888101005000 R15: ffff888126930008\n FS: 00007f95c8cd7540(0000) GS:ffff8882b576e000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f95c8de4dc0 CR3: 0000000128452002 CR4: 0000000000172ef0\n Call Trace:\n \u003cTASK\u003e\n ? __pfx_ring_buffer_map_get_reader+0x10/0x10\n tracing_buffers_ioctl+0x283/0x370\n __x64_sys_ioctl+0x134/0x190\n do_syscall_64+0x79/0x1c0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n RIP: 0033:0x7f95c8de48db\n Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 \u003c89\u003e c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00\n RSP: 002b:00007ffe037ba110 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\n RAX: ffffffffffffffda RBX: 00007ffe037bb2b0 RCX: 00007f95c8de48db\n RDX: 0000000000000000 RSI: 0000000000005220 RDI: 0000000000000006\n RBP: 00007ffe037ba180 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n R13: 00007ffe037bb6f8 R14: 00007f95c9065000 R15: 00005575c7492c90\n \u003c/TASK\u003e\n irq event stamp: 5080\n hardirqs last enabled at (5079): [\u003cffffffff83e0adb0\u003e] _raw_spin_unlock_irqrestore+0x50/0x70\n hardirqs last disabled at (5080): [\u003cffffffff83e0aa83\u003e] _raw_spin_lock_irqsave+0x63/0x70\n softirqs last enabled at (4182): [\u003cffffffff81516122\u003e] handle_softirqs+0x552/0x710\n softirqs last disabled at (4159): [\u003cffffffff815163f7\u003e] __irq_exit_rcu+0x107/0x210\n ---[ end trace 0000000000000000 ]---\n\nThe above was triggered by running on a kernel with both lockdep and KASAN\nas well as kmemleak enabled and executing the following command:\n\n # perf record -o perf-test.dat -a -- trace-cmd record --nosplice -e all -p function hackbench 50\n\nWith perf interjecting a lot of interrupts and trace-cmd enabling all\nevents as well as function tracing, with lockdep, KASAN and kmemleak\nenabled, it could cause an interrupt preempting an event being written to\nadd enough event\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38267",
"url": "https://www.suse.com/security/cve/CVE-2025-38267"
},
{
"category": "external",
"summary": "SUSE Bug 1246245 for CVE-2025-38267",
"url": "https://bugzilla.suse.com/1246245"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "low"
}
],
"title": "CVE-2025-38267"
},
{
"cve": "CVE-2025-38268",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38268"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: tcpm: move tcpm_queue_vdm_unlocked to asynchronous work\n\nA state check was previously added to tcpm_queue_vdm_unlocked to\nprevent a deadlock where the DisplayPort Alt Mode driver would be\nexecuting work and attempting to grab the tcpm_lock while the TCPM\nwas holding the lock and attempting to unregister the altmode, blocking\non the altmode driver\u0027s cancel_work_sync call.\n\nBecause the state check isn\u0027t protected, there is a small window\nwhere the Alt Mode driver could determine that the TCPM is\nin a ready state and attempt to grab the lock while the\nTCPM grabs the lock and changes the TCPM state to one that\ncauses the deadlock. The callstack is provided below:\n\n[110121.667392][ C7] Call trace:\n[110121.667396][ C7] __switch_to+0x174/0x338\n[110121.667406][ C7] __schedule+0x608/0x9f0\n[110121.667414][ C7] schedule+0x7c/0xe8\n[110121.667423][ C7] kernfs_drain+0xb0/0x114\n[110121.667431][ C7] __kernfs_remove+0x16c/0x20c\n[110121.667436][ C7] kernfs_remove_by_name_ns+0x74/0xe8\n[110121.667442][ C7] sysfs_remove_group+0x84/0xe8\n[110121.667450][ C7] sysfs_remove_groups+0x34/0x58\n[110121.667458][ C7] device_remove_groups+0x10/0x20\n[110121.667464][ C7] device_release_driver_internal+0x164/0x2e4\n[110121.667475][ C7] device_release_driver+0x18/0x28\n[110121.667484][ C7] bus_remove_device+0xec/0x118\n[110121.667491][ C7] device_del+0x1e8/0x4ac\n[110121.667498][ C7] device_unregister+0x18/0x38\n[110121.667504][ C7] typec_unregister_altmode+0x30/0x44\n[110121.667515][ C7] tcpm_reset_port+0xac/0x370\n[110121.667523][ C7] tcpm_snk_detach+0x84/0xb8\n[110121.667529][ C7] run_state_machine+0x4c0/0x1b68\n[110121.667536][ C7] tcpm_state_machine_work+0x94/0xe4\n[110121.667544][ C7] kthread_worker_fn+0x10c/0x244\n[110121.667552][ C7] kthread+0x104/0x1d4\n[110121.667557][ C7] ret_from_fork+0x10/0x20\n\n[110121.667689][ C7] Workqueue: events dp_altmode_work\n[110121.667697][ C7] Call trace:\n[110121.667701][ C7] __switch_to+0x174/0x338\n[110121.667710][ C7] __schedule+0x608/0x9f0\n[110121.667717][ C7] schedule+0x7c/0xe8\n[110121.667725][ C7] schedule_preempt_disabled+0x24/0x40\n[110121.667733][ C7] __mutex_lock+0x408/0xdac\n[110121.667741][ C7] __mutex_lock_slowpath+0x14/0x24\n[110121.667748][ C7] mutex_lock+0x40/0xec\n[110121.667757][ C7] tcpm_altmode_enter+0x78/0xb4\n[110121.667764][ C7] typec_altmode_enter+0xdc/0x10c\n[110121.667769][ C7] dp_altmode_work+0x68/0x164\n[110121.667775][ C7] process_one_work+0x1e4/0x43c\n[110121.667783][ C7] worker_thread+0x25c/0x430\n[110121.667789][ C7] kthread+0x104/0x1d4\n[110121.667794][ C7] ret_from_fork+0x10/0x20\n\nChange tcpm_queue_vdm_unlocked to queue for tcpm_queue_vdm_work,\nwhich can perform the state check while holding the TCPM lock\nwhile the Alt Mode lock is no longer held. This requires a new\nstruct to hold the vdm data, altmode_vdm_event.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38268",
"url": "https://www.suse.com/security/cve/CVE-2025-38268"
},
{
"category": "external",
"summary": "SUSE Bug 1246385 for CVE-2025-38268",
"url": "https://bugzilla.suse.com/1246385"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38268"
},
{
"cve": "CVE-2025-38270",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38270"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: drv: netdevsim: don\u0027t napi_complete() from netpoll\n\nnetdevsim supports netpoll. Make sure we don\u0027t call napi_complete()\nfrom it, since it may not be scheduled. Breno reports hitting a\nwarning in napi_complete_done():\n\nWARNING: CPU: 14 PID: 104 at net/core/dev.c:6592 napi_complete_done+0x2cc/0x560\n __napi_poll+0x2d8/0x3a0\n handle_softirqs+0x1fe/0x710\n\nThis is presumably after netpoll stole the SCHED bit prematurely.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38270",
"url": "https://www.suse.com/security/cve/CVE-2025-38270"
},
{
"category": "external",
"summary": "SUSE Bug 1246252 for CVE-2025-38270",
"url": "https://bugzilla.suse.com/1246252"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38270"
},
{
"cve": "CVE-2025-38272",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38272"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: b53: do not enable EEE on bcm63xx\n\nBCM63xx internal switches do not support EEE, but provide multiple RGMII\nports where external PHYs may be connected. If one of these PHYs are EEE\ncapable, we may try to enable EEE for the MACs, which then hangs the\nsystem on access of the (non-existent) EEE registers.\n\nFix this by checking if the switch actually supports EEE before\nattempting to configure it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38272",
"url": "https://www.suse.com/security/cve/CVE-2025-38272"
},
{
"category": "external",
"summary": "SUSE Bug 1246268 for CVE-2025-38272",
"url": "https://bugzilla.suse.com/1246268"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38272"
},
{
"cve": "CVE-2025-38273",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38273"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tipc: fix refcount warning in tipc_aead_encrypt\n\nsyzbot reported a refcount warning [1] caused by calling get_net() on\na network namespace that is being destroyed (refcount=0). This happens\nwhen a TIPC discovery timer fires during network namespace cleanup.\n\nThe recently added get_net() call in commit e279024617134 (\"net/tipc:\nfix slab-use-after-free Read in tipc_aead_encrypt_done\") attempts to\nhold a reference to the network namespace. However, if the namespace\nis already being destroyed, its refcount might be zero, leading to the\nuse-after-free warning.\n\nReplace get_net() with maybe_get_net(), which safely checks if the\nrefcount is non-zero before incrementing it. If the namespace is being\ndestroyed, return -ENODEV early, after releasing the bearer reference.\n\n[1]: https://lore.kernel.org/all/68342b55.a70a0220.253bc2.0091.GAE@google.com/T/#m12019cf9ae77e1954f666914640efa36d52704a2",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38273",
"url": "https://www.suse.com/security/cve/CVE-2025-38273"
},
{
"category": "external",
"summary": "SUSE Bug 1246266 for CVE-2025-38273",
"url": "https://bugzilla.suse.com/1246266"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38273"
},
{
"cve": "CVE-2025-38274",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38274"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfpga: fix potential null pointer deref in fpga_mgr_test_img_load_sgt()\n\nfpga_mgr_test_img_load_sgt() allocates memory for sgt using\nkunit_kzalloc() however it does not check if the allocation failed.\nIt then passes sgt to sg_alloc_table(), which passes it to\n__sg_alloc_table(). This function calls memset() on sgt in an attempt to\nzero it out. If the allocation fails then sgt will be NULL and the\nmemset will trigger a NULL pointer dereference.\n\nFix this by checking the allocation with KUNIT_ASSERT_NOT_ERR_OR_NULL().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38274",
"url": "https://www.suse.com/security/cve/CVE-2025-38274"
},
{
"category": "external",
"summary": "SUSE Bug 1246234 for CVE-2025-38274",
"url": "https://bugzilla.suse.com/1246234"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38274"
},
{
"cve": "CVE-2025-38275",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38275"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug\n\nThe qmp_usb_iomap() helper function currently returns the raw result of\ndevm_ioremap() for non-exclusive mappings. Since devm_ioremap() may return\na NULL pointer and the caller only checks error pointers with IS_ERR(),\nNULL could bypass the check and lead to an invalid dereference.\n\nFix the issue by checking if devm_ioremap() returns NULL. When it does,\nqmp_usb_iomap() now returns an error pointer via IOMEM_ERR_PTR(-ENOMEM),\nensuring safe and consistent error handling.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38275",
"url": "https://www.suse.com/security/cve/CVE-2025-38275"
},
{
"category": "external",
"summary": "SUSE Bug 1246236 for CVE-2025-38275",
"url": "https://bugzilla.suse.com/1246236"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38275"
},
{
"cve": "CVE-2025-38277",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38277"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: nand: ecc-mxic: Fix use of uninitialized variable ret\n\nIf ctx-\u003esteps is zero, the loop processing ECC steps is skipped,\nand the variable ret remains uninitialized. It is later checked\nand returned, which leads to undefined behavior and may cause\nunpredictable results in user space or kernel crashes.\n\nThis scenario can be triggered in edge cases such as misconfigured\ngeometry, ECC engine misuse, or if ctx-\u003esteps is not validated\nafter initialization.\n\nInitialize ret to zero before the loop to ensure correct and safe\nbehavior regardless of the ctx-\u003esteps value.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38277",
"url": "https://www.suse.com/security/cve/CVE-2025-38277"
},
{
"category": "external",
"summary": "SUSE Bug 1246246 for CVE-2025-38277",
"url": "https://bugzilla.suse.com/1246246"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38277"
},
{
"cve": "CVE-2025-38278",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38278"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: QOS: Refactor TC_HTB_LEAF_DEL_LAST callback\n\nThis patch addresses below issues,\n\n1. Active traffic on the leaf node must be stopped before its send queue\n is reassigned to the parent. This patch resolves the issue by marking\n the node as \u0027Inner\u0027.\n\n2. During a system reboot, the interface receives TC_HTB_LEAF_DEL\n and TC_HTB_LEAF_DEL_LAST callbacks to delete its HTB queues.\n In the case of TC_HTB_LEAF_DEL_LAST, although the same send queue\n is reassigned to the parent, the current logic still attempts to update\n the real number of queues, leadning to below warnings\n\n New queues can\u0027t be registered after device unregistration.\n WARNING: CPU: 0 PID: 6475 at net/core/net-sysfs.c:1714\n netdev_queue_update_kobjects+0x1e4/0x200",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38278",
"url": "https://www.suse.com/security/cve/CVE-2025-38278"
},
{
"category": "external",
"summary": "SUSE Bug 1246255 for CVE-2025-38278",
"url": "https://bugzilla.suse.com/1246255"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38278"
},
{
"cve": "CVE-2025-38286",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38286"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: at91: Fix possible out-of-boundary access\n\nat91_gpio_probe() doesn\u0027t check that given OF alias is not available or\nsomething went wrong when trying to get it. This might have consequences\nwhen accessing gpio_chips array with that value as an index. Note, that\nBUG() can be compiled out and hence won\u0027t actually perform the required\nchecks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38286",
"url": "https://www.suse.com/security/cve/CVE-2025-38286"
},
{
"category": "external",
"summary": "SUSE Bug 1246283 for CVE-2025-38286",
"url": "https://bugzilla.suse.com/1246283"
},
{
"category": "external",
"summary": "SUSE Bug 1246284 for CVE-2025-38286",
"url": "https://bugzilla.suse.com/1246284"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38286"
},
{
"cve": "CVE-2025-38287",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38287"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/cm: Drop lockdep assert and WARN when freeing old msg\n\nThe send completion handler can run after cm_id has advanced to another\nmessage. The cm_id lock is not needed in this case, but a recent change\nre-used cm_free_priv_msg(), which asserts that the lock is held and\nWARNs if the cm_id\u0027s currently outstanding msg is different than the one\nbeing freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38287",
"url": "https://www.suse.com/security/cve/CVE-2025-38287"
},
{
"category": "external",
"summary": "SUSE Bug 1246285 for CVE-2025-38287",
"url": "https://bugzilla.suse.com/1246285"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38287"
},
{
"cve": "CVE-2025-38288",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38288"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: smartpqi: Fix smp_processor_id() call trace for preemptible kernels\n\nCorrect kernel call trace when calling smp_processor_id() when called in\npreemptible kernels by using raw_smp_processor_id().\n\nsmp_processor_id() checks to see if preemption is disabled and if not,\nissue an error message followed by a call to dump_stack().\n\nBrief example of call trace:\nkernel: check_preemption_disabled: 436 callbacks suppressed\nkernel: BUG: using smp_processor_id() in preemptible [00000000]\n code: kworker/u1025:0/2354\nkernel: caller is pqi_scsi_queue_command+0x183/0x310 [smartpqi]\nkernel: CPU: 129 PID: 2354 Comm: kworker/u1025:0\nkernel: ...\nkernel: Workqueue: writeback wb_workfn (flush-253:0)\nkernel: Call Trace:\nkernel: \u003cTASK\u003e\nkernel: dump_stack_lvl+0x34/0x48\nkernel: check_preemption_disabled+0xdd/0xe0\nkernel: pqi_scsi_queue_command+0x183/0x310 [smartpqi]\nkernel: ...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38288",
"url": "https://www.suse.com/security/cve/CVE-2025-38288"
},
{
"category": "external",
"summary": "SUSE Bug 1246286 for CVE-2025-38288",
"url": "https://bugzilla.suse.com/1246286"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38288"
},
{
"cve": "CVE-2025-38289",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38289"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk\n\nSmatch detected a potential use-after-free of an ndlp oject in\ndev_loss_tmo_callbk during driver unload or fatal error handling.\n\nFix by reordering code to avoid potential use-after-free if initial\nnodelist reference has been previously removed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38289",
"url": "https://www.suse.com/security/cve/CVE-2025-38289"
},
{
"category": "external",
"summary": "SUSE Bug 1246287 for CVE-2025-38289",
"url": "https://bugzilla.suse.com/1246287"
},
{
"category": "external",
"summary": "SUSE Bug 1246288 for CVE-2025-38289",
"url": "https://bugzilla.suse.com/1246288"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38289"
},
{
"cve": "CVE-2025-38290",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38290"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix node corruption in ar-\u003earvifs list\n\nIn current WLAN recovery code flow, ath12k_core_halt() only reinitializes\nthe \"arvifs\" list head. This will cause the list node immediately following\nthe list head to become an invalid list node. Because the prev of that node\nstill points to the list head \"arvifs\", but the next of the list head\n\"arvifs\" no longer points to that list node.\n\nWhen a WLAN recovery occurs during the execution of a vif removal, and it\nhappens before the spin_lock_bh(\u0026ar-\u003edata_lock) in\nath12k_mac_vdev_delete(), list_del() will detect the previously mentioned\nsituation, thereby triggering a kernel panic.\n\nThe fix is to remove and reinitialize all vif list nodes from the list head\n\"arvifs\" during WLAN halt. The reinitialization is to make the list nodes\nvalid, ensuring that the list_del() in ath12k_mac_vdev_delete() can execute\nnormally.\n\nCall trace:\n__list_del_entry_valid_or_report+0xd4/0x100 (P)\nath12k_mac_remove_link_interface.isra.0+0xf8/0x2e4 [ath12k]\nath12k_scan_vdev_clean_work+0x40/0x164 [ath12k]\ncfg80211_wiphy_work+0xfc/0x100\nprocess_one_work+0x164/0x2d0\nworker_thread+0x254/0x380\nkthread+0xfc/0x100\nret_from_fork+0x10/0x20\n\nThe change is mostly copied from the ath11k patch:\nhttps://lore.kernel.org/all/20250320053145.3445187-1-quic_stonez@quicinc.com/\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.4.1-00199-QCAHKSWPL_SILICONZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38290",
"url": "https://www.suse.com/security/cve/CVE-2025-38290"
},
{
"category": "external",
"summary": "SUSE Bug 1246293 for CVE-2025-38290",
"url": "https://bugzilla.suse.com/1246293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38290"
},
{
"cve": "CVE-2025-38291",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38291"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Prevent sending WMI commands to firmware during firmware crash\n\nCurrently, we encounter the following kernel call trace when a firmware\ncrash occurs. This happens because the host sends WMI commands to the\nfirmware while it is in recovery, causing the commands to fail and\nresulting in the kernel call trace.\n\nSet the ATH12K_FLAG_CRASH_FLUSH and ATH12K_FLAG_RECOVERY flags when the\nhost driver receives the firmware crash notification from MHI. This\nprevents sending WMI commands to the firmware during recovery.\n\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x75/0xc0\n register_lock_class+0x6be/0x7a0\n ? __lock_acquire+0x644/0x19a0\n __lock_acquire+0x95/0x19a0\n lock_acquire+0x265/0x310\n ? ath12k_ce_send+0xa2/0x210 [ath12k]\n ? find_held_lock+0x34/0xa0\n ? ath12k_ce_send+0x56/0x210 [ath12k]\n _raw_spin_lock_bh+0x33/0x70\n ? ath12k_ce_send+0xa2/0x210 [ath12k]\n ath12k_ce_send+0xa2/0x210 [ath12k]\n ath12k_htc_send+0x178/0x390 [ath12k]\n ath12k_wmi_cmd_send_nowait+0x76/0xa0 [ath12k]\n ath12k_wmi_cmd_send+0x62/0x190 [ath12k]\n ath12k_wmi_pdev_bss_chan_info_request+0x62/0xc0 [ath1\n ath12k_mac_op_get_survey+0x2be/0x310 [ath12k]\n ieee80211_dump_survey+0x99/0x240 [mac80211]\n nl80211_dump_survey+0xe7/0x470 [cfg80211]\n ? kmalloc_reserve+0x59/0xf0\n genl_dumpit+0x24/0x70\n netlink_dump+0x177/0x360\n __netlink_dump_start+0x206/0x280\n genl_family_rcv_msg_dumpit.isra.22+0x8a/0xe0\n ? genl_family_rcv_msg_attrs_parse.isra.23+0xe0/0xe0\n ? genl_op_lock.part.12+0x10/0x10\n ? genl_dumpit+0x70/0x70\n genl_rcv_msg+0x1d0/0x290\n ? nl80211_del_station+0x330/0x330 [cfg80211]\n ? genl_get_cmd_both+0x50/0x50\n netlink_rcv_skb+0x4f/0x100\n genl_rcv+0x1f/0x30\n netlink_unicast+0x1b6/0x260\n netlink_sendmsg+0x31a/0x450\n __sock_sendmsg+0xa8/0xb0\n ____sys_sendmsg+0x1e4/0x260\n ___sys_sendmsg+0x89/0xe0\n ? local_clock_noinstr+0xb/0xc0\n ? rcu_is_watching+0xd/0x40\n ? kfree+0x1de/0x370\n ? __sys_sendmsg+0x7a/0xc0\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.4.1-00199-QCAHKSWPL_SILICONZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38291",
"url": "https://www.suse.com/security/cve/CVE-2025-38291"
},
{
"category": "external",
"summary": "SUSE Bug 1246297 for CVE-2025-38291",
"url": "https://bugzilla.suse.com/1246297"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "low"
}
],
"title": "CVE-2025-38291"
},
{
"cve": "CVE-2025-38292",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38292"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix invalid access to memory\n\nIn ath12k_dp_rx_msdu_coalesce(), rxcb is fetched from skb and boolean\nis_continuation is part of rxcb.\nCurrently, after freeing the skb, the rxcb-\u003eis_continuation accessed\nagain which is wrong since the memory is already freed.\nThis might lead use-after-free error.\n\nHence, fix by locally defining bool is_continuation from rxcb,\nso that after freeing skb, is_continuation can be used.\n\nCompile tested only.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38292",
"url": "https://www.suse.com/security/cve/CVE-2025-38292"
},
{
"category": "external",
"summary": "SUSE Bug 1246295 for CVE-2025-38292",
"url": "https://bugzilla.suse.com/1246295"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38292"
},
{
"cve": "CVE-2025-38293",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38293"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix node corruption in ar-\u003earvifs list\n\nIn current WLAN recovery code flow, ath11k_core_halt() only\nreinitializes the \"arvifs\" list head. This will cause the\nlist node immediately following the list head to become an\ninvalid list node. Because the prev of that node still points\nto the list head \"arvifs\", but the next of the list head \"arvifs\"\nno longer points to that list node.\n\nWhen a WLAN recovery occurs during the execution of a vif\nremoval, and it happens before the spin_lock_bh(\u0026ar-\u003edata_lock)\nin ath11k_mac_op_remove_interface(), list_del() will detect the\npreviously mentioned situation, thereby triggering a kernel panic.\n\nThe fix is to remove and reinitialize all vif list nodes from the\nlist head \"arvifs\" during WLAN halt. The reinitialization is to make\nthe list nodes valid, ensuring that the list_del() in\nath11k_mac_op_remove_interface() can execute normally.\n\nCall trace:\n__list_del_entry_valid_or_report+0xb8/0xd0\nath11k_mac_op_remove_interface+0xb0/0x27c [ath11k]\ndrv_remove_interface+0x48/0x194 [mac80211]\nieee80211_do_stop+0x6e0/0x844 [mac80211]\nieee80211_stop+0x44/0x17c [mac80211]\n__dev_close_many+0xac/0x150\n__dev_change_flags+0x194/0x234\ndev_change_flags+0x24/0x6c\ndevinet_ioctl+0x3a0/0x670\ninet_ioctl+0x200/0x248\nsock_do_ioctl+0x60/0x118\nsock_ioctl+0x274/0x35c\n__arm64_sys_ioctl+0xac/0xf0\ninvoke_syscall+0x48/0x114\n...\n\nTested-on: QCA6698AQ hw2.1 PCI WLAN.HSP.1.1-04591-QCAHSPSWPL_V1_V2_SILICONZ_IOE-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38293",
"url": "https://www.suse.com/security/cve/CVE-2025-38293"
},
{
"category": "external",
"summary": "SUSE Bug 1246292 for CVE-2025-38293",
"url": "https://bugzilla.suse.com/1246292"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38293"
},
{
"cve": "CVE-2025-38299",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38299"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mediatek: mt8195: Set ETDM1/2 IN/OUT to COMP_DUMMY()\n\nETDM2_IN_BE and ETDM1_OUT_BE are defined as COMP_EMPTY(),\nin the case the codec dai_name will be null.\n\nAvoid a crash if the device tree is not assigning a codec\nto these links.\n\n[ 1.179936] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n[ 1.181065] Mem abort info:\n[ 1.181420] ESR = 0x0000000096000004\n[ 1.181892] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 1.182576] SET = 0, FnV = 0\n[ 1.182964] EA = 0, S1PTW = 0\n[ 1.183367] FSC = 0x04: level 0 translation fault\n[ 1.183983] Data abort info:\n[ 1.184406] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[ 1.185097] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 1.185766] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 1.186439] [0000000000000000] user address but active_mm is swapper\n[ 1.187239] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 1.188029] Modules linked in:\n[ 1.188420] CPU: 7 UID: 0 PID: 70 Comm: kworker/u32:1 Not tainted 6.14.0-rc4-next-20250226+ #85\n[ 1.189515] Hardware name: Radxa NIO 12L (DT)\n[ 1.190065] Workqueue: events_unbound deferred_probe_work_func\n[ 1.190808] pstate: 40400009 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 1.191683] pc : __pi_strcmp+0x24/0x140\n[ 1.192170] lr : mt8195_mt6359_soc_card_probe+0x224/0x7b0\n[ 1.192854] sp : ffff800083473970\n[ 1.193271] x29: ffff800083473a10 x28: 0000000000001008 x27: 0000000000000002\n[ 1.194168] x26: ffff800082408960 x25: ffff800082417db0 x24: ffff800082417d88\n[ 1.195065] x23: 000000000000001e x22: ffff800082dbf480 x21: ffff800082dc07b8\n[ 1.195961] x20: 0000000000000000 x19: 0000000000000013 x18: 00000000ffffffff\n[ 1.196858] x17: 000000040044ffff x16: 005000f2b5503510 x15: 0000000000000006\n[ 1.197755] x14: ffff800082407af0 x13: 6e6f69737265766e x12: 692d6b636f6c6374\n[ 1.198651] x11: 0000000000000002 x10: ffff80008240b920 x9 : 0000000000000018\n[ 1.199547] x8 : 0101010101010101 x7 : 0000000000000000 x6 : 0000000000000000\n[ 1.200443] x5 : 0000000000000000 x4 : 8080808080000000 x3 : 303933383978616d\n[ 1.201339] x2 : 0000000000000000 x1 : ffff80008240b920 x0 : 0000000000000000\n[ 1.202236] Call trace:\n[ 1.202545] __pi_strcmp+0x24/0x140 (P)\n[ 1.203029] mtk_soundcard_common_probe+0x3bc/0x5b8\n[ 1.203644] platform_probe+0x70/0xe8\n[ 1.204106] really_probe+0xc8/0x3a0\n[ 1.204556] __driver_probe_device+0x84/0x160\n[ 1.205104] driver_probe_device+0x44/0x130\n[ 1.205630] __device_attach_driver+0xc4/0x170\n[ 1.206189] bus_for_each_drv+0x8c/0xf8\n[ 1.206672] __device_attach+0xa8/0x1c8\n[ 1.207155] device_initial_probe+0x1c/0x30\n[ 1.207681] bus_probe_device+0xb0/0xc0\n[ 1.208165] deferred_probe_work_func+0xa4/0x100\n[ 1.208747] process_one_work+0x158/0x3e0\n[ 1.209254] worker_thread+0x2c4/0x3e8\n[ 1.209727] kthread+0x134/0x1f0\n[ 1.210136] ret_from_fork+0x10/0x20\n[ 1.210589] Code: 54000401 b50002c6 d503201f f86a6803 (f8408402)\n[ 1.211355] ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38299",
"url": "https://www.suse.com/security/cve/CVE-2025-38299"
},
{
"category": "external",
"summary": "SUSE Bug 1246290 for CVE-2025-38299",
"url": "https://bugzilla.suse.com/1246290"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38299"
},
{
"cve": "CVE-2025-38300",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38300"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare()\n\nFix two DMA cleanup issues on the error path in sun8i_ce_cipher_prepare():\n\n1] If dma_map_sg() fails for areq-\u003edst, the device driver would try to free\n DMA memory it has not allocated in the first place. To fix this, on the\n \"theend_sgs\" error path, call dma unmap only if the corresponding dma\n map was successful.\n\n2] If the dma_map_single() call for the IV fails, the device driver would\n try to free an invalid DMA memory address on the \"theend_iv\" path:\n ------------[ cut here ]------------\n DMA-API: sun8i-ce 1904000.crypto: device driver tries to free an invalid DMA memory address\n WARNING: CPU: 2 PID: 69 at kernel/dma/debug.c:968 check_unmap+0x123c/0x1b90\n Modules linked in: skcipher_example(O+)\n CPU: 2 UID: 0 PID: 69 Comm: 1904000.crypto- Tainted: G O 6.15.0-rc3+ #24 PREEMPT\n Tainted: [O]=OOT_MODULE\n Hardware name: OrangePi Zero2 (DT)\n pc : check_unmap+0x123c/0x1b90\n lr : check_unmap+0x123c/0x1b90\n ...\n Call trace:\n check_unmap+0x123c/0x1b90 (P)\n debug_dma_unmap_page+0xac/0xc0\n dma_unmap_page_attrs+0x1f4/0x5fc\n sun8i_ce_cipher_do_one+0x1bd4/0x1f40\n crypto_pump_work+0x334/0x6e0\n kthread_worker_fn+0x21c/0x438\n kthread+0x374/0x664\n ret_from_fork+0x10/0x20\n ---[ end trace 0000000000000000 ]---\n\nTo fix this, check for !dma_mapping_error() before calling\ndma_unmap_single() on the \"theend_iv\" path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38300",
"url": "https://www.suse.com/security/cve/CVE-2025-38300"
},
{
"category": "external",
"summary": "SUSE Bug 1246349 for CVE-2025-38300",
"url": "https://bugzilla.suse.com/1246349"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38300"
},
{
"cve": "CVE-2025-38301",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38301"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmem: zynqmp_nvmem: unbreak driver after cleanup\n\nCommit 29be47fcd6a0 (\"nvmem: zynqmp_nvmem: zynqmp_nvmem_probe cleanup\")\nchanged the driver to expect the device pointer to be passed as the\n\"context\", but in nvmem the context parameter comes from nvmem_config.priv\nwhich is never set - Leading to null pointer exceptions when the device is\naccessed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38301",
"url": "https://www.suse.com/security/cve/CVE-2025-38301"
},
{
"category": "external",
"summary": "SUSE Bug 1246351 for CVE-2025-38301",
"url": "https://bugzilla.suse.com/1246351"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38301"
},
{
"cve": "CVE-2025-38302",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38302"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: don\u0027t use submit_bio_noacct_nocheck in blk_zone_wplug_bio_work\n\nBios queued up in the zone write plug have already gone through all all\npreparation in the submit_bio path, including the freeze protection.\n\nSubmitting them through submit_bio_noacct_nocheck duplicates the work\nand can can cause deadlocks when freezing a queue with pending bio\nwrite plugs.\n\nGo straight to -\u003esubmit_bio or blk_mq_submit_bio to bypass the\nsuperfluous extra freeze protection and checks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38302",
"url": "https://www.suse.com/security/cve/CVE-2025-38302"
},
{
"category": "external",
"summary": "SUSE Bug 1246353 for CVE-2025-38302",
"url": "https://bugzilla.suse.com/1246353"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38302"
},
{
"cve": "CVE-2025-38303",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38303"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: eir: Fix possible crashes on eir_create_adv_data\n\neir_create_adv_data may attempt to add EIR_FLAGS and EIR_TX_POWER\nwithout checking if that would fit.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38303",
"url": "https://www.suse.com/security/cve/CVE-2025-38303"
},
{
"category": "external",
"summary": "SUSE Bug 1246354 for CVE-2025-38303",
"url": "https://bugzilla.suse.com/1246354"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38303"
},
{
"cve": "CVE-2025-38304",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38304"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix NULL pointer deference on eir_get_service_data\n\nThe len parameter is considered optional so it can be NULL so it cannot\nbe used for skipping to next entry of EIR_SERVICE_DATA.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38304",
"url": "https://www.suse.com/security/cve/CVE-2025-38304"
},
{
"category": "external",
"summary": "SUSE Bug 1246240 for CVE-2025-38304",
"url": "https://bugzilla.suse.com/1246240"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38304"
},
{
"cve": "CVE-2025-38305",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38305"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptp: remove ptp-\u003en_vclocks check logic in ptp_vclock_in_use()\n\nThere is no disagreement that we should check both ptp-\u003eis_virtual_clock\nand ptp-\u003en_vclocks to check if the ptp virtual clock is in use.\n\nHowever, when we acquire ptp-\u003en_vclocks_mux to read ptp-\u003en_vclocks in\nptp_vclock_in_use(), we observe a recursive lock in the call trace\nstarting from n_vclocks_store().\n\n============================================\nWARNING: possible recursive locking detected\n6.15.0-rc6 #1 Not tainted\n--------------------------------------------\nsyz.0.1540/13807 is trying to acquire lock:\nffff888035a24868 (\u0026ptp-\u003en_vclocks_mux){+.+.}-{4:4}, at:\n ptp_vclock_in_use drivers/ptp/ptp_private.h:103 [inline]\nffff888035a24868 (\u0026ptp-\u003en_vclocks_mux){+.+.}-{4:4}, at:\n ptp_clock_unregister+0x21/0x250 drivers/ptp/ptp_clock.c:415\n\nbut task is already holding lock:\nffff888030704868 (\u0026ptp-\u003en_vclocks_mux){+.+.}-{4:4}, at:\n n_vclocks_store+0xf1/0x6d0 drivers/ptp/ptp_sysfs.c:215\n\nother info that might help us debug this:\n Possible unsafe locking scenario:\n\n CPU0\n ----\n lock(\u0026ptp-\u003en_vclocks_mux);\n lock(\u0026ptp-\u003en_vclocks_mux);\n\n *** DEADLOCK ***\n....\n============================================\n\nThe best way to solve this is to remove the logic that checks\nptp-\u003en_vclocks in ptp_vclock_in_use().\n\nThe reason why this is appropriate is that any path that uses\nptp-\u003en_vclocks must unconditionally check if ptp-\u003en_vclocks is greater\nthan 0 before unregistering vclocks, and all functions are already\nwritten this way. And in the function that uses ptp-\u003en_vclocks, we\nalready get ptp-\u003en_vclocks_mux before unregistering vclocks.\n\nTherefore, we need to remove the redundant check for ptp-\u003en_vclocks in\nptp_vclock_in_use() to prevent recursive locking.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38305",
"url": "https://www.suse.com/security/cve/CVE-2025-38305"
},
{
"category": "external",
"summary": "SUSE Bug 1246358 for CVE-2025-38305",
"url": "https://bugzilla.suse.com/1246358"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38305"
},
{
"cve": "CVE-2025-38306",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38306"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/fhandle.c: fix a race in call of has_locked_children()\n\nmay_decode_fh() is calling has_locked_children() while holding no locks.\nThat\u0027s an oopsable race...\n\nThe rest of the callers are safe since they are holding namespace_sem and\nare guaranteed a positive refcount on the mount in question.\n\nRename the current has_locked_children() to __has_locked_children(), make\nit static and switch the fs/namespace.c users to it.\n\nMake has_locked_children() a wrapper for __has_locked_children(), calling\nthe latter under read_seqlock_excl(\u0026mount_lock).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38306",
"url": "https://www.suse.com/security/cve/CVE-2025-38306"
},
{
"category": "external",
"summary": "SUSE Bug 1246366 for CVE-2025-38306",
"url": "https://bugzilla.suse.com/1246366"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38306"
},
{
"cve": "CVE-2025-38307",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38307"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: Intel: avs: Verify content returned by parse_int_array()\n\nThe first element of the returned array stores its length. If it is 0,\nany manipulation beyond the element at index 0 ends with null-ptr-deref.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38307",
"url": "https://www.suse.com/security/cve/CVE-2025-38307"
},
{
"category": "external",
"summary": "SUSE Bug 1246364 for CVE-2025-38307",
"url": "https://bugzilla.suse.com/1246364"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38307"
},
{
"cve": "CVE-2025-38311",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38311"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: get rid of the crit lock\n\nGet rid of the crit lock.\nThat frees us from the error prone logic of try_locks.\n\nThanks to netdev_lock() by Jakub it is now easy, and in most cases we were\nprotected by it already - replace crit lock by netdev lock when it was not\nthe case.\n\nLockdep reports that we should cancel the work under crit_lock [splat1],\nand that was the scheme we have mostly followed since [1] by Slawomir.\nBut when that is done we still got into deadlocks [splat2]. So instead\nwe should look at the bigger problem, namely \"weird locking/scheduling\"\nof the iavf. The first step to fix that is to remove the crit lock.\nI will followup with a -next series that simplifies scheduling/tasks.\n\nCancel the work without netdev lock (weird unlock+lock scheme),\nto fix the [splat2] (which would be totally ugly if we would kept\nthe crit lock).\n\nExtend protected part of iavf_watchdog_task() to include scheduling\nmore work.\n\nNote that the removed comment in iavf_reset_task() was misplaced,\nit belonged to inside of the removed if condition, so it\u0027s gone now.\n\n[splat1] - w/o this patch - The deadlock during VF removal:\n WARNING: possible circular locking dependency detected\n sh/3825 is trying to acquire lock:\n ((work_completion)(\u0026(\u0026adapter-\u003ewatchdog_task)-\u003ework)){+.+.}-{0:0}, at: start_flush_work+0x1a1/0x470\n but task is already holding lock:\n (\u0026adapter-\u003ecrit_lock){+.+.}-{4:4}, at: iavf_remove+0xd1/0x690 [iavf]\n which lock already depends on the new lock.\n\n[splat2] - when cancelling work under crit lock, w/o this series,\n\t see [2] for the band aid attempt\n WARNING: possible circular locking dependency detected\n sh/3550 is trying to acquire lock:\n ((wq_completion)iavf){+.+.}-{0:0}, at: touch_wq_lockdep_map+0x26/0x90\n but task is already holding lock:\n (\u0026dev-\u003elock){+.+.}-{4:4}, at: iavf_remove+0xa6/0x6e0 [iavf]\n which lock already depends on the new lock.\n\n[1] fc2e6b3b132a (\"iavf: Rework mutexes for better synchronisation\")\n[2] https://github.com/pkitszel/linux/commit/52dddbfc2bb60294083f5711a158a",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38311",
"url": "https://www.suse.com/security/cve/CVE-2025-38311"
},
{
"category": "external",
"summary": "SUSE Bug 1246376 for CVE-2025-38311",
"url": "https://bugzilla.suse.com/1246376"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38311"
},
{
"cve": "CVE-2025-38312",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38312"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod()\n\nIn fb_find_mode_cvt(), iff mode-\u003erefresh somehow happens to be 0x80000000,\ncvt.f_refresh will become 0 when multiplying it by 2 due to overflow. It\u0027s\nthen passed to fb_cvt_hperiod(), where it\u0027s used as a divider -- division\nby 0 will result in kernel oops. Add a sanity check for cvt.f_refresh to\navoid such overflow...\n\nFound by Linux Verification Center (linuxtesting.org) with the Svace static\nanalysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38312",
"url": "https://www.suse.com/security/cve/CVE-2025-38312"
},
{
"category": "external",
"summary": "SUSE Bug 1246386 for CVE-2025-38312",
"url": "https://bugzilla.suse.com/1246386"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38312"
},
{
"cve": "CVE-2025-38313",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38313"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: fsl-mc: fix double-free on mc_dev\n\nThe blamed commit tried to simplify how the deallocations are done but,\nin the process, introduced a double-free on the mc_dev variable.\n\nIn case the MC device is a DPRC, a new mc_bus is allocated and the\nmc_dev variable is just a reference to one of its fields. In this\ncircumstance, on the error path only the mc_bus should be freed.\n\nThis commit introduces back the following checkpatch warning which is a\nfalse-positive.\n\nWARNING: kfree(NULL) is safe and this check is probably not required\n+ if (mc_bus)\n+ kfree(mc_bus);",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38313",
"url": "https://www.suse.com/security/cve/CVE-2025-38313"
},
{
"category": "external",
"summary": "SUSE Bug 1246342 for CVE-2025-38313",
"url": "https://bugzilla.suse.com/1246342"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38313"
},
{
"cve": "CVE-2025-38315",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38315"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btintel: Check dsbr size from EFI variable\n\nSince the size of struct btintel_dsbr is already known, we can just\nstart there instead of querying the EFI variable size. If the final\nresult doesn\u0027t match what we expect also fail. This fixes a stack buffer\noverflow when the EFI variable is larger than struct btintel_dsbr.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38315",
"url": "https://www.suse.com/security/cve/CVE-2025-38315"
},
{
"category": "external",
"summary": "SUSE Bug 1246333 for CVE-2025-38315",
"url": "https://bugzilla.suse.com/1246333"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38315"
},
{
"cve": "CVE-2025-38317",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38317"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Fix buffer overflow in debugfs\n\nIf the user tries to write more than 32 bytes then it results in memory\ncorruption. Fortunately, this is debugfs so it\u0027s limited to root users.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38317",
"url": "https://www.suse.com/security/cve/CVE-2025-38317"
},
{
"category": "external",
"summary": "SUSE Bug 1246443 for CVE-2025-38317",
"url": "https://bugzilla.suse.com/1246443"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38317"
},
{
"cve": "CVE-2025-38318",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38318"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: arm-ni: Fix missing platform_set_drvdata()\n\nAdd missing platform_set_drvdata in arm_ni_probe(), otherwise\ncalling platform_get_drvdata() in remove returns NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38318",
"url": "https://www.suse.com/security/cve/CVE-2025-38318"
},
{
"category": "external",
"summary": "SUSE Bug 1246444 for CVE-2025-38318",
"url": "https://bugzilla.suse.com/1246444"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38318"
},
{
"cve": "CVE-2025-38319",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38319"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table\n\nThe function atomctrl_initialize_mc_reg_table() and\natomctrl_initialize_mc_reg_table_v2_2() does not check the return\nvalue of smu_atom_get_data_table(). If smu_atom_get_data_table()\nfails to retrieve vram_info, it returns NULL which is later\ndereferenced.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38319",
"url": "https://www.suse.com/security/cve/CVE-2025-38319"
},
{
"category": "external",
"summary": "SUSE Bug 1246243 for CVE-2025-38319",
"url": "https://bugzilla.suse.com/1246243"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38319"
},
{
"cve": "CVE-2025-38322",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38322"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/intel: Fix crash in icl_update_topdown_event()\n\nThe perf_fuzzer found a hard-lockup crash on a RaptorLake machine:\n\n Oops: general protection fault, maybe for address 0xffff89aeceab400: 0000\n CPU: 23 UID: 0 PID: 0 Comm: swapper/23\n Tainted: [W]=WARN\n Hardware name: Dell Inc. Precision 9660/0VJ762\n RIP: 0010:native_read_pmc+0x7/0x40\n Code: cc e8 8d a9 01 00 48 89 03 5b cd cc cc cc cc 0f 1f ...\n RSP: 000:fffb03100273de8 EFLAGS: 00010046\n ....\n Call Trace:\n \u003cTASK\u003e\n icl_update_topdown_event+0x165/0x190\n ? ktime_get+0x38/0xd0\n intel_pmu_read_event+0xf9/0x210\n __perf_event_read+0xf9/0x210\n\nCPUs 16-23 are E-core CPUs that don\u0027t support the perf metrics feature.\nThe icl_update_topdown_event() should not be invoked on these CPUs.\n\nIt\u0027s a regression of commit:\n\n f9bdf1f95339 (\"perf/x86/intel: Avoid disable PMU if !cpuc-\u003eenabled in sample read\")\n\nThe bug introduced by that commit is that the is_topdown_event() function\nis mistakenly used to replace the is_topdown_count() call to check if the\ntopdown functions for the perf metrics feature should be invoked.\n\nFix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38322",
"url": "https://www.suse.com/security/cve/CVE-2025-38322"
},
{
"category": "external",
"summary": "SUSE Bug 1246447 for CVE-2025-38322",
"url": "https://bugzilla.suse.com/1246447"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38322"
},
{
"cve": "CVE-2025-38323",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38323"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: atm: add lec_mutex\n\nsyzbot found its way in net/atm/lec.c, and found an error path\nin lecd_attach() could leave a dangling pointer in dev_lec[].\n\nAdd a mutex to protect dev_lecp[] uses from lecd_attach(),\nlec_vcc_attach() and lec_mcast_attach().\n\nFollowing patch will use this mutex for /proc/net/atm/lec.\n\nBUG: KASAN: slab-use-after-free in lecd_attach net/atm/lec.c:751 [inline]\nBUG: KASAN: slab-use-after-free in lane_ioctl+0x2224/0x23e0 net/atm/lec.c:1008\nRead of size 8 at addr ffff88807c7b8e68 by task syz.1.17/6142\n\nCPU: 1 UID: 0 PID: 6142 Comm: syz.1.17 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xcd/0x680 mm/kasan/report.c:521\n kasan_report+0xe0/0x110 mm/kasan/report.c:634\n lecd_attach net/atm/lec.c:751 [inline]\n lane_ioctl+0x2224/0x23e0 net/atm/lec.c:1008\n do_vcc_ioctl+0x12c/0x930 net/atm/ioctl.c:159\n sock_do_ioctl+0x118/0x280 net/socket.c:1190\n sock_ioctl+0x227/0x6b0 net/socket.c:1311\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl fs/ioctl.c:893 [inline]\n __x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n \u003c/TASK\u003e\n\nAllocated by task 6132:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4328 [inline]\n __kvmalloc_node_noprof+0x27b/0x620 mm/slub.c:5015\n alloc_netdev_mqs+0xd2/0x1570 net/core/dev.c:11711\n lecd_attach net/atm/lec.c:737 [inline]\n lane_ioctl+0x17db/0x23e0 net/atm/lec.c:1008\n do_vcc_ioctl+0x12c/0x930 net/atm/ioctl.c:159\n sock_do_ioctl+0x118/0x280 net/socket.c:1190\n sock_ioctl+0x227/0x6b0 net/socket.c:1311\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl fs/ioctl.c:893 [inline]\n __x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 6132:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x51/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2381 [inline]\n slab_free mm/slub.c:4643 [inline]\n kfree+0x2b4/0x4d0 mm/slub.c:4842\n free_netdev+0x6c5/0x910 net/core/dev.c:11892\n lecd_attach net/atm/lec.c:744 [inline]\n lane_ioctl+0x1ce8/0x23e0 net/atm/lec.c:1008\n do_vcc_ioctl+0x12c/0x930 net/atm/ioctl.c:159\n sock_do_ioctl+0x118/0x280 net/socket.c:1190\n sock_ioctl+0x227/0x6b0 net/socket.c:1311\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl fs/ioctl.c:893 [inline]\n __x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:893",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38323",
"url": "https://www.suse.com/security/cve/CVE-2025-38323"
},
{
"category": "external",
"summary": "SUSE Bug 1246473 for CVE-2025-38323",
"url": "https://bugzilla.suse.com/1246473"
},
{
"category": "external",
"summary": "SUSE Bug 1246525 for CVE-2025-38323",
"url": "https://bugzilla.suse.com/1246525"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38323"
},
{
"cve": "CVE-2025-38326",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38326"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naoe: clean device rq_list in aoedev_downdev()\n\nAn aoe device\u0027s rq_list contains accepted block requests that are\nwaiting to be transmitted to the aoe target. This queue was added as\npart of the conversion to blk_mq. However, the queue was not cleaned out\nwhen an aoe device is downed which caused blk_mq_freeze_queue() to sleep\nindefinitely waiting for those requests to complete, causing a hang. This\nfix cleans out the queue before calling blk_mq_freeze_queue().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38326",
"url": "https://www.suse.com/security/cve/CVE-2025-38326"
},
{
"category": "external",
"summary": "SUSE Bug 1246490 for CVE-2025-38326",
"url": "https://bugzilla.suse.com/1246490"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38326"
},
{
"cve": "CVE-2025-38332",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38332"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Use memcpy() for BIOS version\n\nThe strlcat() with FORTIFY support is triggering a panic because it\nthinks the target buffer will overflow although the correct target\nbuffer size is passed in.\n\nAnyway, instead of memset() with 0 followed by a strlcat(), just use\nmemcpy() and ensure that the resulting buffer is NULL terminated.\n\nBIOSVersion is only used for the lpfc_printf_log() which expects a\nproperly terminated string.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38332",
"url": "https://www.suse.com/security/cve/CVE-2025-38332"
},
{
"category": "external",
"summary": "SUSE Bug 1246375 for CVE-2025-38332",
"url": "https://bugzilla.suse.com/1246375"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38332"
},
{
"cve": "CVE-2025-38335",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38335"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: gpio-keys - fix a sleep while atomic with PREEMPT_RT\n\nWhen enabling PREEMPT_RT, the gpio_keys_irq_timer() callback runs in\nhard irq context, but the input_event() takes a spin_lock, which isn\u0027t\nallowed there as it is converted to a rt_spin_lock().\n\n[ 4054.289999] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n[ 4054.290028] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/0\n...\n[ 4054.290195] __might_resched+0x13c/0x1f4\n[ 4054.290209] rt_spin_lock+0x54/0x11c\n[ 4054.290219] input_event+0x48/0x80\n[ 4054.290230] gpio_keys_irq_timer+0x4c/0x78\n[ 4054.290243] __hrtimer_run_queues+0x1a4/0x438\n[ 4054.290257] hrtimer_interrupt+0xe4/0x240\n[ 4054.290269] arch_timer_handler_phys+0x2c/0x44\n[ 4054.290283] handle_percpu_devid_irq+0x8c/0x14c\n[ 4054.290297] handle_irq_desc+0x40/0x58\n[ 4054.290307] generic_handle_domain_irq+0x1c/0x28\n[ 4054.290316] gic_handle_irq+0x44/0xcc\n\nConsidering the gpio_keys_irq_isr() can run in any context, e.g. it can\nbe threaded, it seems there\u0027s no point in requesting the timer isr to\nrun in hard irq context.\n\nRelax the hrtimer not to use the hard context.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38335",
"url": "https://www.suse.com/security/cve/CVE-2025-38335"
},
{
"category": "external",
"summary": "SUSE Bug 1246250 for CVE-2025-38335",
"url": "https://bugzilla.suse.com/1246250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38335"
},
{
"cve": "CVE-2025-38336",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38336"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330\n\nThe controller has a hardware bug that can hard hang the system when\ndoing ATAPI DMAs without any trace of what happened. Depending on the\ndevice attached, it can also prevent the system from booting.\n\nIn this case, the system hangs when reading the ATIP from optical media\nwith cdrecord -vvv -atip on an _NEC DVD_RW ND-4571A 1-01 and an\nOptiarc DVD RW AD-7200A 1.06 attached to an ASRock 990FX Extreme 4,\nrunning at UDMA/33.\n\nThe issue can be reproduced by running the same command with a cygwin\nbuild of cdrecord on WinXP, although it requires more attempts to cause\nit. The hang in that case is also resolved by forcing PIO. It doesn\u0027t\nappear that VIA has produced any drivers for that OS, thus no known\nworkaround exists.\n\nHDDs attached to the controller do not suffer from any DMA issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38336",
"url": "https://www.suse.com/security/cve/CVE-2025-38336"
},
{
"category": "external",
"summary": "SUSE Bug 1246370 for CVE-2025-38336",
"url": "https://bugzilla.suse.com/1246370"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38336"
},
{
"cve": "CVE-2025-38337",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38337"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata()\n\nSince handle-\u003eh_transaction may be a NULL pointer, so we should change it\nto call is_handle_aborted(handle) first before dereferencing it.\n\nAnd the following data-race was reported in my fuzzer:\n\n==================================================================\nBUG: KCSAN: data-race in jbd2_journal_dirty_metadata / jbd2_journal_dirty_metadata\n\nwrite to 0xffff888011024104 of 4 bytes by task 10881 on cpu 1:\n jbd2_journal_dirty_metadata+0x2a5/0x770 fs/jbd2/transaction.c:1556\n __ext4_handle_dirty_metadata+0xe7/0x4b0 fs/ext4/ext4_jbd2.c:358\n ext4_do_update_inode fs/ext4/inode.c:5220 [inline]\n ext4_mark_iloc_dirty+0x32c/0xd50 fs/ext4/inode.c:5869\n __ext4_mark_inode_dirty+0xe1/0x450 fs/ext4/inode.c:6074\n ext4_dirty_inode+0x98/0xc0 fs/ext4/inode.c:6103\n....\n\nread to 0xffff888011024104 of 4 bytes by task 10880 on cpu 0:\n jbd2_journal_dirty_metadata+0xf2/0x770 fs/jbd2/transaction.c:1512\n __ext4_handle_dirty_metadata+0xe7/0x4b0 fs/ext4/ext4_jbd2.c:358\n ext4_do_update_inode fs/ext4/inode.c:5220 [inline]\n ext4_mark_iloc_dirty+0x32c/0xd50 fs/ext4/inode.c:5869\n __ext4_mark_inode_dirty+0xe1/0x450 fs/ext4/inode.c:6074\n ext4_dirty_inode+0x98/0xc0 fs/ext4/inode.c:6103\n....\n\nvalue changed: 0x00000000 -\u003e 0x00000001\n==================================================================\n\nThis issue is caused by missing data-race annotation for jh-\u003eb_modified.\nTherefore, the missing annotation needs to be added.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38337",
"url": "https://www.suse.com/security/cve/CVE-2025-38337"
},
{
"category": "external",
"summary": "SUSE Bug 1246253 for CVE-2025-38337",
"url": "https://bugzilla.suse.com/1246253"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38337"
},
{
"cve": "CVE-2025-38338",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38338"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/nfs/read: fix double-unlock bug in nfs_return_empty_folio()\n\nSometimes, when a file was read while it was being truncated by\nanother NFS client, the kernel could deadlock because folio_unlock()\nwas called twice, and the second call would XOR back the `PG_locked`\nflag.\n\nMost of the time (depending on the timing of the truncation), nobody\nnotices the problem because folio_unlock() gets called three times,\nwhich flips `PG_locked` back off:\n\n 1. vfs_read, nfs_read_folio, ... nfs_read_add_folio,\n nfs_return_empty_folio\n 2. vfs_read, nfs_read_folio, ... netfs_read_collection,\n netfs_unlock_abandoned_read_pages\n 3. vfs_read, ... nfs_do_read_folio, nfs_read_add_folio,\n nfs_return_empty_folio\n\nThe problem is that nfs_read_add_folio() is not supposed to unlock the\nfolio if fscache is enabled, and a nfs_netfs_folio_unlock() check is\nmissing in nfs_return_empty_folio().\n\nRarely this leads to a warning in netfs_read_collection():\n\n ------------[ cut here ]------------\n R=0000031c: folio 10 is not locked\n WARNING: CPU: 0 PID: 29 at fs/netfs/read_collect.c:133 netfs_read_collection+0x7c0/0xf00\n [...]\n Workqueue: events_unbound netfs_read_collection_worker\n RIP: 0010:netfs_read_collection+0x7c0/0xf00\n [...]\n Call Trace:\n \u003cTASK\u003e\n netfs_read_collection_worker+0x67/0x80\n process_one_work+0x12e/0x2c0\n worker_thread+0x295/0x3a0\n\nMost of the time, however, processes just get stuck forever in\nfolio_wait_bit_common(), waiting for `PG_locked` to disappear, which\nnever happens because nobody is really holding the folio lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38338",
"url": "https://www.suse.com/security/cve/CVE-2025-38338"
},
{
"category": "external",
"summary": "SUSE Bug 1246258 for CVE-2025-38338",
"url": "https://bugzilla.suse.com/1246258"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38338"
},
{
"cve": "CVE-2025-38339",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38339"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/bpf: fix JIT code size calculation of bpf trampoline\n\narch_bpf_trampoline_size() provides JIT size of the BPF trampoline\nbefore the buffer for JIT\u0027ing it is allocated. The total number of\ninstructions emitted for BPF trampoline JIT code depends on where\nthe final image is located. So, the size arrived at with the dummy\npass in arch_bpf_trampoline_size() can vary from the actual size\nneeded in arch_prepare_bpf_trampoline(). When the instructions\naccounted in arch_bpf_trampoline_size() is less than the number of\ninstructions emitted during the actual JIT compile of the trampoline,\nthe below warning is produced:\n\n WARNING: CPU: 8 PID: 204190 at arch/powerpc/net/bpf_jit_comp.c:981 __arch_prepare_bpf_trampoline.isra.0+0xd2c/0xdcc\n\nwhich is:\n\n /* Make sure the trampoline generation logic doesn\u0027t overflow */\n if (image \u0026\u0026 WARN_ON_ONCE(\u0026image[ctx-\u003eidx] \u003e\n \t\t\t(u32 *)rw_image_end - BPF_INSN_SAFETY)) {\n\nSo, during the dummy pass, instead of providing some arbitrary image\nlocation, account for maximum possible instructions if and when there\nis a dependency with image location for JIT\u0027ing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38339",
"url": "https://www.suse.com/security/cve/CVE-2025-38339"
},
{
"category": "external",
"summary": "SUSE Bug 1246259 for CVE-2025-38339",
"url": "https://bugzilla.suse.com/1246259"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38339"
},
{
"cve": "CVE-2025-38341",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38341"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\neth: fbnic: avoid double free when failing to DMA-map FW msg\n\nThe semantics are that caller of fbnic_mbx_map_msg() retains\nthe ownership of the message on error. All existing callers\ndutifully free the page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38341",
"url": "https://www.suse.com/security/cve/CVE-2025-38341"
},
{
"category": "external",
"summary": "SUSE Bug 1246260 for CVE-2025-38341",
"url": "https://bugzilla.suse.com/1246260"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38341"
},
{
"cve": "CVE-2025-38342",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38342"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoftware node: Correct a OOB check in software_node_get_reference_args()\n\nsoftware_node_get_reference_args() wants to get @index-th element, so\nthe property value requires at least \u0027(index + 1) * sizeof(*ref)\u0027 bytes\nbut that can not be guaranteed by current OOB check, and may cause OOB\nfor malformed property.\n\nFix by using as OOB check \u0027((index + 1) * sizeof(*ref) \u003e prop-\u003elength)\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38342",
"url": "https://www.suse.com/security/cve/CVE-2025-38342"
},
{
"category": "external",
"summary": "SUSE Bug 1246453 for CVE-2025-38342",
"url": "https://bugzilla.suse.com/1246453"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38342"
},
{
"cve": "CVE-2025-38343",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38343"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7996: drop fragments with multicast or broadcast RA\n\nIEEE 802.11 fragmentation can only be applied to unicast frames.\nTherefore, drop fragments with multicast or broadcast RA. This patch\naddresses vulnerabilities such as CVE-2020-26145.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38343",
"url": "https://www.suse.com/security/cve/CVE-2025-38343"
},
{
"category": "external",
"summary": "SUSE Bug 1246438 for CVE-2025-38343",
"url": "https://bugzilla.suse.com/1246438"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38343"
},
{
"cve": "CVE-2025-38344",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38344"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: fix acpi parse and parseext cache leaks\n\nACPICA commit 8829e70e1360c81e7a5a901b5d4f48330e021ea5\n\nI\u0027m Seunghun Han, and I work for National Security Research Institute of\nSouth Korea.\n\nI have been doing a research on ACPI and found an ACPI cache leak in ACPI\nearly abort cases.\n\nBoot log of ACPI cache leak is as follows:\n[ 0.352414] ACPI: Added _OSI(Module Device)\n[ 0.353182] ACPI: Added _OSI(Processor Device)\n[ 0.353182] ACPI: Added _OSI(3.0 _SCP Extensions)\n[ 0.353182] ACPI: Added _OSI(Processor Aggregator Device)\n[ 0.356028] ACPI: Unable to start the ACPI Interpreter\n[ 0.356799] ACPI Error: Could not remove SCI handler (20170303/evmisc-281)\n[ 0.360215] kmem_cache_destroy Acpi-State: Slab cache still has objects\n[ 0.360648] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G W\n4.12.0-rc4-next-20170608+ #10\n[ 0.361273] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS\nvirtual_box 12/01/2006\n[ 0.361873] Call Trace:\n[ 0.362243] ? dump_stack+0x5c/0x81\n[ 0.362591] ? kmem_cache_destroy+0x1aa/0x1c0\n[ 0.362944] ? acpi_sleep_proc_init+0x27/0x27\n[ 0.363296] ? acpi_os_delete_cache+0xa/0x10\n[ 0.363646] ? acpi_ut_delete_caches+0x6d/0x7b\n[ 0.364000] ? acpi_terminate+0xa/0x14\n[ 0.364000] ? acpi_init+0x2af/0x34f\n[ 0.364000] ? __class_create+0x4c/0x80\n[ 0.364000] ? video_setup+0x7f/0x7f\n[ 0.364000] ? acpi_sleep_proc_init+0x27/0x27\n[ 0.364000] ? do_one_initcall+0x4e/0x1a0\n[ 0.364000] ? kernel_init_freeable+0x189/0x20a\n[ 0.364000] ? rest_init+0xc0/0xc0\n[ 0.364000] ? kernel_init+0xa/0x100\n[ 0.364000] ? ret_from_fork+0x25/0x30\n\nI analyzed this memory leak in detail. I found that \"Acpi-State\" cache and\n\"Acpi-Parse\" cache were merged because the size of cache objects was same\nslab cache size.\n\nI finally found \"Acpi-Parse\" cache and \"Acpi-parse_ext\" cache were leaked\nusing SLAB_NEVER_MERGE flag in kmem_cache_create() function.\n\nReal ACPI cache leak point is as follows:\n[ 0.360101] ACPI: Added _OSI(Module Device)\n[ 0.360101] ACPI: Added _OSI(Processor Device)\n[ 0.360101] ACPI: Added _OSI(3.0 _SCP Extensions)\n[ 0.361043] ACPI: Added _OSI(Processor Aggregator Device)\n[ 0.364016] ACPI: Unable to start the ACPI Interpreter\n[ 0.365061] ACPI Error: Could not remove SCI handler (20170303/evmisc-281)\n[ 0.368174] kmem_cache_destroy Acpi-Parse: Slab cache still has objects\n[ 0.369332] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G W\n4.12.0-rc4-next-20170608+ #8\n[ 0.371256] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS\nvirtual_box 12/01/2006\n[ 0.372000] Call Trace:\n[ 0.372000] ? dump_stack+0x5c/0x81\n[ 0.372000] ? kmem_cache_destroy+0x1aa/0x1c0\n[ 0.372000] ? acpi_sleep_proc_init+0x27/0x27\n[ 0.372000] ? acpi_os_delete_cache+0xa/0x10\n[ 0.372000] ? acpi_ut_delete_caches+0x56/0x7b\n[ 0.372000] ? acpi_terminate+0xa/0x14\n[ 0.372000] ? acpi_init+0x2af/0x34f\n[ 0.372000] ? __class_create+0x4c/0x80\n[ 0.372000] ? video_setup+0x7f/0x7f\n[ 0.372000] ? acpi_sleep_proc_init+0x27/0x27\n[ 0.372000] ? do_one_initcall+0x4e/0x1a0\n[ 0.372000] ? kernel_init_freeable+0x189/0x20a\n[ 0.372000] ? rest_init+0xc0/0xc0\n[ 0.372000] ? kernel_init+0xa/0x100\n[ 0.372000] ? ret_from_fork+0x25/0x30\n[ 0.388039] kmem_cache_destroy Acpi-parse_ext: Slab cache still has objects\n[ 0.389063] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G W\n4.12.0-rc4-next-20170608+ #8\n[ 0.390557] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS\nvirtual_box 12/01/2006\n[ 0.392000] Call Trace:\n[ 0.392000] ? dump_stack+0x5c/0x81\n[ 0.392000] ? kmem_cache_destroy+0x1aa/0x1c0\n[ 0.392000] ? acpi_sleep_proc_init+0x27/0x27\n[ 0.392000] ? acpi_os_delete_cache+0xa/0x10\n[ 0.392000] ? acpi_ut_delete_caches+0x6d/0x7b\n[ 0.392000] ? acpi_terminate+0xa/0x14\n[ 0.392000] ? acpi_init+0x2af/0x3\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38344",
"url": "https://www.suse.com/security/cve/CVE-2025-38344"
},
{
"category": "external",
"summary": "SUSE Bug 1246334 for CVE-2025-38344",
"url": "https://bugzilla.suse.com/1246334"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38344"
},
{
"cve": "CVE-2025-38345",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38345"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: fix acpi operand cache leak in dswstate.c\n\nACPICA commit 987a3b5cf7175916e2a4b6ea5b8e70f830dfe732\n\nI found an ACPI cache leak in ACPI early termination and boot continuing case.\n\nWhen early termination occurs due to malicious ACPI table, Linux kernel\nterminates ACPI function and continues to boot process. While kernel terminates\nACPI function, kmem_cache_destroy() reports Acpi-Operand cache leak.\n\nBoot log of ACPI operand cache leak is as follows:\n\u003e[ 0.585957] ACPI: Added _OSI(Module Device)\n\u003e[ 0.587218] ACPI: Added _OSI(Processor Device)\n\u003e[ 0.588530] ACPI: Added _OSI(3.0 _SCP Extensions)\n\u003e[ 0.589790] ACPI: Added _OSI(Processor Aggregator Device)\n\u003e[ 0.591534] ACPI Error: Illegal I/O port address/length above 64K: C806E00000004002/0x2 (20170303/hwvalid-155)\n\u003e[ 0.594351] ACPI Exception: AE_LIMIT, Unable to initialize fixed events (20170303/evevent-88)\n\u003e[ 0.597858] ACPI: Unable to start the ACPI Interpreter\n\u003e[ 0.599162] ACPI Error: Could not remove SCI handler (20170303/evmisc-281)\n\u003e[ 0.601836] kmem_cache_destroy Acpi-Operand: Slab cache still has objects\n\u003e[ 0.603556] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.12.0-rc5 #26\n\u003e[ 0.605159] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS virtual_box 12/01/2006\n\u003e[ 0.609177] Call Trace:\n\u003e[ 0.610063] ? dump_stack+0x5c/0x81\n\u003e[ 0.611118] ? kmem_cache_destroy+0x1aa/0x1c0\n\u003e[ 0.612632] ? acpi_sleep_proc_init+0x27/0x27\n\u003e[ 0.613906] ? acpi_os_delete_cache+0xa/0x10\n\u003e[ 0.617986] ? acpi_ut_delete_caches+0x3f/0x7b\n\u003e[ 0.619293] ? acpi_terminate+0xa/0x14\n\u003e[ 0.620394] ? acpi_init+0x2af/0x34f\n\u003e[ 0.621616] ? __class_create+0x4c/0x80\n\u003e[ 0.623412] ? video_setup+0x7f/0x7f\n\u003e[ 0.624585] ? acpi_sleep_proc_init+0x27/0x27\n\u003e[ 0.625861] ? do_one_initcall+0x4e/0x1a0\n\u003e[ 0.627513] ? kernel_init_freeable+0x19e/0x21f\n\u003e[ 0.628972] ? rest_init+0x80/0x80\n\u003e[ 0.630043] ? kernel_init+0xa/0x100\n\u003e[ 0.631084] ? ret_from_fork+0x25/0x30\n\u003e[ 0.633343] vgaarb: loaded\n\u003e[ 0.635036] EDAC MC: Ver: 3.0.0\n\u003e[ 0.638601] PCI: Probing PCI hardware\n\u003e[ 0.639833] PCI host bridge to bus 0000:00\n\u003e[ 0.641031] pci_bus 0000:00: root bus resource [io 0x0000-0xffff]\n\u003e ... Continue to boot and log is omitted ...\n\nI analyzed this memory leak in detail and found acpi_ds_obj_stack_pop_and_\ndelete() function miscalculated the top of the stack. acpi_ds_obj_stack_push()\nfunction uses walk_state-\u003eoperand_index for start position of the top, but\nacpi_ds_obj_stack_pop_and_delete() function considers index 0 for it.\nTherefore, this causes acpi operand memory leak.\n\nThis cache leak causes a security threat because an old kernel (\u003c= 4.9) shows\nmemory locations of kernel functions in stack dump. Some malicious users\ncould use this information to neutralize kernel ASLR.\n\nI made a patch to fix ACPI operand cache leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38345",
"url": "https://www.suse.com/security/cve/CVE-2025-38345"
},
{
"category": "external",
"summary": "SUSE Bug 1246337 for CVE-2025-38345",
"url": "https://bugzilla.suse.com/1246337"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38345"
},
{
"cve": "CVE-2025-38348",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38348"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback()\n\nRobert Morris reported:\n\n|If a malicious USB device pretends to be an Intersil p54 wifi\n|interface and generates an eeprom_readback message with a large\n|eeprom-\u003ev1.len, p54_rx_eeprom_readback() will copy data from the\n|message beyond the end of priv-\u003eeeprom.\n|\n|static void p54_rx_eeprom_readback(struct p54_common *priv,\n| struct sk_buff *skb)\n|{\n| struct p54_hdr *hdr = (struct p54_hdr *) skb-\u003edata;\n| struct p54_eeprom_lm86 *eeprom = (struct p54_eeprom_lm86 *) hdr-\u003edata;\n|\n| if (priv-\u003efw_var \u003e= 0x509) {\n| memcpy(priv-\u003eeeprom, eeprom-\u003ev2.data,\n| le16_to_cpu(eeprom-\u003ev2.len));\n| } else {\n| memcpy(priv-\u003eeeprom, eeprom-\u003ev1.data,\n| le16_to_cpu(eeprom-\u003ev1.len));\n| }\n| [...]\n\nThe eeprom-\u003ev{1,2}.len is set by the driver in p54_download_eeprom().\nThe device is supposed to provide the same length back to the driver.\nBut yes, it\u0027s possible (like shown in the report) to alter the value\nto something that causes a crash/panic due to overrun.\n\nThis patch addresses the issue by adding the size to the common device\ncontext, so p54_rx_eeprom_readback no longer relies on possibly tampered\nvalues... That said, it also checks if the \"firmware\" altered the value\nand no longer copies them.\n\nThe one, small saving grace is: Before the driver tries to read the eeprom,\nit needs to upload \u003ea\u003c firmware. the vendor firmware has a proprietary\nlicense and as a reason, it is not present on most distributions by\ndefault.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38348",
"url": "https://www.suse.com/security/cve/CVE-2025-38348"
},
{
"category": "external",
"summary": "SUSE Bug 1246262 for CVE-2025-38348",
"url": "https://bugzilla.suse.com/1246262"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38348"
},
{
"cve": "CVE-2025-38349",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38349"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\neventpoll: don\u0027t decrement ep refcount while still holding the ep mutex\n\nJann Horn points out that epoll is decrementing the ep refcount and then\ndoing a\n\n mutex_unlock(\u0026ep-\u003emtx);\n\nafterwards. That\u0027s very wrong, because it can lead to a use-after-free.\n\nThat pattern is actually fine for the very last reference, because the\ncode in question will delay the actual call to \"ep_free(ep)\" until after\nit has unlocked the mutex.\n\nBut it\u0027s wrong for the much subtler \"next to last\" case when somebody\n*else* may also be dropping their reference and free the ep while we\u0027re\nstill using the mutex.\n\nNote that this is true even if that other user is also using the same ep\nmutex: mutexes, unlike spinlocks, can not be used for object ownership,\neven if they guarantee mutual exclusion.\n\nA mutex \"unlock\" operation is not atomic, and as one user is still\naccessing the mutex as part of unlocking it, another user can come in\nand get the now released mutex and free the data structure while the\nfirst user is still cleaning up.\n\nSee our mutex documentation in Documentation/locking/mutex-design.rst,\nin particular the section [1] about semantics:\n\n\t\"mutex_unlock() may access the mutex structure even after it has\n\t internally released the lock already - so it\u0027s not safe for\n\t another context to acquire the mutex and assume that the\n\t mutex_unlock() context is not using the structure anymore\"\n\nSo if we drop our ep ref before the mutex unlock, but we weren\u0027t the\nlast one, we may then unlock the mutex, another user comes in, drops\n_their_ reference and releases the \u0027ep\u0027 as it now has no users - all\nwhile the mutex_unlock() is still accessing it.\n\nFix this by simply moving the ep refcount dropping to outside the mutex:\nthe refcount itself is atomic, and doesn\u0027t need mutex protection (that\u0027s\nthe whole _point_ of refcounts: unlike mutexes, they are inherently\nabout object lifetimes).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38349",
"url": "https://www.suse.com/security/cve/CVE-2025-38349"
},
{
"category": "external",
"summary": "SUSE Bug 1246777 for CVE-2025-38349",
"url": "https://bugzilla.suse.com/1246777"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38349"
},
{
"cve": "CVE-2025-38350",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38350"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Always pass notifications when child class becomes empty\n\nCertain classful qdiscs may invoke their classes\u0027 dequeue handler on an\nenqueue operation. This may unexpectedly empty the child qdisc and thus\nmake an in-flight class passive via qlen_notify(). Most qdiscs do not\nexpect such behaviour at this point in time and may re-activate the\nclass eventually anyways which will lead to a use-after-free.\n\nThe referenced fix commit attempted to fix this behavior for the HFSC\ncase by moving the backlog accounting around, though this turned out to\nbe incomplete since the parent\u0027s parent may run into the issue too.\nThe following reproducer demonstrates this use-after-free:\n\n tc qdisc add dev lo root handle 1: drr\n tc filter add dev lo parent 1: basic classid 1:1\n tc class add dev lo parent 1: classid 1:1 drr\n tc qdisc add dev lo parent 1:1 handle 2: hfsc def 1\n tc class add dev lo parent 2: classid 2:1 hfsc rt m1 8 d 1 m2 0\n tc qdisc add dev lo parent 2:1 handle 3: netem\n tc qdisc add dev lo parent 3:1 handle 4: blackhole\n\n echo 1 | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888\n tc class delete dev lo classid 1:1\n echo 1 | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888\n\nSince backlog accounting issues leading to a use-after-frees on stale\nclass pointers is a recurring pattern at this point, this patch takes\na different approach. Instead of trying to fix the accounting, the patch\nensures that qdisc_tree_reduce_backlog always calls qlen_notify when\nthe child qdisc is empty. This solves the problem because deletion of\nqdiscs always involves a call to qdisc_reset() and / or\nqdisc_purge_queue() which ultimately resets its qlen to 0 thus causing\nthe following qdisc_tree_reduce_backlog() to report to the parent. Note\nthat this may call qlen_notify on passive classes multiple times. This\nis not a problem after the recent patch series that made all the\nclassful qdiscs qlen_notify() handlers idempotent.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38350",
"url": "https://www.suse.com/security/cve/CVE-2025-38350"
},
{
"category": "external",
"summary": "SUSE Bug 1246781 for CVE-2025-38350",
"url": "https://bugzilla.suse.com/1246781"
},
{
"category": "external",
"summary": "SUSE Bug 1247043 for CVE-2025-38350",
"url": "https://bugzilla.suse.com/1247043"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38350"
},
{
"cve": "CVE-2025-38351",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38351"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush\n\nIn KVM guests with Hyper-V hypercalls enabled, the hypercalls\nHVCALL_FLUSH_VIRTUAL_ADDRESS_LIST and HVCALL_FLUSH_VIRTUAL_ADDRESS_LIST_EX\nallow a guest to request invalidation of portions of a virtual TLB.\nFor this, the hypercall parameter includes a list of GVAs that are supposed\nto be invalidated.\n\nHowever, when non-canonical GVAs are passed, there is currently no\nfiltering in place and they are eventually passed to checked invocations of\nINVVPID on Intel / INVLPGA on AMD. While AMD\u0027s INVLPGA silently ignores\nnon-canonical addresses (effectively a no-op), Intel\u0027s INVVPID explicitly\nsignals VM-Fail and ultimately triggers the WARN_ONCE in invvpid_error():\n\n invvpid failed: ext=0x0 vpid=1 gva=0xaaaaaaaaaaaaa000\n WARNING: CPU: 6 PID: 326 at arch/x86/kvm/vmx/vmx.c:482\n invvpid_error+0x91/0xa0 [kvm_intel]\n Modules linked in: kvm_intel kvm 9pnet_virtio irqbypass fuse\n CPU: 6 UID: 0 PID: 326 Comm: kvm-vm Not tainted 6.15.0 #14 PREEMPT(voluntary)\n RIP: 0010:invvpid_error+0x91/0xa0 [kvm_intel]\n Call Trace:\n vmx_flush_tlb_gva+0x320/0x490 [kvm_intel]\n kvm_hv_vcpu_flush_tlb+0x24f/0x4f0 [kvm]\n kvm_arch_vcpu_ioctl_run+0x3013/0x5810 [kvm]\n\nHyper-V documents that invalid GVAs (those that are beyond a partition\u0027s\nGVA space) are to be ignored. While not completely clear whether this\nruling also applies to non-canonical GVAs, it is likely fine to make that\nassumption, and manual testing on Azure confirms \"real\" Hyper-V interprets\nthe specification in the same way.\n\nSkip non-canonical GVAs when processing the list of address to avoid\ntripping the INVVPID failure. Alternatively, KVM could filter out \"bad\"\nGVAs before inserting into the FIFO, but practically speaking the only\ndownside of pushing validation to the final processing is that doing so\nis suboptimal for the guest, and no well-behaved guest will request TLB\nflushes for non-canonical addresses.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38351",
"url": "https://www.suse.com/security/cve/CVE-2025-38351"
},
{
"category": "external",
"summary": "SUSE Bug 1246782 for CVE-2025-38351",
"url": "https://bugzilla.suse.com/1246782"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38351"
},
{
"cve": "CVE-2025-38352",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38352"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nposix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()\n\nIf an exiting non-autoreaping task has already passed exit_notify() and\ncalls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent\nor debugger right after unlock_task_sighand().\n\nIf a concurrent posix_cpu_timer_del() runs at that moment, it won\u0027t be\nable to detect timer-\u003eit.cpu.firing != 0: cpu_timer_task_rcu() and/or\nlock_task_sighand() will fail.\n\nAdd the tsk-\u003eexit_state check into run_posix_cpu_timers() to fix this.\n\nThis fix is not needed if CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y, because\nexit_task_work() is called before exit_notify(). But the check still\nmakes sense, task_work_add(\u0026tsk-\u003eposix_cputimers_work.work) will fail\nanyway in this case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38352",
"url": "https://www.suse.com/security/cve/CVE-2025-38352"
},
{
"category": "external",
"summary": "SUSE Bug 1246911 for CVE-2025-38352",
"url": "https://bugzilla.suse.com/1246911"
},
{
"category": "external",
"summary": "SUSE Bug 1249205 for CVE-2025-38352",
"url": "https://bugzilla.suse.com/1249205"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38352"
},
{
"cve": "CVE-2025-38353",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38353"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix taking invalid lock on wedge\n\nIf device wedges on e.g. GuC upload, the submission is not yet enabled\nand the state is not even initialized. Protect the wedge call so it does\nnothing in this case. It fixes the following splat:\n\n\t[] xe 0000:bf:00.0: [drm] device wedged, needs recovery\n\t[] ------------[ cut here ]------------\n\t[] DEBUG_LOCKS_WARN_ON(lock-\u003emagic != lock)\n\t[] WARNING: CPU: 48 PID: 312 at kernel/locking/mutex.c:564 __mutex_lock+0x8a1/0xe60\n\t...\n\t[] RIP: 0010:__mutex_lock+0x8a1/0xe60\n\t[] mutex_lock_nested+0x1b/0x30\n\t[] xe_guc_submit_wedge+0x80/0x2b0 [xe]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38353",
"url": "https://www.suse.com/security/cve/CVE-2025-38353"
},
{
"category": "external",
"summary": "SUSE Bug 1247265 for CVE-2025-38353",
"url": "https://bugzilla.suse.com/1247265"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38353"
},
{
"cve": "CVE-2025-38354",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38354"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/gpu: Fix crash when throttling GPU immediately during boot\n\nThere is a small chance that the GPU is already hot during boot. In that\ncase, the call to of_devfreq_cooling_register() will immediately try to\napply devfreq cooling, as seen in the following crash:\n\n Unable to handle kernel paging request at virtual address 0000000000014110\n pc : a6xx_gpu_busy+0x1c/0x58 [msm]\n lr : msm_devfreq_get_dev_status+0xbc/0x140 [msm]\n Call trace:\n a6xx_gpu_busy+0x1c/0x58 [msm] (P)\n devfreq_simple_ondemand_func+0x3c/0x150\n devfreq_update_target+0x44/0xd8\n qos_max_notifier_call+0x30/0x84\n blocking_notifier_call_chain+0x6c/0xa0\n pm_qos_update_target+0xd0/0x110\n freq_qos_apply+0x3c/0x74\n apply_constraint+0x88/0x148\n __dev_pm_qos_update_request+0x7c/0xcc\n dev_pm_qos_update_request+0x38/0x5c\n devfreq_cooling_set_cur_state+0x98/0xf0\n __thermal_cdev_update+0x64/0xb4\n thermal_cdev_update+0x4c/0x58\n step_wise_manage+0x1f0/0x318\n __thermal_zone_device_update+0x278/0x424\n __thermal_cooling_device_register+0x2bc/0x308\n thermal_of_cooling_device_register+0x10/0x1c\n of_devfreq_cooling_register_power+0x240/0x2bc\n of_devfreq_cooling_register+0x14/0x20\n msm_devfreq_init+0xc4/0x1a0 [msm]\n msm_gpu_init+0x304/0x574 [msm]\n adreno_gpu_init+0x1c4/0x2e0 [msm]\n a6xx_gpu_init+0x5c8/0x9c8 [msm]\n adreno_bind+0x2a8/0x33c [msm]\n ...\n\nAt this point we haven\u0027t initialized the GMU at all yet, so we cannot read\nthe GMU registers inside a6xx_gpu_busy(). A similar issue was fixed before\nin commit 6694482a70e9 (\"drm/msm: Avoid unclocked GMU register access in\n6xx gpu_busy\"): msm_devfreq_init() does call devfreq_suspend_device(), but\nunlike msm_devfreq_suspend(), it doesn\u0027t set the df-\u003esuspended flag\naccordingly. This means the df-\u003esuspended flag does not match the actual\ndevfreq state after initialization and msm_devfreq_get_dev_status() will\nend up accessing GMU registers, causing the crash.\n\nFix this by setting df-\u003esuspended correctly during initialization.\n\nPatchwork: https://patchwork.freedesktop.org/patch/650772/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38354",
"url": "https://www.suse.com/security/cve/CVE-2025-38354"
},
{
"category": "external",
"summary": "SUSE Bug 1247061 for CVE-2025-38354",
"url": "https://bugzilla.suse.com/1247061"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38354"
},
{
"cve": "CVE-2025-38355",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38355"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Process deferred GGTT node removals on device unwind\n\nWhile we are indirectly draining our dedicated workqueue ggtt-\u003ewq\nthat we use to complete asynchronous removal of some GGTT nodes,\nthis happends as part of the managed-drm unwinding (ggtt_fini_early),\nwhich could be later then manage-device unwinding, where we could\nalready unmap our MMIO/GMS mapping (mmio_fini).\n\nThis was recently observed during unsuccessful VF initialization:\n\n [ ] xe 0000:00:02.1: probe with driver xe failed with error -62\n [ ] xe 0000:00:02.1: DEVRES REL ffff88811e747340 __xe_bo_unpin_map_no_vm (16 bytes)\n [ ] xe 0000:00:02.1: DEVRES REL ffff88811e747540 __xe_bo_unpin_map_no_vm (16 bytes)\n [ ] xe 0000:00:02.1: DEVRES REL ffff88811e747240 __xe_bo_unpin_map_no_vm (16 bytes)\n [ ] xe 0000:00:02.1: DEVRES REL ffff88811e747040 tiles_fini (16 bytes)\n [ ] xe 0000:00:02.1: DEVRES REL ffff88811e746840 mmio_fini (16 bytes)\n [ ] xe 0000:00:02.1: DEVRES REL ffff88811e747f40 xe_bo_pinned_fini (16 bytes)\n [ ] xe 0000:00:02.1: DEVRES REL ffff88811e746b40 devm_drm_dev_init_release (16 bytes)\n [ ] xe 0000:00:02.1: [drm:drm_managed_release] drmres release begin\n [ ] xe 0000:00:02.1: [drm:drm_managed_release] REL ffff88810ef81640 __fini_relay (8 bytes)\n [ ] xe 0000:00:02.1: [drm:drm_managed_release] REL ffff88810ef80d40 guc_ct_fini (8 bytes)\n [ ] xe 0000:00:02.1: [drm:drm_managed_release] REL ffff88810ef80040 __drmm_mutex_release (8 bytes)\n [ ] xe 0000:00:02.1: [drm:drm_managed_release] REL ffff88810ef80140 ggtt_fini_early (8 bytes)\n\nand this was leading to:\n\n [ ] BUG: unable to handle page fault for address: ffffc900058162a0\n [ ] #PF: supervisor write access in kernel mode\n [ ] #PF: error_code(0x0002) - not-present page\n [ ] Oops: Oops: 0002 [#1] SMP NOPTI\n [ ] Tainted: [W]=WARN\n [ ] Workqueue: xe-ggtt-wq ggtt_node_remove_work_func [xe]\n [ ] RIP: 0010:xe_ggtt_set_pte+0x6d/0x350 [xe]\n [ ] Call Trace:\n [ ] \u003cTASK\u003e\n [ ] xe_ggtt_clear+0xb0/0x270 [xe]\n [ ] ggtt_node_remove+0xbb/0x120 [xe]\n [ ] ggtt_node_remove_work_func+0x30/0x50 [xe]\n [ ] process_one_work+0x22b/0x6f0\n [ ] worker_thread+0x1e8/0x3d\n\nAdd managed-device action that will explicitly drain the workqueue\nwith all pending node removals prior to releasing MMIO/GSM mapping.\n\n(cherry picked from commit 89d2835c3680ab1938e22ad81b1c9f8c686bd391)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38355",
"url": "https://www.suse.com/security/cve/CVE-2025-38355"
},
{
"category": "external",
"summary": "SUSE Bug 1247062 for CVE-2025-38355",
"url": "https://bugzilla.suse.com/1247062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38355"
},
{
"cve": "CVE-2025-38356",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38356"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/guc: Explicitly exit CT safe mode on unwind\n\nDuring driver probe we might be briefly using CT safe mode, which\nis based on a delayed work, but usually we are able to stop this\nonce we have IRQ fully operational. However, if we abort the probe\nquite early then during unwind we might try to destroy the workqueue\nwhile there is still a pending delayed work that attempts to restart\nitself which triggers a WARN.\n\nThis was recently observed during unsuccessful VF initialization:\n\n [ ] xe 0000:00:02.1: probe with driver xe failed with error -62\n [ ] ------------[ cut here ]------------\n [ ] workqueue: cannot queue safe_mode_worker_func [xe] on wq xe-g2h-wq\n [ ] WARNING: CPU: 9 PID: 0 at kernel/workqueue.c:2257 __queue_work+0x287/0x710\n [ ] RIP: 0010:__queue_work+0x287/0x710\n [ ] Call Trace:\n [ ] delayed_work_timer_fn+0x19/0x30\n [ ] call_timer_fn+0xa1/0x2a0\n\nExit the CT safe mode on unwind to avoid that warning.\n\n(cherry picked from commit 2ddbb73ec20b98e70a5200cb85deade22ccea2ec)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38356",
"url": "https://www.suse.com/security/cve/CVE-2025-38356"
},
{
"category": "external",
"summary": "SUSE Bug 1247064 for CVE-2025-38356",
"url": "https://bugzilla.suse.com/1247064"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38356"
},
{
"cve": "CVE-2025-38359",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38359"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/mm: Fix in_atomic() handling in do_secure_storage_access()\n\nKernel user spaces accesses to not exported pages in atomic context\nincorrectly try to resolve the page fault.\nWith debug options enabled call traces like this can be seen:\n\nBUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1523\nin_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 419074, name: qemu-system-s39\npreempt_count: 1, expected: 0\nRCU nest depth: 0, expected: 0\nINFO: lockdep is turned off.\nPreemption disabled at:\n[\u003c00000383ea47cfa2\u003e] copy_page_from_iter_atomic+0xa2/0x8a0\nCPU: 12 UID: 0 PID: 419074 Comm: qemu-system-s39\nTainted: G W 6.16.0-20250531.rc0.git0.69b3a602feac.63.fc42.s390x+debug #1 PREEMPT\nTainted: [W]=WARN\nHardware name: IBM 3931 A01 703 (LPAR)\nCall Trace:\n [\u003c00000383e990d282\u003e] dump_stack_lvl+0xa2/0xe8\n [\u003c00000383e99bf152\u003e] __might_resched+0x292/0x2d0\n [\u003c00000383eaa7c374\u003e] down_read+0x34/0x2d0\n [\u003c00000383e99432f8\u003e] do_secure_storage_access+0x108/0x360\n [\u003c00000383eaa724b0\u003e] __do_pgm_check+0x130/0x220\n [\u003c00000383eaa842e4\u003e] pgm_check_handler+0x114/0x160\n [\u003c00000383ea47d028\u003e] copy_page_from_iter_atomic+0x128/0x8a0\n([\u003c00000383ea47d016\u003e] copy_page_from_iter_atomic+0x116/0x8a0)\n [\u003c00000383e9c45eae\u003e] generic_perform_write+0x16e/0x310\n [\u003c00000383e9eb87f4\u003e] ext4_buffered_write_iter+0x84/0x160\n [\u003c00000383e9da0de4\u003e] vfs_write+0x1c4/0x460\n [\u003c00000383e9da123c\u003e] ksys_write+0x7c/0x100\n [\u003c00000383eaa7284e\u003e] __do_syscall+0x15e/0x280\n [\u003c00000383eaa8417e\u003e] system_call+0x6e/0x90\nINFO: lockdep is turned off.\n\nIt is not allowed to take the mmap_lock while in atomic context. Therefore\nhandle such a secure storage access fault as if the accessed page is not\nmapped: the uaccess function will return -EFAULT, and the caller has to\ndeal with this. Usually this means that the access is retried in process\ncontext, which allows to resolve the page fault (or in this case export the\npage).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38359",
"url": "https://www.suse.com/security/cve/CVE-2025-38359"
},
{
"category": "external",
"summary": "SUSE Bug 1247076 for CVE-2025-38359",
"url": "https://bugzilla.suse.com/1247076"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38359"
},
{
"cve": "CVE-2025-38360",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38360"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add more checks for DSC / HUBP ONO guarantees\n\n[WHY]\nFor non-zero DSC instances it\u0027s possible that the HUBP domain required\nto drive it for sequential ONO ASICs isn\u0027t met, potentially causing\nthe logic to the tile to enter an undefined state leading to a system\nhang.\n\n[HOW]\nAdd more checks to ensure that the HUBP domain matching the DSC instance\nis appropriately powered.\n\n(cherry picked from commit da63df07112e5a9857a8d2aaa04255c4206754ec)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38360",
"url": "https://www.suse.com/security/cve/CVE-2025-38360"
},
{
"category": "external",
"summary": "SUSE Bug 1247078 for CVE-2025-38360",
"url": "https://bugzilla.suse.com/1247078"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38360"
},
{
"cve": "CVE-2025-38361",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38361"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check dce_hwseq before dereferencing it\n\n[WHAT]\n\nhws was checked for null earlier in dce110_blank_stream, indicating hws\ncan be null, and should be checked whenever it is used.\n\n(cherry picked from commit 79db43611ff61280b6de58ce1305e0b2ecf675ad)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38361",
"url": "https://www.suse.com/security/cve/CVE-2025-38361"
},
{
"category": "external",
"summary": "SUSE Bug 1247079 for CVE-2025-38361",
"url": "https://bugzilla.suse.com/1247079"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38361"
},
{
"cve": "CVE-2025-38362",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38362"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null pointer check for get_first_active_display()\n\nThe function mod_hdcp_hdcp1_enable_encryption() calls the function\nget_first_active_display(), but does not check its return value.\nThe return value is a null pointer if the display list is empty.\nThis will lead to a null pointer dereference in\nmod_hdcp_hdcp2_enable_encryption().\n\nAdd a null pointer check for get_first_active_display() and return\nMOD_HDCP_STATUS_DISPLAY_NOT_FOUND if the function return null.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38362",
"url": "https://www.suse.com/security/cve/CVE-2025-38362"
},
{
"category": "external",
"summary": "SUSE Bug 1247089 for CVE-2025-38362",
"url": "https://bugzilla.suse.com/1247089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38362"
},
{
"cve": "CVE-2025-38363",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38363"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/tegra: Fix a possible null pointer dereference\n\nIn tegra_crtc_reset(), new memory is allocated with kzalloc(), but\nno check is performed. Before calling __drm_atomic_helper_crtc_reset,\nstate should be checked to prevent possible null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38363",
"url": "https://www.suse.com/security/cve/CVE-2025-38363"
},
{
"category": "external",
"summary": "SUSE Bug 1247018 for CVE-2025-38363",
"url": "https://bugzilla.suse.com/1247018"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38363"
},
{
"cve": "CVE-2025-38364",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38364"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmaple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate()\n\nTemporarily clear the preallocation flag when explicitly requesting\nallocations. Pre-existing allocations are already counted against the\nrequest through mas_node_count_gfp(), but the allocations will not happen\nif the MA_STATE_PREALLOC flag is set. This flag is meant to avoid\nre-allocating in bulk allocation mode, and to detect issues with\npreallocation calculations.\n\nThe MA_STATE_PREALLOC flag should also always be set on zero allocations\nso that detection of underflow allocations will print a WARN_ON() during\nconsumption.\n\nUser visible effect of this flaw is a WARN_ON() followed by a null pointer\ndereference when subsequent requests for larger number of nodes is\nignored, such as the vma merge retry in mmap_region() caused by drivers\naltering the vma flags (which happens in v6.6, at least)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38364",
"url": "https://www.suse.com/security/cve/CVE-2025-38364"
},
{
"category": "external",
"summary": "SUSE Bug 1247091 for CVE-2025-38364",
"url": "https://bugzilla.suse.com/1247091"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38364"
},
{
"cve": "CVE-2025-38365",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38365"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix a race between renames and directory logging\n\nWe have a race between a rename and directory inode logging that if it\nhappens and we crash/power fail before the rename completes, the next time\nthe filesystem is mounted, the log replay code will end up deleting the\nfile that was being renamed.\n\nThis is best explained following a step by step analysis of an interleaving\nof steps that lead into this situation.\n\nConsider the initial conditions:\n\n1) We are at transaction N;\n\n2) We have directories A and B created in a past transaction (\u003c N);\n\n3) We have inode X corresponding to a file that has 2 hardlinks, one in\n directory A and the other in directory B, so we\u0027ll name them as\n \"A/foo_link1\" and \"B/foo_link2\". Both hard links were persisted in a\n past transaction (\u003c N);\n\n4) We have inode Y corresponding to a file that as a single hard link and\n is located in directory A, we\u0027ll name it as \"A/bar\". This file was also\n persisted in a past transaction (\u003c N).\n\nThe steps leading to a file loss are the following and for all of them we\nare under transaction N:\n\n 1) Link \"A/foo_link1\" is removed, so inode\u0027s X last_unlink_trans field\n is updated to N, through btrfs_unlink() -\u003e btrfs_record_unlink_dir();\n\n 2) Task A starts a rename for inode Y, with the goal of renaming from\n \"A/bar\" to \"A/baz\", so we enter btrfs_rename();\n\n 3) Task A inserts the new BTRFS_INODE_REF_KEY for inode Y by calling\n btrfs_insert_inode_ref();\n\n 4) Because the rename happens in the same directory, we don\u0027t set the\n last_unlink_trans field of directoty A\u0027s inode to the current\n transaction id, that is, we don\u0027t cal btrfs_record_unlink_dir();\n\n 5) Task A then removes the entries from directory A (BTRFS_DIR_ITEM_KEY\n and BTRFS_DIR_INDEX_KEY items) when calling __btrfs_unlink_inode()\n (actually the dir index item is added as a delayed item, but the\n effect is the same);\n\n 6) Now before task A adds the new entry \"A/baz\" to directory A by\n calling btrfs_add_link(), another task, task B is logging inode X;\n\n 7) Task B starts a fsync of inode X and after logging inode X, at\n btrfs_log_inode_parent() it calls btrfs_log_all_parents(), since\n inode X has a last_unlink_trans value of N, set at in step 1;\n\n 8) At btrfs_log_all_parents() we search for all parent directories of\n inode X using the commit root, so we find directories A and B and log\n them. Bu when logging direct A, we don\u0027t have a dir index item for\n inode Y anymore, neither the old name \"A/bar\" nor for the new name\n \"A/baz\" since the rename has deleted the old name but has not yet\n inserted the new name - task A hasn\u0027t called yet btrfs_add_link() to\n do that.\n\n Note that logging directory A doesn\u0027t fallback to a transaction\n commit because its last_unlink_trans has a lower value than the\n current transaction\u0027s id (see step 4);\n\n 9) Task B finishes logging directories A and B and gets back to\n btrfs_sync_file() where it calls btrfs_sync_log() to persist the log\n tree;\n\n10) Task B successfully persisted the log tree, btrfs_sync_log() completed\n with success, and a power failure happened.\n\n We have a log tree without any directory entry for inode Y, so the\n log replay code deletes the entry for inode Y, name \"A/bar\", from the\n subvolume tree since it doesn\u0027t exist in the log tree and the log\n tree is authorative for its index (we logged a BTRFS_DIR_LOG_INDEX_KEY\n item that covers the index range for the dentry that corresponds to\n \"A/bar\").\n\n Since there\u0027s no other hard link for inode Y and the log replay code\n deletes the name \"A/bar\", the file is lost.\n\nThe issue wouldn\u0027t happen if task B synced the log only after task A\ncalled btrfs_log_new_name(), which would update the log with the new name\nfor inode Y (\"A/bar\").\n\nFix this by pinning the log root during renames before removing the old\ndirectory entry, and unpinning af\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38365",
"url": "https://www.suse.com/security/cve/CVE-2025-38365"
},
{
"category": "external",
"summary": "SUSE Bug 1247023 for CVE-2025-38365",
"url": "https://bugzilla.suse.com/1247023"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38365"
},
{
"cve": "CVE-2025-38368",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38368"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: tps6594-pfsm: Add NULL pointer check in tps6594_pfsm_probe()\n\nThe returned value, pfsm-\u003emiscdev.name, from devm_kasprintf()\ncould be NULL.\nA pointer check is added to prevent potential NULL pointer dereference.\nThis is similar to the fix in commit 3027e7b15b02\n(\"ice: Fix some null pointer dereference issues in ice_ptp.c\").\n\nThis issue is found by our static analysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38368",
"url": "https://www.suse.com/security/cve/CVE-2025-38368"
},
{
"category": "external",
"summary": "SUSE Bug 1247022 for CVE-2025-38368",
"url": "https://bugzilla.suse.com/1247022"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38368"
},
{
"cve": "CVE-2025-38369",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38369"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using\n\nRunning IDXD workloads in a container with the /dev directory mounted can\ntrigger a call trace or even a kernel panic when the parent process of the\ncontainer is terminated.\n\nThis issue occurs because, under certain configurations, Docker does not\nproperly propagate the mount replica back to the original mount point.\n\nIn this case, when the user driver detaches, the WQ is destroyed but it\nstill calls destroy_workqueue() attempting to completes all pending work.\nIt\u0027s necessary to check wq-\u003ewq and skip the drain if it no longer exists.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38369",
"url": "https://www.suse.com/security/cve/CVE-2025-38369"
},
{
"category": "external",
"summary": "SUSE Bug 1247209 for CVE-2025-38369",
"url": "https://bugzilla.suse.com/1247209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38369"
},
{
"cve": "CVE-2025-38371",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38371"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Disable interrupts before resetting the GPU\n\nCurrently, an interrupt can be triggered during a GPU reset, which can\nlead to GPU hangs and NULL pointer dereference in an interrupt context\nas shown in the following trace:\n\n [ 314.035040] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000c0\n [ 314.043822] Mem abort info:\n [ 314.046606] ESR = 0x0000000096000005\n [ 314.050347] EC = 0x25: DABT (current EL), IL = 32 bits\n [ 314.055651] SET = 0, FnV = 0\n [ 314.058695] EA = 0, S1PTW = 0\n [ 314.061826] FSC = 0x05: level 1 translation fault\n [ 314.066694] Data abort info:\n [ 314.069564] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n [ 314.075039] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n [ 314.080080] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n [ 314.085382] user pgtable: 4k pages, 39-bit VAs, pgdp=0000000102728000\n [ 314.091814] [00000000000000c0] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n [ 314.100511] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n [ 314.106770] Modules linked in: v3d i2c_brcmstb vc4 snd_soc_hdmi_codec gpu_sched drm_shmem_helper drm_display_helper cec drm_dma_helper drm_kms_helper drm drm_panel_orientation_quirks snd_soc_core snd_compress snd_pcm_dmaengine snd_pcm snd_timer snd backlight\n [ 314.129654] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.25+rpt-rpi-v8 #1 Debian 1:6.12.25-1+rpt1\n [ 314.139388] Hardware name: Raspberry Pi 4 Model B Rev 1.4 (DT)\n [ 314.145211] pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n [ 314.152165] pc : v3d_irq+0xec/0x2e0 [v3d]\n [ 314.156187] lr : v3d_irq+0xe0/0x2e0 [v3d]\n [ 314.160198] sp : ffffffc080003ea0\n [ 314.163502] x29: ffffffc080003ea0 x28: ffffffec1f184980 x27: 021202b000000000\n [ 314.170633] x26: ffffffec1f17f630 x25: ffffff8101372000 x24: ffffffec1f17d9f0\n [ 314.177764] x23: 000000000000002a x22: 000000000000002a x21: ffffff8103252000\n [ 314.184895] x20: 0000000000000001 x19: 00000000deadbeef x18: 0000000000000000\n [ 314.192026] x17: ffffff94e51d2000 x16: ffffffec1dac3cb0 x15: c306000000000000\n [ 314.199156] x14: 0000000000000000 x13: b2fc982e03cc5168 x12: 0000000000000001\n [ 314.206286] x11: ffffff8103f8bcc0 x10: ffffffec1f196868 x9 : ffffffec1dac3874\n [ 314.213416] x8 : 0000000000000000 x7 : 0000000000042a3a x6 : ffffff810017a180\n [ 314.220547] x5 : ffffffec1ebad400 x4 : ffffffec1ebad320 x3 : 00000000000bebeb\n [ 314.227677] x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000\n [ 314.234807] Call trace:\n [ 314.237243] v3d_irq+0xec/0x2e0 [v3d]\n [ 314.240906] __handle_irq_event_percpu+0x58/0x218\n [ 314.245609] handle_irq_event+0x54/0xb8\n [ 314.249439] handle_fasteoi_irq+0xac/0x240\n [ 314.253527] handle_irq_desc+0x48/0x68\n [ 314.257269] generic_handle_domain_irq+0x24/0x38\n [ 314.261879] gic_handle_irq+0x48/0xd8\n [ 314.265533] call_on_irq_stack+0x24/0x58\n [ 314.269448] do_interrupt_handler+0x88/0x98\n [ 314.273624] el1_interrupt+0x34/0x68\n [ 314.277193] el1h_64_irq_handler+0x18/0x28\n [ 314.281281] el1h_64_irq+0x64/0x68\n [ 314.284673] default_idle_call+0x3c/0x168\n [ 314.288675] do_idle+0x1fc/0x230\n [ 314.291895] cpu_startup_entry+0x3c/0x50\n [ 314.295810] rest_init+0xe4/0xf0\n [ 314.299030] start_kernel+0x5e8/0x790\n [ 314.302684] __primary_switched+0x80/0x90\n [ 314.306691] Code: 940029eb 360ffc13 f9442ea0 52800001 (f9406017)\n [ 314.312775] ---[ end trace 0000000000000000 ]---\n [ 314.317384] Kernel panic - not syncing: Oops: Fatal exception in interrupt\n [ 314.324249] SMP: stopping secondary CPUs\n [ 314.328167] Kernel Offset: 0x2b9da00000 from 0xffffffc080000000\n [ 314.334076] PHYS_OFFSET: 0x0\n [ 314.336946] CPU features: 0x08,00002013,c0200000,0200421b\n [ 314.342337] Memory Limit: none\n [ 314.345382] ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---\n\nBefore resetting the G\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38371",
"url": "https://www.suse.com/security/cve/CVE-2025-38371"
},
{
"category": "external",
"summary": "SUSE Bug 1247178 for CVE-2025-38371",
"url": "https://bugzilla.suse.com/1247178"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38371"
},
{
"cve": "CVE-2025-38372",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38372"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix unsafe xarray access in implicit ODP handling\n\n__xa_store() and __xa_erase() were used without holding the proper lock,\nwhich led to a lockdep warning due to unsafe RCU usage. This patch\nreplaces them with xa_store() and xa_erase(), which perform the necessary\nlocking internally.\n\n =============================\n WARNING: suspicious RCPU usage\n 6.14.0-rc7_for_upstream_debug_2025_03_18_15_01 #1 Not tainted\n -----------------------------\n ./include/linux/xarray.h:1211 suspicious rcu_dereference_protected() usage!\n\n other info that might help us debug this:\n\n rcu_scheduler_active = 2, debug_locks = 1\n 3 locks held by kworker/u136:0/219:\n at: process_one_work+0xbe4/0x15f0\n process_one_work+0x75c/0x15f0\n pagefault_mr+0x9a5/0x1390 [mlx5_ib]\n\n stack backtrace:\n CPU: 14 UID: 0 PID: 219 Comm: kworker/u136:0 Not tainted\n 6.14.0-rc7_for_upstream_debug_2025_03_18_15_01 #1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS\n rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\n Workqueue: mlx5_ib_page_fault mlx5_ib_eqe_pf_action [mlx5_ib]\n Call Trace:\n dump_stack_lvl+0xa8/0xc0\n lockdep_rcu_suspicious+0x1e6/0x260\n xas_create+0xb8a/0xee0\n xas_store+0x73/0x14c0\n __xa_store+0x13c/0x220\n ? xa_store_range+0x390/0x390\n ? spin_bug+0x1d0/0x1d0\n pagefault_mr+0xcb5/0x1390 [mlx5_ib]\n ? _raw_spin_unlock+0x1f/0x30\n mlx5_ib_eqe_pf_action+0x3be/0x2620 [mlx5_ib]\n ? lockdep_hardirqs_on_prepare+0x400/0x400\n ? mlx5_ib_invalidate_range+0xcb0/0xcb0 [mlx5_ib]\n process_one_work+0x7db/0x15f0\n ? pwq_dec_nr_in_flight+0xda0/0xda0\n ? assign_work+0x168/0x240\n worker_thread+0x57d/0xcd0\n ? rescuer_thread+0xc40/0xc40\n kthread+0x3b3/0x800\n ? kthread_is_per_cpu+0xb0/0xb0\n ? lock_downgrade+0x680/0x680\n ? do_raw_spin_lock+0x12d/0x270\n ? spin_bug+0x1d0/0x1d0\n ? finish_task_switch.isra.0+0x284/0x9e0\n ? lockdep_hardirqs_on_prepare+0x284/0x400\n ? kthread_is_per_cpu+0xb0/0xb0\n ret_from_fork+0x2d/0x70\n ? kthread_is_per_cpu+0xb0/0xb0\n ret_from_fork_asm+0x11/0x20",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38372",
"url": "https://www.suse.com/security/cve/CVE-2025-38372"
},
{
"category": "external",
"summary": "SUSE Bug 1247020 for CVE-2025-38372",
"url": "https://bugzilla.suse.com/1247020"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38372"
},
{
"cve": "CVE-2025-38373",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38373"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/mlx5: Fix potential deadlock in MR deregistration\n\nThe issue arises when kzalloc() is invoked while holding umem_mutex or\nany other lock acquired under umem_mutex. This is problematic because\nkzalloc() can trigger fs_reclaim_aqcuire(), which may, in turn, invoke\nmmu_notifier_invalidate_range_start(). This function can lead to\nmlx5_ib_invalidate_range(), which attempts to acquire umem_mutex again,\nresulting in a deadlock.\n\nThe problematic flow:\n CPU0 | CPU1\n---------------------------------------|------------------------------------------------\nmlx5_ib_dereg_mr() |\n -\u003e revoke_mr() |\n -\u003e mutex_lock(\u0026umem_odp-\u003eumem_mutex) |\n | mlx5_mkey_cache_init()\n | -\u003e mutex_lock(\u0026dev-\u003ecache.rb_lock)\n | -\u003e mlx5r_cache_create_ent_locked()\n | -\u003e kzalloc(GFP_KERNEL)\n | -\u003e fs_reclaim()\n | -\u003e mmu_notifier_invalidate_range_start()\n | -\u003e mlx5_ib_invalidate_range()\n | -\u003e mutex_lock(\u0026umem_odp-\u003eumem_mutex)\n -\u003e cache_ent_find_and_store() |\n -\u003e mutex_lock(\u0026dev-\u003ecache.rb_lock) |\n\nAdditionally, when kzalloc() is called from within\ncache_ent_find_and_store(), we encounter the same deadlock due to\nre-acquisition of umem_mutex.\n\nSolve by releasing umem_mutex in dereg_mr() after umr_revoke_mr()\nand before acquiring rb_lock. This ensures that we don\u0027t hold\numem_mutex while performing memory allocations that could trigger\nthe reclaim path.\n\nThis change prevents the deadlock by ensuring proper lock ordering and\navoiding holding locks during memory allocation operations that could\ntrigger the reclaim path.\n\nThe following lockdep warning demonstrates the deadlock:\n\n python3/20557 is trying to acquire lock:\n ffff888387542128 (\u0026umem_odp-\u003eumem_mutex){+.+.}-{4:4}, at:\n mlx5_ib_invalidate_range+0x5b/0x550 [mlx5_ib]\n\n but task is already holding lock:\n ffffffff82f6b840 (mmu_notifier_invalidate_range_start){+.+.}-{0:0}, at:\n unmap_vmas+0x7b/0x1a0\n\n which lock already depends on the new lock.\n\n the existing dependency chain (in reverse order) is:\n\n -\u003e #3 (mmu_notifier_invalidate_range_start){+.+.}-{0:0}:\n fs_reclaim_acquire+0x60/0xd0\n mem_cgroup_css_alloc+0x6f/0x9b0\n cgroup_init_subsys+0xa4/0x240\n cgroup_init+0x1c8/0x510\n start_kernel+0x747/0x760\n x86_64_start_reservations+0x25/0x30\n x86_64_start_kernel+0x73/0x80\n common_startup_64+0x129/0x138\n\n -\u003e #2 (fs_reclaim){+.+.}-{0:0}:\n fs_reclaim_acquire+0x91/0xd0\n __kmalloc_cache_noprof+0x4d/0x4c0\n mlx5r_cache_create_ent_locked+0x75/0x620 [mlx5_ib]\n mlx5_mkey_cache_init+0x186/0x360 [mlx5_ib]\n mlx5_ib_stage_post_ib_reg_umr_init+0x3c/0x60 [mlx5_ib]\n __mlx5_ib_add+0x4b/0x190 [mlx5_ib]\n mlx5r_probe+0xd9/0x320 [mlx5_ib]\n auxiliary_bus_probe+0x42/0x70\n really_probe+0xdb/0x360\n __driver_probe_device+0x8f/0x130\n driver_probe_device+0x1f/0xb0\n __driver_attach+0xd4/0x1f0\n bus_for_each_dev+0x79/0xd0\n bus_add_driver+0xf0/0x200\n driver_register+0x6e/0xc0\n __auxiliary_driver_register+0x6a/0xc0\n do_one_initcall+0x5e/0x390\n do_init_module+0x88/0x240\n init_module_from_file+0x85/0xc0\n idempotent_init_module+0x104/0x300\n __x64_sys_finit_module+0x68/0xc0\n do_syscall_64+0x6d/0x140\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n -\u003e #1 (\u0026dev-\u003ecache.rb_lock){+.+.}-{4:4}:\n __mutex_lock+0x98/0xf10\n __mlx5_ib_dereg_mr+0x6f2/0x890 [mlx5_ib]\n mlx5_ib_dereg_mr+0x21/0x110 [mlx5_ib]\n ib_dereg_mr_user+0x85/0x1f0 [ib_core]\n \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38373",
"url": "https://www.suse.com/security/cve/CVE-2025-38373"
},
{
"category": "external",
"summary": "SUSE Bug 1247033 for CVE-2025-38373",
"url": "https://bugzilla.suse.com/1247033"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38373"
},
{
"cve": "CVE-2025-38374",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38374"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\noptee: ffa: fix sleep in atomic context\n\nThe OP-TEE driver registers the function notif_callback() for FF-A\nnotifications. However, this function is called in an atomic context\nleading to errors like this when processing asynchronous notifications:\n\n | BUG: sleeping function called from invalid context at kernel/locking/mutex.c:258\n | in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 9, name: kworker/0:0\n | preempt_count: 1, expected: 0\n | RCU nest depth: 0, expected: 0\n | CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted 6.14.0-00019-g657536ebe0aa #13\n | Hardware name: linux,dummy-virt (DT)\n | Workqueue: ffa_pcpu_irq_notification notif_pcpu_irq_work_fn\n | Call trace:\n | show_stack+0x18/0x24 (C)\n | dump_stack_lvl+0x78/0x90\n | dump_stack+0x18/0x24\n | __might_resched+0x114/0x170\n | __might_sleep+0x48/0x98\n | mutex_lock+0x24/0x80\n | optee_get_msg_arg+0x7c/0x21c\n | simple_call_with_arg+0x50/0xc0\n | optee_do_bottom_half+0x14/0x20\n | notif_callback+0x3c/0x48\n | handle_notif_callbacks+0x9c/0xe0\n | notif_get_and_handle+0x40/0x88\n | generic_exec_single+0x80/0xc0\n | smp_call_function_single+0xfc/0x1a0\n | notif_pcpu_irq_work_fn+0x2c/0x38\n | process_one_work+0x14c/0x2b4\n | worker_thread+0x2e4/0x3e0\n | kthread+0x13c/0x210\n | ret_from_fork+0x10/0x20\n\nFix this by adding work queue to process the notification in a\nnon-atomic context.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38374",
"url": "https://www.suse.com/security/cve/CVE-2025-38374"
},
{
"category": "external",
"summary": "SUSE Bug 1247024 for CVE-2025-38374",
"url": "https://bugzilla.suse.com/1247024"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38374"
},
{
"cve": "CVE-2025-38375",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38375"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-net: ensure the received length does not exceed allocated size\n\nIn xdp_linearize_page, when reading the following buffers from the ring,\nwe forget to check the received length with the true allocate size. This\ncan lead to an out-of-bound read. This commit adds that missing check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38375",
"url": "https://www.suse.com/security/cve/CVE-2025-38375"
},
{
"category": "external",
"summary": "SUSE Bug 1247177 for CVE-2025-38375",
"url": "https://bugzilla.suse.com/1247177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38375"
},
{
"cve": "CVE-2025-38376",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38376"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: chipidea: udc: disconnect/reconnect from host when do suspend/resume\n\nShawn and John reported a hang issue during system suspend as below:\n\n - USB gadget is enabled as Ethernet\n - There is data transfer over USB Ethernet (scp a big file between host\n and device)\n - Device is going in/out suspend (echo mem \u003e /sys/power/state)\n\nThe root cause is the USB device controller is suspended but the USB bus\nis still active which caused the USB host continues to transfer data with\ndevice and the device continues to queue USB requests (in this case, a\ndelayed TCP ACK packet trigger the issue) after controller is suspended,\nhowever the USB controller clock is already gated off. Then if udc driver\naccess registers after that point, the system will hang.\n\nThe correct way to avoid such issue is to disconnect device from host when\nthe USB bus is not at suspend state. Then the host will receive disconnect\nevent and stop data transfer in time. To continue make USB gadget device\nwork after system resume, this will reconnect device automatically.\n\nTo make usb wakeup work if USB bus is already at suspend state, this will\nkeep connection for it only when USB device controller has enabled wakeup\ncapability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38376",
"url": "https://www.suse.com/security/cve/CVE-2025-38376"
},
{
"category": "external",
"summary": "SUSE Bug 1247176 for CVE-2025-38376",
"url": "https://bugzilla.suse.com/1247176"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38376"
},
{
"cve": "CVE-2025-38377",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38377"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrose: fix dangling neighbour pointers in rose_rt_device_down()\n\nThere are two bugs in rose_rt_device_down() that can cause\nuse-after-free:\n\n1. The loop bound `t-\u003ecount` is modified within the loop, which can\n cause the loop to terminate early and miss some entries.\n\n2. When removing an entry from the neighbour array, the subsequent entries\n are moved up to fill the gap, but the loop index `i` is still\n incremented, causing the next entry to be skipped.\n\nFor example, if a node has three neighbours (A, A, B) with count=3 and A\nis being removed, the second A is not checked.\n\n i=0: (A, A, B) -\u003e (A, B) with count=2\n ^ checked\n i=1: (A, B) -\u003e (A, B) with count=2\n ^ checked (B, not A!)\n i=2: (doesn\u0027t occur because i \u003c count is false)\n\nThis leaves the second A in the array with count=2, but the rose_neigh\nstructure has been freed. Code that accesses these entries assumes that\nthe first `count` entries are valid pointers, causing a use-after-free\nwhen it accesses the dangling pointer.\n\nFix both issues by iterating over the array in reverse order with a fixed\nloop bound. This ensures that all entries are examined and that the removal\nof an entry doesn\u0027t affect subsequent iterations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38377",
"url": "https://www.suse.com/security/cve/CVE-2025-38377"
},
{
"category": "external",
"summary": "SUSE Bug 1247174 for CVE-2025-38377",
"url": "https://bugzilla.suse.com/1247174"
},
{
"category": "external",
"summary": "SUSE Bug 1247175 for CVE-2025-38377",
"url": "https://bugzilla.suse.com/1247175"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38377"
},
{
"cve": "CVE-2025-38380",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38380"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38380",
"url": "https://www.suse.com/security/cve/CVE-2025-38380"
},
{
"category": "external",
"summary": "SUSE Bug 1247028 for CVE-2025-38380",
"url": "https://bugzilla.suse.com/1247028"
},
{
"category": "external",
"summary": "SUSE Bug 1247029 for CVE-2025-38380",
"url": "https://bugzilla.suse.com/1247029"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38380"
},
{
"cve": "CVE-2025-38381",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38381"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: cs40l50-vibra - fix potential NULL dereference in cs40l50_upload_owt()\n\nThe cs40l50_upload_owt() function allocates memory via kmalloc()\nwithout checking for allocation failure, which could lead to a\nNULL pointer dereference.\n\nReturn -ENOMEM in case allocation fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38381",
"url": "https://www.suse.com/security/cve/CVE-2025-38381"
},
{
"category": "external",
"summary": "SUSE Bug 1247027 for CVE-2025-38381",
"url": "https://bugzilla.suse.com/1247027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38381"
},
{
"cve": "CVE-2025-38382",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38382"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix iteration of extrefs during log replay\n\nAt __inode_add_ref() when processing extrefs, if we jump into the next\nlabel we have an undefined value of victim_name.len, since we haven\u0027t\ninitialized it before we did the goto. This results in an invalid memory\naccess in the next iteration of the loop since victim_name.len was not\ninitialized to the length of the name of the current extref.\n\nFix this by initializing victim_name.len with the current extref\u0027s name\nlength.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38382",
"url": "https://www.suse.com/security/cve/CVE-2025-38382"
},
{
"category": "external",
"summary": "SUSE Bug 1247031 for CVE-2025-38382",
"url": "https://bugzilla.suse.com/1247031"
},
{
"category": "external",
"summary": "SUSE Bug 1247032 for CVE-2025-38382",
"url": "https://bugzilla.suse.com/1247032"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38382"
},
{
"cve": "CVE-2025-38383",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38383"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/vmalloc: fix data race in show_numa_info()\n\nThe following data-race was found in show_numa_info():\n\n==================================================================\nBUG: KCSAN: data-race in vmalloc_info_show / vmalloc_info_show\n\nread to 0xffff88800971fe30 of 4 bytes by task 8289 on cpu 0:\n show_numa_info mm/vmalloc.c:4936 [inline]\n vmalloc_info_show+0x5a8/0x7e0 mm/vmalloc.c:5016\n seq_read_iter+0x373/0xb40 fs/seq_file.c:230\n proc_reg_read_iter+0x11e/0x170 fs/proc/inode.c:299\n....\n\nwrite to 0xffff88800971fe30 of 4 bytes by task 8287 on cpu 1:\n show_numa_info mm/vmalloc.c:4934 [inline]\n vmalloc_info_show+0x38f/0x7e0 mm/vmalloc.c:5016\n seq_read_iter+0x373/0xb40 fs/seq_file.c:230\n proc_reg_read_iter+0x11e/0x170 fs/proc/inode.c:299\n....\n\nvalue changed: 0x0000008f -\u003e 0x00000000\n==================================================================\n\nAccording to this report,there is a read/write data-race because\nm-\u003eprivate is accessible to multiple CPUs. To fix this, instead of\nallocating the heap in proc_vmalloc_init() and passing the heap address to\nm-\u003eprivate, vmalloc_info_show() should allocate the heap.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38383",
"url": "https://www.suse.com/security/cve/CVE-2025-38383"
},
{
"category": "external",
"summary": "SUSE Bug 1247250 for CVE-2025-38383",
"url": "https://bugzilla.suse.com/1247250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38383"
},
{
"cve": "CVE-2025-38384",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38384"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: spinand: fix memory leak of ECC engine conf\n\nMemory allocated for the ECC engine conf is not released during spinand\ncleanup. Below kmemleak trace is seen for this memory leak:\n\nunreferenced object 0xffffff80064f00e0 (size 8):\n comm \"swapper/0\", pid 1, jiffies 4294937458\n hex dump (first 8 bytes):\n 00 00 00 00 00 00 00 00 ........\n backtrace (crc 0):\n kmemleak_alloc+0x30/0x40\n __kmalloc_cache_noprof+0x208/0x3c0\n spinand_ondie_ecc_init_ctx+0x114/0x200\n nand_ecc_init_ctx+0x70/0xa8\n nanddev_ecc_engine_init+0xec/0x27c\n spinand_probe+0xa2c/0x1620\n spi_mem_probe+0x130/0x21c\n spi_probe+0xf0/0x170\n really_probe+0x17c/0x6e8\n __driver_probe_device+0x17c/0x21c\n driver_probe_device+0x58/0x180\n __device_attach_driver+0x15c/0x1f8\n bus_for_each_drv+0xec/0x150\n __device_attach+0x188/0x24c\n device_initial_probe+0x10/0x20\n bus_probe_device+0x11c/0x160\n\nFix the leak by calling nanddev_ecc_engine_cleanup() inside\nspinand_cleanup().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38384",
"url": "https://www.suse.com/security/cve/CVE-2025-38384"
},
{
"category": "external",
"summary": "SUSE Bug 1247035 for CVE-2025-38384",
"url": "https://bugzilla.suse.com/1247035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "low"
}
],
"title": "CVE-2025-38384"
},
{
"cve": "CVE-2025-38385",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38385"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect\n\nRemove redundant netif_napi_del() call from disconnect path.\n\nA WARN may be triggered in __netif_napi_del_locked() during USB device\ndisconnect:\n\n WARNING: CPU: 0 PID: 11 at net/core/dev.c:7417 __netif_napi_del_locked+0x2b4/0x350\n\nThis happens because netif_napi_del() is called in the disconnect path while\nNAPI is still enabled. However, it is not necessary to call netif_napi_del()\nexplicitly, since unregister_netdev() will handle NAPI teardown automatically\nand safely. Removing the redundant call avoids triggering the warning.\n\nFull trace:\n lan78xx 1-1:1.0 enu1: Failed to read register index 0x000000c4. ret = -ENODEV\n lan78xx 1-1:1.0 enu1: Failed to set MAC down with error -ENODEV\n lan78xx 1-1:1.0 enu1: Link is Down\n lan78xx 1-1:1.0 enu1: Failed to read register index 0x00000120. ret = -ENODEV\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 11 at net/core/dev.c:7417 __netif_napi_del_locked+0x2b4/0x350\n Modules linked in: flexcan can_dev fuse\n CPU: 0 UID: 0 PID: 11 Comm: kworker/0:1 Not tainted 6.16.0-rc2-00624-ge926949dab03 #9 PREEMPT\n Hardware name: SKOV IMX8MP CPU revC - bd500 (DT)\n Workqueue: usb_hub_wq hub_event\n pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : __netif_napi_del_locked+0x2b4/0x350\n lr : __netif_napi_del_locked+0x7c/0x350\n sp : ffffffc085b673c0\n x29: ffffffc085b673c0 x28: ffffff800b7f2000 x27: ffffff800b7f20d8\n x26: ffffff80110bcf58 x25: ffffff80110bd978 x24: 1ffffff0022179eb\n x23: ffffff80110bc000 x22: ffffff800b7f5000 x21: ffffff80110bc000\n x20: ffffff80110bcf38 x19: ffffff80110bcf28 x18: dfffffc000000000\n x17: ffffffc081578940 x16: ffffffc08284cee0 x15: 0000000000000028\n x14: 0000000000000006 x13: 0000000000040000 x12: ffffffb0022179e8\n x11: 1ffffff0022179e7 x10: ffffffb0022179e7 x9 : dfffffc000000000\n x8 : 0000004ffdde8619 x7 : ffffff80110bcf3f x6 : 0000000000000001\n x5 : ffffff80110bcf38 x4 : ffffff80110bcf38 x3 : 0000000000000000\n x2 : 0000000000000000 x1 : 1ffffff0022179e7 x0 : 0000000000000000\n Call trace:\n __netif_napi_del_locked+0x2b4/0x350 (P)\n lan78xx_disconnect+0xf4/0x360\n usb_unbind_interface+0x158/0x718\n device_remove+0x100/0x150\n device_release_driver_internal+0x308/0x478\n device_release_driver+0x1c/0x30\n bus_remove_device+0x1a8/0x368\n device_del+0x2e0/0x7b0\n usb_disable_device+0x244/0x540\n usb_disconnect+0x220/0x758\n hub_event+0x105c/0x35e0\n process_one_work+0x760/0x17b0\n worker_thread+0x768/0xce8\n kthread+0x3bc/0x690\n ret_from_fork+0x10/0x20\n irq event stamp: 211604\n hardirqs last enabled at (211603): [\u003cffffffc0828cc9ec\u003e] _raw_spin_unlock_irqrestore+0x84/0x98\n hardirqs last disabled at (211604): [\u003cffffffc0828a9a84\u003e] el1_dbg+0x24/0x80\n softirqs last enabled at (211296): [\u003cffffffc080095f10\u003e] handle_softirqs+0x820/0xbc8\n softirqs last disabled at (210993): [\u003cffffffc080010288\u003e] __do_softirq+0x18/0x20\n ---[ end trace 0000000000000000 ]---\n lan78xx 1-1:1.0 enu1: failed to kill vid 0081/0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38385",
"url": "https://www.suse.com/security/cve/CVE-2025-38385"
},
{
"category": "external",
"summary": "SUSE Bug 1247149 for CVE-2025-38385",
"url": "https://bugzilla.suse.com/1247149"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "low"
}
],
"title": "CVE-2025-38385"
},
{
"cve": "CVE-2025-38386",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38386"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: Refuse to evaluate a method if arguments are missing\n\nAs reported in [1], a platform firmware update that increased the number\nof method parameters and forgot to update a least one of its callers,\ncaused ACPICA to crash due to use-after-free.\n\nSince this a result of a clear AML issue that arguably cannot be fixed\nup by the interpreter (it cannot produce missing data out of thin air),\naddress it by making ACPICA refuse to evaluate a method if the caller\nattempts to pass fewer arguments than expected to it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38386",
"url": "https://www.suse.com/security/cve/CVE-2025-38386"
},
{
"category": "external",
"summary": "SUSE Bug 1247138 for CVE-2025-38386",
"url": "https://bugzilla.suse.com/1247138"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38386"
},
{
"cve": "CVE-2025-38387",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38387"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Initialize obj_event-\u003eobj_sub_list before xa_insert\n\nThe obj_event may be loaded immediately after inserted, then if the\nlist_head is not initialized then we may get a poisonous pointer. This\nfixes the crash below:\n\n mlx5_core 0000:03:00.0: MLX5E: StrdRq(1) RqSz(8) StrdSz(2048) RxCqeCmprss(0 enhanced)\n mlx5_core.sf mlx5_core.sf.4: firmware version: 32.38.3056\n mlx5_core 0000:03:00.0 en3f0pf0sf2002: renamed from eth0\n mlx5_core.sf mlx5_core.sf.4: Rate limit: 127 rates are supported, range: 0Mbps to 195312Mbps\n IPv6: ADDRCONF(NETDEV_CHANGE): en3f0pf0sf2002: link becomes ready\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000060\n Mem abort info:\n ESR = 0x96000006\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n Data abort info:\n ISV = 0, ISS = 0x00000006\n CM = 0, WnR = 0\n user pgtable: 4k pages, 48-bit VAs, pgdp=00000007760fb000\n [0000000000000060] pgd=000000076f6d7003, p4d=000000076f6d7003, pud=0000000777841003, pmd=0000000000000000\n Internal error: Oops: 96000006 [#1] SMP\n Modules linked in: ipmb_host(OE) act_mirred(E) cls_flower(E) sch_ingress(E) mptcp_diag(E) udp_diag(E) raw_diag(E) unix_diag(E) tcp_diag(E) inet_diag(E) binfmt_misc(E) bonding(OE) rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) isofs(E) cdrom(E) mst_pciconf(OE) ib_umad(OE) mlx5_ib(OE) ipmb_dev_int(OE) mlx5_core(OE) kpatch_15237886(OEK) mlxdevm(OE) auxiliary(OE) ib_uverbs(OE) ib_core(OE) psample(E) mlxfw(OE) tls(E) sunrpc(E) vfat(E) fat(E) crct10dif_ce(E) ghash_ce(E) sha1_ce(E) sbsa_gwdt(E) virtio_console(E) ext4(E) mbcache(E) jbd2(E) xfs(E) libcrc32c(E) mmc_block(E) virtio_net(E) net_failover(E) failover(E) sha2_ce(E) sha256_arm64(E) nvme(OE) nvme_core(OE) gpio_mlxbf3(OE) mlx_compat(OE) mlxbf_pmc(OE) i2c_mlxbf(OE) sdhci_of_dwcmshc(OE) pinctrl_mlxbf3(OE) mlxbf_pka(OE) gpio_generic(E) i2c_core(E) mmc_core(E) mlxbf_gige(OE) vitesse(E) pwr_mlxbf(OE) mlxbf_tmfifo(OE) micrel(E) mlxbf_bootctl(OE) virtio_ring(E) virtio(E) ipmi_devintf(E) ipmi_msghandler(E)\n [last unloaded: mst_pci]\n CPU: 11 PID: 20913 Comm: rte-worker-11 Kdump: loaded Tainted: G OE K 5.10.134-13.1.an8.aarch64 #1\n Hardware name: https://www.mellanox.com BlueField-3 SmartNIC Main Card/BlueField-3 SmartNIC Main Card, BIOS 4.2.2.12968 Oct 26 2023\n pstate: a0400089 (NzCv daIf +PAN -UAO -TCO BTYPE=--)\n pc : dispatch_event_fd+0x68/0x300 [mlx5_ib]\n lr : devx_event_notifier+0xcc/0x228 [mlx5_ib]\n sp : ffff80001005bcf0\n x29: ffff80001005bcf0 x28: 0000000000000001\n x27: ffff244e0740a1d8 x26: ffff244e0740a1d0\n x25: ffffda56beff5ae0 x24: ffffda56bf911618\n x23: ffff244e0596a480 x22: ffff244e0596a480\n x21: ffff244d8312ad90 x20: ffff244e0596a480\n x19: fffffffffffffff0 x18: 0000000000000000\n x17: 0000000000000000 x16: ffffda56be66d620\n x15: 0000000000000000 x14: 0000000000000000\n x13: 0000000000000000 x12: 0000000000000000\n x11: 0000000000000040 x10: ffffda56bfcafb50\n x9 : ffffda5655c25f2c x8 : 0000000000000010\n x7 : 0000000000000000 x6 : ffff24545a2e24b8\n x5 : 0000000000000003 x4 : ffff80001005bd28\n x3 : 0000000000000000 x2 : 0000000000000000\n x1 : ffff244e0596a480 x0 : ffff244d8312ad90\n Call trace:\n dispatch_event_fd+0x68/0x300 [mlx5_ib]\n devx_event_notifier+0xcc/0x228 [mlx5_ib]\n atomic_notifier_call_chain+0x58/0x80\n mlx5_eq_async_int+0x148/0x2b0 [mlx5_core]\n atomic_notifier_call_chain+0x58/0x80\n irq_int_handler+0x20/0x30 [mlx5_core]\n __handle_irq_event_percpu+0x60/0x220\n handle_irq_event_percpu+0x3c/0x90\n handle_irq_event+0x58/0x158\n handle_fasteoi_irq+0xfc/0x188\n generic_handle_irq+0x34/0x48\n ...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38387",
"url": "https://www.suse.com/security/cve/CVE-2025-38387"
},
{
"category": "external",
"summary": "SUSE Bug 1247154 for CVE-2025-38387",
"url": "https://bugzilla.suse.com/1247154"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38387"
},
{
"cve": "CVE-2025-38389",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38389"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/gt: Fix timeline left held on VMA alloc error\n\nThe following error has been reported sporadically by CI when a test\nunbinds the i915 driver on a ring submission platform:\n\n\u003c4\u003e [239.330153] ------------[ cut here ]------------\n\u003c4\u003e [239.330166] i915 0000:00:02.0: [drm] drm_WARN_ON(dev_priv-\u003emm.shrink_count)\n\u003c4\u003e [239.330196] WARNING: CPU: 1 PID: 18570 at drivers/gpu/drm/i915/i915_gem.c:1309 i915_gem_cleanup_early+0x13e/0x150 [i915]\n...\n\u003c4\u003e [239.330640] RIP: 0010:i915_gem_cleanup_early+0x13e/0x150 [i915]\n...\n\u003c4\u003e [239.330942] Call Trace:\n\u003c4\u003e [239.330944] \u003cTASK\u003e\n\u003c4\u003e [239.330949] i915_driver_late_release+0x2b/0xa0 [i915]\n\u003c4\u003e [239.331202] i915_driver_release+0x86/0xa0 [i915]\n\u003c4\u003e [239.331482] devm_drm_dev_init_release+0x61/0x90\n\u003c4\u003e [239.331494] devm_action_release+0x15/0x30\n\u003c4\u003e [239.331504] release_nodes+0x3d/0x120\n\u003c4\u003e [239.331517] devres_release_all+0x96/0xd0\n\u003c4\u003e [239.331533] device_unbind_cleanup+0x12/0x80\n\u003c4\u003e [239.331543] device_release_driver_internal+0x23a/0x280\n\u003c4\u003e [239.331550] ? bus_find_device+0xa5/0xe0\n\u003c4\u003e [239.331563] device_driver_detach+0x14/0x20\n...\n\u003c4\u003e [357.719679] ---[ end trace 0000000000000000 ]---\n\nIf the test also unloads the i915 module then that\u0027s followed with:\n\n\u003c3\u003e [357.787478] =============================================================================\n\u003c3\u003e [357.788006] BUG i915_vma (Tainted: G U W N ): Objects remaining on __kmem_cache_shutdown()\n\u003c3\u003e [357.788031] -----------------------------------------------------------------------------\n\u003c3\u003e [357.788204] Object 0xffff888109e7f480 @offset=29824\n\u003c3\u003e [357.788670] Allocated in i915_vma_instance+0xee/0xc10 [i915] age=292729 cpu=4 pid=2244\n\u003c4\u003e [357.788994] i915_vma_instance+0xee/0xc10 [i915]\n\u003c4\u003e [357.789290] init_status_page+0x7b/0x420 [i915]\n\u003c4\u003e [357.789532] intel_engines_init+0x1d8/0x980 [i915]\n\u003c4\u003e [357.789772] intel_gt_init+0x175/0x450 [i915]\n\u003c4\u003e [357.790014] i915_gem_init+0x113/0x340 [i915]\n\u003c4\u003e [357.790281] i915_driver_probe+0x847/0xed0 [i915]\n\u003c4\u003e [357.790504] i915_pci_probe+0xe6/0x220 [i915]\n...\n\nCloser analysis of CI results history has revealed a dependency of the\nerror on a few IGT tests, namely:\n- igt@api_intel_allocator@fork-simple-stress-signal,\n- igt@api_intel_allocator@two-level-inception-interruptible,\n- igt@gem_linear_blits@interruptible,\n- igt@prime_mmap_coherency@ioctl-errors,\nwhich invisibly trigger the issue, then exhibited with first driver unbind\nattempt.\n\nAll of the above tests perform actions which are actively interrupted with\nsignals. Further debugging has allowed to narrow that scope down to\nDRM_IOCTL_I915_GEM_EXECBUFFER2, and ring_context_alloc(), specific to ring\nsubmission, in particular.\n\nIf successful then that function, or its execlists or GuC submission\nequivalent, is supposed to be called only once per GEM context engine,\nfollowed by raise of a flag that prevents the function from being called\nagain. The function is expected to unwind its internal errors itself, so\nit may be safely called once more after it returns an error.\n\nIn case of ring submission, the function first gets a reference to the\nengine\u0027s legacy timeline and then allocates a VMA. If the VMA allocation\nfails, e.g. when i915_vma_instance() called from inside is interrupted\nwith a signal, then ring_context_alloc() fails, leaving the timeline held\nreferenced. On next I915_GEM_EXECBUFFER2 IOCTL, another reference to the\ntimeline is got, and only that last one is put on successful completion.\nAs a consequence, the legacy timeline, with its underlying engine status\npage\u0027s VMA object, is still held and not released on driver unbind.\n\nGet the legacy timeline only after successful allocation of the context\nengine\u0027s VMA.\n\nv2: Add a note on other submission methods (Krzysztof Karas):\n Both execlists and GuC submission use lrc_alloc() which seems free\n from a similar issue.\n\n(cherry picked from commit cc43422b3cc79eacff4c5a8ba0d224688ca9dd4f)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38389",
"url": "https://www.suse.com/security/cve/CVE-2025-38389"
},
{
"category": "external",
"summary": "SUSE Bug 1247153 for CVE-2025-38389",
"url": "https://bugzilla.suse.com/1247153"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38389"
},
{
"cve": "CVE-2025-38390",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38390"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_ffa: Fix memory leak by freeing notifier callback node\n\nCommit e0573444edbf (\"firmware: arm_ffa: Add interfaces to request\nnotification callbacks\") adds support for notifier callbacks by allocating\nand inserting a callback node into a hashtable during registration of\nnotifiers. However, during unregistration, the code only removes the\nnode from the hashtable without freeing the associated memory, resulting\nin a memory leak.\n\nResolve the memory leak issue by ensuring the allocated notifier callback\nnode is properly freed after it is removed from the hashtable entry.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38390",
"url": "https://www.suse.com/security/cve/CVE-2025-38390"
},
{
"category": "external",
"summary": "SUSE Bug 1247088 for CVE-2025-38390",
"url": "https://bugzilla.suse.com/1247088"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38390"
},
{
"cve": "CVE-2025-38391",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38391"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: altmodes/displayport: do not index invalid pin_assignments\n\nA poorly implemented DisplayPort Alt Mode port partner can indicate\nthat its pin assignment capabilities are greater than the maximum\nvalue, DP_PIN_ASSIGN_F. In this case, calls to pin_assignment_show\nwill cause a BRK exception due to an out of bounds array access.\n\nPrevent for loop in pin_assignment_show from accessing\ninvalid values in pin_assignments by adding DP_PIN_ASSIGN_MAX\nvalue in typec_dp.h and using i \u003c DP_PIN_ASSIGN_MAX as a loop\ncondition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38391",
"url": "https://www.suse.com/security/cve/CVE-2025-38391"
},
{
"category": "external",
"summary": "SUSE Bug 1247181 for CVE-2025-38391",
"url": "https://bugzilla.suse.com/1247181"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38391"
},
{
"cve": "CVE-2025-38392",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38392"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: convert control queue mutex to a spinlock\n\nWith VIRTCHNL2_CAP_MACFILTER enabled, the following warning is generated\non module load:\n\n[ 324.701677] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:578\n[ 324.701684] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1582, name: NetworkManager\n[ 324.701689] preempt_count: 201, expected: 0\n[ 324.701693] RCU nest depth: 0, expected: 0\n[ 324.701697] 2 locks held by NetworkManager/1582:\n[ 324.701702] #0: ffffffff9f7be770 (rtnl_mutex){....}-{3:3}, at: rtnl_newlink+0x791/0x21e0\n[ 324.701730] #1: ff1100216c380368 (_xmit_ETHER){....}-{2:2}, at: __dev_open+0x3f0/0x870\n[ 324.701749] Preemption disabled at:\n[ 324.701752] [\u003cffffffff9cd23b9d\u003e] __dev_open+0x3dd/0x870\n[ 324.701765] CPU: 30 UID: 0 PID: 1582 Comm: NetworkManager Not tainted 6.15.0-rc5+ #2 PREEMPT(voluntary)\n[ 324.701771] Hardware name: Intel Corporation M50FCP2SBSTD/M50FCP2SBSTD, BIOS SE5C741.86B.01.01.0001.2211140926 11/14/2022\n[ 324.701774] Call Trace:\n[ 324.701777] \u003cTASK\u003e\n[ 324.701779] dump_stack_lvl+0x5d/0x80\n[ 324.701788] ? __dev_open+0x3dd/0x870\n[ 324.701793] __might_resched.cold+0x1ef/0x23d\n\u003c..\u003e\n[ 324.701818] __mutex_lock+0x113/0x1b80\n\u003c..\u003e\n[ 324.701917] idpf_ctlq_clean_sq+0xad/0x4b0 [idpf]\n[ 324.701935] ? kasan_save_track+0x14/0x30\n[ 324.701941] idpf_mb_clean+0x143/0x380 [idpf]\n\u003c..\u003e\n[ 324.701991] idpf_send_mb_msg+0x111/0x720 [idpf]\n[ 324.702009] idpf_vc_xn_exec+0x4cc/0x990 [idpf]\n[ 324.702021] ? rcu_is_watching+0x12/0xc0\n[ 324.702035] idpf_add_del_mac_filters+0x3ed/0xb50 [idpf]\n\u003c..\u003e\n[ 324.702122] __hw_addr_sync_dev+0x1cf/0x300\n[ 324.702126] ? find_held_lock+0x32/0x90\n[ 324.702134] idpf_set_rx_mode+0x317/0x390 [idpf]\n[ 324.702152] __dev_open+0x3f8/0x870\n[ 324.702159] ? __pfx___dev_open+0x10/0x10\n[ 324.702174] __dev_change_flags+0x443/0x650\n\u003c..\u003e\n[ 324.702208] netif_change_flags+0x80/0x160\n[ 324.702218] do_setlink.isra.0+0x16a0/0x3960\n\u003c..\u003e\n[ 324.702349] rtnl_newlink+0x12fd/0x21e0\n\nThe sequence is as follows:\n\trtnl_newlink()-\u003e\n\t__dev_change_flags()-\u003e\n\t__dev_open()-\u003e\n\tdev_set_rx_mode() - \u003e # disables BH and grabs \"dev-\u003eaddr_list_lock\"\n\tidpf_set_rx_mode() -\u003e # proceed only if VIRTCHNL2_CAP_MACFILTER is ON\n\t__dev_uc_sync() -\u003e\n\tidpf_add_mac_filter -\u003e\n\tidpf_add_del_mac_filters -\u003e\n\tidpf_send_mb_msg() -\u003e\n\tidpf_mb_clean() -\u003e\n\tidpf_ctlq_clean_sq() # mutex_lock(cq_lock)\n\nFix by converting cq_lock to a spinlock. All operations under the new\nlock are safe except freeing the DMA memory, which may use vunmap(). Fix\nby requesting a contiguous physical memory for the DMA mapping.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38392",
"url": "https://www.suse.com/security/cve/CVE-2025-38392"
},
{
"category": "external",
"summary": "SUSE Bug 1247169 for CVE-2025-38392",
"url": "https://bugzilla.suse.com/1247169"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38392"
},
{
"cve": "CVE-2025-38393",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38393"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN\n\nWe found a few different systems hung up in writeback waiting on the same\npage lock, and one task waiting on the NFS_LAYOUT_DRAIN bit in\npnfs_update_layout(), however the pnfs_layout_hdr\u0027s plh_outstanding count\nwas zero.\n\nIt seems most likely that this is another race between the waiter and waker\nsimilar to commit ed0172af5d6f (\"SUNRPC: Fix a race to wake a sync task\").\nFix it up by applying the advised barrier.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38393",
"url": "https://www.suse.com/security/cve/CVE-2025-38393"
},
{
"category": "external",
"summary": "SUSE Bug 1247170 for CVE-2025-38393",
"url": "https://bugzilla.suse.com/1247170"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38393"
},
{
"cve": "CVE-2025-38395",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38395"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: gpio: Fix the out-of-bounds access to drvdata::gpiods\n\ndrvdata::gpiods is supposed to hold an array of \u0027gpio_desc\u0027 pointers. But\nthe memory is allocated for only one pointer. This will lead to\nout-of-bounds access later in the code if \u0027config::ngpios\u0027 is \u003e 1. So\nfix the code to allocate enough memory to hold \u0027config::ngpios\u0027 of GPIO\ndescriptors.\n\nWhile at it, also move the check for memory allocation failure to be below\nthe allocation to make it more readable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38395",
"url": "https://www.suse.com/security/cve/CVE-2025-38395"
},
{
"category": "external",
"summary": "SUSE Bug 1247171 for CVE-2025-38395",
"url": "https://bugzilla.suse.com/1247171"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38395"
},
{
"cve": "CVE-2025-38396",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38396"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass\n\nExport anon_inode_make_secure_inode() to allow KVM guest_memfd to create\nanonymous inodes with proper security context. This replaces the current\npattern of calling alloc_anon_inode() followed by\ninode_init_security_anon() for creating security context manually.\n\nThis change also fixes a security regression in secretmem where the\nS_PRIVATE flag was not cleared after alloc_anon_inode(), causing\nLSM/SELinux checks to be bypassed for secretmem file descriptors.\n\nAs guest_memfd currently resides in the KVM module, we need to export this\nsymbol for use outside the core kernel. In the future, guest_memfd might be\nmoved to core-mm, at which point the symbols no longer would have to be\nexported. When/if that happens is still unclear.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38396",
"url": "https://www.suse.com/security/cve/CVE-2025-38396"
},
{
"category": "external",
"summary": "SUSE Bug 1247156 for CVE-2025-38396",
"url": "https://bugzilla.suse.com/1247156"
},
{
"category": "external",
"summary": "SUSE Bug 1247158 for CVE-2025-38396",
"url": "https://bugzilla.suse.com/1247158"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38396"
},
{
"cve": "CVE-2025-38397",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38397"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-multipath: fix suspicious RCU usage warning\n\nWhen I run the NVME over TCP test in virtme-ng, I get the following\n\"suspicious RCU usage\" warning in nvme_mpath_add_sysfs_link():\n\n\u0027\u0027\u0027\n[ 5.024557][ T44] nvmet: Created nvm controller 1 for subsystem nqn.2025-06.org.nvmexpress.mptcp for NQN nqn.2014-08.org.nvmexpress:uuid:f7f6b5e0-ff97-4894-98ac-c85309e0bc77.\n[ 5.027401][ T183] nvme nvme0: creating 2 I/O queues.\n[ 5.029017][ T183] nvme nvme0: mapped 2/0/0 default/read/poll queues.\n[ 5.032587][ T183] nvme nvme0: new ctrl: NQN \"nqn.2025-06.org.nvmexpress.mptcp\", addr 127.0.0.1:4420, hostnqn: nqn.2014-08.org.nvmexpress:uuid:f7f6b5e0-ff97-4894-98ac-c85309e0bc77\n[ 5.042214][ T25]\n[ 5.042440][ T25] =============================\n[ 5.042579][ T25] WARNING: suspicious RCU usage\n[ 5.042705][ T25] 6.16.0-rc3+ #23 Not tainted\n[ 5.042812][ T25] -----------------------------\n[ 5.042934][ T25] drivers/nvme/host/multipath.c:1203 RCU-list traversed in non-reader section!!\n[ 5.043111][ T25]\n[ 5.043111][ T25] other info that might help us debug this:\n[ 5.043111][ T25]\n[ 5.043341][ T25]\n[ 5.043341][ T25] rcu_scheduler_active = 2, debug_locks = 1\n[ 5.043502][ T25] 3 locks held by kworker/u9:0/25:\n[ 5.043615][ T25] #0: ffff888008730948 ((wq_completion)async){+.+.}-{0:0}, at: process_one_work+0x7ed/0x1350\n[ 5.043830][ T25] #1: ffffc900001afd40 ((work_completion)(\u0026entry-\u003ework)){+.+.}-{0:0}, at: process_one_work+0xcf3/0x1350\n[ 5.044084][ T25] #2: ffff888013ee0020 (\u0026head-\u003esrcu){.+.+}-{0:0}, at: nvme_mpath_add_sysfs_link.part.0+0xb4/0x3a0\n[ 5.044300][ T25]\n[ 5.044300][ T25] stack backtrace:\n[ 5.044439][ T25] CPU: 0 UID: 0 PID: 25 Comm: kworker/u9:0 Not tainted 6.16.0-rc3+ #23 PREEMPT(full)\n[ 5.044441][ T25] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011\n[ 5.044442][ T25] Workqueue: async async_run_entry_fn\n[ 5.044445][ T25] Call Trace:\n[ 5.044446][ T25] \u003cTASK\u003e\n[ 5.044449][ T25] dump_stack_lvl+0x6f/0xb0\n[ 5.044453][ T25] lockdep_rcu_suspicious.cold+0x4f/0xb1\n[ 5.044457][ T25] nvme_mpath_add_sysfs_link.part.0+0x2fb/0x3a0\n[ 5.044459][ T25] ? queue_work_on+0x90/0xf0\n[ 5.044461][ T25] ? lockdep_hardirqs_on+0x78/0x110\n[ 5.044466][ T25] nvme_mpath_set_live+0x1e9/0x4f0\n[ 5.044470][ T25] nvme_mpath_add_disk+0x240/0x2f0\n[ 5.044472][ T25] ? __pfx_nvme_mpath_add_disk+0x10/0x10\n[ 5.044475][ T25] ? add_disk_fwnode+0x361/0x580\n[ 5.044480][ T25] nvme_alloc_ns+0x81c/0x17c0\n[ 5.044483][ T25] ? kasan_quarantine_put+0x104/0x240\n[ 5.044487][ T25] ? __pfx_nvme_alloc_ns+0x10/0x10\n[ 5.044495][ T25] ? __pfx_nvme_find_get_ns+0x10/0x10\n[ 5.044496][ T25] ? rcu_read_lock_any_held+0x45/0xa0\n[ 5.044498][ T25] ? validate_chain+0x232/0x4f0\n[ 5.044503][ T25] nvme_scan_ns+0x4c8/0x810\n[ 5.044506][ T25] ? __pfx_nvme_scan_ns+0x10/0x10\n[ 5.044508][ T25] ? find_held_lock+0x2b/0x80\n[ 5.044512][ T25] ? ktime_get+0x16d/0x220\n[ 5.044517][ T25] ? kvm_clock_get_cycles+0x18/0x30\n[ 5.044520][ T25] ? __pfx_nvme_scan_ns_async+0x10/0x10\n[ 5.044522][ T25] async_run_entry_fn+0x97/0x560\n[ 5.044523][ T25] ? rcu_is_watching+0x12/0xc0\n[ 5.044526][ T25] process_one_work+0xd3c/0x1350\n[ 5.044532][ T25] ? __pfx_process_one_work+0x10/0x10\n[ 5.044536][ T25] ? assign_work+0x16c/0x240\n[ 5.044539][ T25] worker_thread+0x4da/0xd50\n[ 5.044545][ T25] ? __pfx_worker_thread+0x10/0x10\n[ 5.044546][ T25] kthread+0x356/0x5c0\n[ 5.044548][ T25] ? __pfx_kthread+0x10/0x10\n[ 5.044549][ T25] ? ret_from_fork+0x1b/0x2e0\n[ 5.044552][ T25] ? __lock_release.isra.0+0x5d/0x180\n[ 5.044553][ T25] ? ret_from_fork+0x1b/0x2e0\n[ 5.044555][ T25] ? rcu_is_watching+0x12/0xc0\n[ 5.044557][ T25] ? __pfx_kthread+0x10/0x10\n[ 5.04\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38397",
"url": "https://www.suse.com/security/cve/CVE-2025-38397"
},
{
"category": "external",
"summary": "SUSE Bug 1247163 for CVE-2025-38397",
"url": "https://bugzilla.suse.com/1247163"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38397"
},
{
"cve": "CVE-2025-38399",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38399"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port()\n\nThe function core_scsi3_decode_spec_i_port(), in its error code path,\nunconditionally calls core_scsi3_lunacl_undepend_item() passing the\ndest_se_deve pointer, which may be NULL.\n\nThis can lead to a NULL pointer dereference if dest_se_deve remains\nunset.\n\nSPC-3 PR SPEC_I_PT: Unable to locate dest_tpg\nUnable to handle kernel paging request at virtual address dfff800000000012\nCall trace:\n core_scsi3_lunacl_undepend_item+0x2c/0xf0 [target_core_mod] (P)\n core_scsi3_decode_spec_i_port+0x120c/0x1c30 [target_core_mod]\n core_scsi3_emulate_pro_register+0x6b8/0xcd8 [target_core_mod]\n target_scsi3_emulate_pr_out+0x56c/0x840 [target_core_mod]\n\nFix this by adding a NULL check before calling\ncore_scsi3_lunacl_undepend_item()",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38399",
"url": "https://www.suse.com/security/cve/CVE-2025-38399"
},
{
"category": "external",
"summary": "SUSE Bug 1247097 for CVE-2025-38399",
"url": "https://bugzilla.suse.com/1247097"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38399"
},
{
"cve": "CVE-2025-38400",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38400"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails.\n\nsyzbot reported a warning below [1] following a fault injection in\nnfs_fs_proc_net_init(). [0]\n\nWhen nfs_fs_proc_net_init() fails, /proc/net/rpc/nfs is not removed.\n\nLater, rpc_proc_exit() tries to remove /proc/net/rpc, and the warning\nis logged as the directory is not empty.\n\nLet\u0027s handle the error of nfs_fs_proc_net_init() properly.\n\n[0]:\nFAULT_INJECTION: forcing a failure.\nname failslab, interval 1, probability 0, space 0, times 0\nCPU: 1 UID: 0 PID: 6120 Comm: syz.2.27 Not tainted 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl (lib/dump_stack.c:123)\n should_fail_ex (lib/fault-inject.c:73 lib/fault-inject.c:174)\n should_failslab (mm/failslab.c:46)\n kmem_cache_alloc_noprof (mm/slub.c:4178 mm/slub.c:4204)\n __proc_create (fs/proc/generic.c:427)\n proc_create_reg (fs/proc/generic.c:554)\n proc_create_net_data (fs/proc/proc_net.c:120)\n nfs_fs_proc_net_init (fs/nfs/client.c:1409)\n nfs_net_init (fs/nfs/inode.c:2600)\n ops_init (net/core/net_namespace.c:138)\n setup_net (net/core/net_namespace.c:443)\n copy_net_ns (net/core/net_namespace.c:576)\n create_new_namespaces (kernel/nsproxy.c:110)\n unshare_nsproxy_namespaces (kernel/nsproxy.c:218 (discriminator 4))\n ksys_unshare (kernel/fork.c:3123)\n __x64_sys_unshare (kernel/fork.c:3190)\n do_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n \u003c/TASK\u003e\n\n[1]:\nremove_proc_entry: removing non-empty directory \u0027net/rpc\u0027, leaking at least \u0027nfs\u0027\n WARNING: CPU: 1 PID: 6120 at fs/proc/generic.c:727 remove_proc_entry+0x45e/0x530 fs/proc/generic.c:727\nModules linked in:\nCPU: 1 UID: 0 PID: 6120 Comm: syz.2.27 Not tainted 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\n RIP: 0010:remove_proc_entry+0x45e/0x530 fs/proc/generic.c:727\nCode: 3c 02 00 0f 85 85 00 00 00 48 8b 93 d8 00 00 00 4d 89 f0 4c 89 e9 48 c7 c6 40 ba a2 8b 48 c7 c7 60 b9 a2 8b e8 33 81 1d ff 90 \u003c0f\u003e 0b 90 90 e9 5f fe ff ff e8 04 69 5e ff 90 48 b8 00 00 00 00 00\nRSP: 0018:ffffc90003637b08 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffff88805f534140 RCX: ffffffff817a92c8\nRDX: ffff88807da99e00 RSI: ffffffff817a92d5 RDI: 0000000000000001\nRBP: ffff888033431ac0 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000001 R12: ffff888033431a00\nR13: ffff888033431ae4 R14: ffff888033184724 R15: dffffc0000000000\nFS: 0000555580328500(0000) GS:ffff888124a62000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f71733743e0 CR3: 000000007f618000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n sunrpc_exit_net+0x46/0x90 net/sunrpc/sunrpc_syms.c:76\n ops_exit_list net/core/net_namespace.c:200 [inline]\n ops_undo_list+0x2eb/0xab0 net/core/net_namespace.c:253\n setup_net+0x2e1/0x510 net/core/net_namespace.c:457\n copy_net_ns+0x2a6/0x5f0 net/core/net_namespace.c:574\n create_new_namespaces+0x3ea/0xa90 kernel/nsproxy.c:110\n unshare_nsproxy_namespaces+0xc0/0x1f0 kernel/nsproxy.c:218\n ksys_unshare+0x45b/0xa40 kernel/fork.c:3121\n __do_sys_unshare kernel/fork.c:3192 [inline]\n __se_sys_unshare kernel/fork.c:3190 [inline]\n __x64_sys_unshare+0x31/0x40 kernel/fork.c:3190\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x490 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fa1a6b8e929\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38400",
"url": "https://www.suse.com/security/cve/CVE-2025-38400"
},
{
"category": "external",
"summary": "SUSE Bug 1247123 for CVE-2025-38400",
"url": "https://bugzilla.suse.com/1247123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38400"
},
{
"cve": "CVE-2025-38401",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38401"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtk-sd: Prevent memory corruption from DMA map failure\n\nIf msdc_prepare_data() fails to map the DMA region, the request is\nnot prepared for data receiving, but msdc_start_data() proceeds\nthe DMA with previous setting.\nSince this will lead a memory corruption, we have to stop the\nrequest operation soon after the msdc_prepare_data() fails to\nprepare it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38401",
"url": "https://www.suse.com/security/cve/CVE-2025-38401"
},
{
"category": "external",
"summary": "SUSE Bug 1247125 for CVE-2025-38401",
"url": "https://bugzilla.suse.com/1247125"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38401"
},
{
"cve": "CVE-2025-38402",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38402"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: return 0 size for RSS key if not supported\n\nReturning -EOPNOTSUPP from function returning u32 is leading to\ncast and invalid size value as a result.\n\n-EOPNOTSUPP as a size probably will lead to allocation fail.\n\nCommand: ethtool -x eth0\nIt is visible on all devices that don\u0027t have RSS caps set.\n\n[ 136.615917] Call Trace:\n[ 136.615921] \u003cTASK\u003e\n[ 136.615927] ? __warn+0x89/0x130\n[ 136.615942] ? __alloc_frozen_pages_noprof+0x322/0x330\n[ 136.615953] ? report_bug+0x164/0x190\n[ 136.615968] ? handle_bug+0x58/0x90\n[ 136.615979] ? exc_invalid_op+0x17/0x70\n[ 136.615987] ? asm_exc_invalid_op+0x1a/0x20\n[ 136.616001] ? rss_prepare_get.constprop.0+0xb9/0x170\n[ 136.616016] ? __alloc_frozen_pages_noprof+0x322/0x330\n[ 136.616028] __alloc_pages_noprof+0xe/0x20\n[ 136.616038] ___kmalloc_large_node+0x80/0x110\n[ 136.616072] __kmalloc_large_node_noprof+0x1d/0xa0\n[ 136.616081] __kmalloc_noprof+0x32c/0x4c0\n[ 136.616098] ? rss_prepare_get.constprop.0+0xb9/0x170\n[ 136.616105] rss_prepare_get.constprop.0+0xb9/0x170\n[ 136.616114] ethnl_default_doit+0x107/0x3d0\n[ 136.616131] genl_family_rcv_msg_doit+0x100/0x160\n[ 136.616147] genl_rcv_msg+0x1b8/0x2c0\n[ 136.616156] ? __pfx_ethnl_default_doit+0x10/0x10\n[ 136.616168] ? __pfx_genl_rcv_msg+0x10/0x10\n[ 136.616176] netlink_rcv_skb+0x58/0x110\n[ 136.616186] genl_rcv+0x28/0x40\n[ 136.616195] netlink_unicast+0x19b/0x290\n[ 136.616206] netlink_sendmsg+0x222/0x490\n[ 136.616215] __sys_sendto+0x1fd/0x210\n[ 136.616233] __x64_sys_sendto+0x24/0x30\n[ 136.616242] do_syscall_64+0x82/0x160\n[ 136.616252] ? __sys_recvmsg+0x83/0xe0\n[ 136.616265] ? syscall_exit_to_user_mode+0x10/0x210\n[ 136.616275] ? do_syscall_64+0x8e/0x160\n[ 136.616282] ? __count_memcg_events+0xa1/0x130\n[ 136.616295] ? count_memcg_events.constprop.0+0x1a/0x30\n[ 136.616306] ? handle_mm_fault+0xae/0x2d0\n[ 136.616319] ? do_user_addr_fault+0x379/0x670\n[ 136.616328] ? clear_bhb_loop+0x45/0xa0\n[ 136.616340] ? clear_bhb_loop+0x45/0xa0\n[ 136.616349] ? clear_bhb_loop+0x45/0xa0\n[ 136.616359] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 136.616369] RIP: 0033:0x7fd30ba7b047\n[ 136.616376] Code: 0c 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 80 3d bd d5 0c 00 00 41 89 ca 74 10 b8 2c 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 71 c3 55 48 83 ec 30 44 89 4c 24 2c 4c 89 44\n[ 136.616381] RSP: 002b:00007ffde1796d68 EFLAGS: 00000202 ORIG_RAX: 000000000000002c\n[ 136.616388] RAX: ffffffffffffffda RBX: 000055d7bd89f2a0 RCX: 00007fd30ba7b047\n[ 136.616392] RDX: 0000000000000028 RSI: 000055d7bd89f3b0 RDI: 0000000000000003\n[ 136.616396] RBP: 00007ffde1796e10 R08: 00007fd30bb4e200 R09: 000000000000000c\n[ 136.616399] R10: 0000000000000000 R11: 0000000000000202 R12: 000055d7bd89f340\n[ 136.616403] R13: 000055d7bd89f3b0 R14: 000055d78943f200 R15: 0000000000000000",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38402",
"url": "https://www.suse.com/security/cve/CVE-2025-38402"
},
{
"category": "external",
"summary": "SUSE Bug 1247262 for CVE-2025-38402",
"url": "https://bugzilla.suse.com/1247262"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38402"
},
{
"cve": "CVE-2025-38403",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38403"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/vmci: Clear the vmci transport packet properly when initializing it\n\nIn vmci_transport_packet_init memset the vmci_transport_packet before\npopulating the fields to avoid any uninitialised data being left in the\nstructure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38403",
"url": "https://www.suse.com/security/cve/CVE-2025-38403"
},
{
"category": "external",
"summary": "SUSE Bug 1247141 for CVE-2025-38403",
"url": "https://bugzilla.suse.com/1247141"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38403"
},
{
"cve": "CVE-2025-38404",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38404"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: displayport: Fix potential deadlock\n\nThe deadlock can occur due to a recursive lock acquisition of\n`cros_typec_altmode_data::mutex`.\nThe call chain is as follows:\n1. cros_typec_altmode_work() acquires the mutex\n2. typec_altmode_vdm() -\u003e dp_altmode_vdm() -\u003e\n3. typec_altmode_exit() -\u003e cros_typec_altmode_exit()\n4. cros_typec_altmode_exit() attempts to acquire the mutex again\n\nTo prevent this, defer the `typec_altmode_exit()` call by scheduling\nit rather than calling it directly from within the mutex-protected\ncontext.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38404",
"url": "https://www.suse.com/security/cve/CVE-2025-38404"
},
{
"category": "external",
"summary": "SUSE Bug 1247271 for CVE-2025-38404",
"url": "https://bugzilla.suse.com/1247271"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38404"
},
{
"cve": "CVE-2025-38405",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38405"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: fix memory leak of bio integrity\n\nIf nvmet receives commands with metadata there is a continuous memory\nleak of kmalloc-128 slab or more precisely bio-\u003ebi_integrity.\n\nSince commit bf4c89fc8797 (\"block: don\u0027t call bio_uninit from bio_endio\")\neach user of bio_init has to use bio_uninit as well. Otherwise the bio\nintegrity is not getting free. Nvmet uses bio_init for inline bios.\n\nUninit the inline bio to complete deallocation of integrity in bio.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38405",
"url": "https://www.suse.com/security/cve/CVE-2025-38405"
},
{
"category": "external",
"summary": "SUSE Bug 1247270 for CVE-2025-38405",
"url": "https://bugzilla.suse.com/1247270"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "low"
}
],
"title": "CVE-2025-38405"
},
{
"cve": "CVE-2025-38406",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38406"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath6kl: remove WARN on bad firmware input\n\nIf the firmware gives bad input, that\u0027s nothing to do with\nthe driver\u0027s stack at this point etc., so the WARN_ON()\ndoesn\u0027t add any value. Additionally, this is one of the\ntop syzbot reports now. Just print a message, and as an\nadded bonus, print the sizes too.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38406",
"url": "https://www.suse.com/security/cve/CVE-2025-38406"
},
{
"category": "external",
"summary": "SUSE Bug 1247210 for CVE-2025-38406",
"url": "https://bugzilla.suse.com/1247210"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38406"
},
{
"cve": "CVE-2025-38408",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38408"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngenirq/irq_sim: Initialize work context pointers properly\n\nInitialize `ops` member\u0027s pointers properly by using kzalloc() instead of\nkmalloc() when allocating the simulation work context. Otherwise the\npointers contain random content leading to invalid dereferencing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38408",
"url": "https://www.suse.com/security/cve/CVE-2025-38408"
},
{
"category": "external",
"summary": "SUSE Bug 1247126 for CVE-2025-38408",
"url": "https://bugzilla.suse.com/1247126"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38408"
},
{
"cve": "CVE-2025-38409",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38409"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: Fix another leak in the submit error path\n\nput_unused_fd() doesn\u0027t free the installed file, if we\u0027ve already done\nfd_install(). So we need to also free the sync_file.\n\nPatchwork: https://patchwork.freedesktop.org/patch/653583/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38409",
"url": "https://www.suse.com/security/cve/CVE-2025-38409"
},
{
"category": "external",
"summary": "SUSE Bug 1247285 for CVE-2025-38409",
"url": "https://bugzilla.suse.com/1247285"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "low"
}
],
"title": "CVE-2025-38409"
},
{
"cve": "CVE-2025-38410",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38410"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: Fix a fence leak in submit error path\n\nIn error paths, we could unref the submit without calling\ndrm_sched_entity_push_job(), so msm_job_free() will never get\ncalled. Since drm_sched_job_cleanup() will NULL out the\ns_fence, we can use that to detect this case.\n\nPatchwork: https://patchwork.freedesktop.org/patch/653584/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38410",
"url": "https://www.suse.com/security/cve/CVE-2025-38410"
},
{
"category": "external",
"summary": "SUSE Bug 1247128 for CVE-2025-38410",
"url": "https://bugzilla.suse.com/1247128"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38410"
},
{
"cve": "CVE-2025-38412",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38412"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks\n\nAfter retrieving WMI data blocks in sysfs callbacks, check for the\nvalidity of them before dereferencing their content.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38412",
"url": "https://www.suse.com/security/cve/CVE-2025-38412"
},
{
"category": "external",
"summary": "SUSE Bug 1247132 for CVE-2025-38412",
"url": "https://bugzilla.suse.com/1247132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38412"
},
{
"cve": "CVE-2025-38413",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38413"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-net: xsk: rx: fix the frame\u0027s length check\n\nWhen calling buf_to_xdp, the len argument is the frame data\u0027s length\nwithout virtio header\u0027s length (vi-\u003ehdr_len). We check that len with\n\n\txsk_pool_get_rx_frame_size() + vi-\u003ehdr_len\n\nto ensure the provided len does not larger than the allocated chunk\nsize. The additional vi-\u003ehdr_len is because in virtnet_add_recvbuf_xsk,\nwe use part of XDP_PACKET_HEADROOM for virtio header and ask the vhost\nto start placing data from\n\n\thard_start + XDP_PACKET_HEADROOM - vi-\u003ehdr_len\nnot\n\thard_start + XDP_PACKET_HEADROOM\n\nBut the first buffer has virtio_header, so the maximum frame\u0027s length in\nthe first buffer can only be\n\n\txsk_pool_get_rx_frame_size()\nnot\n\txsk_pool_get_rx_frame_size() + vi-\u003ehdr_len\n\nlike in the current check.\n\nThis commit adds an additional argument to buf_to_xdp differentiate\nbetween the first buffer and other ones to correctly calculate the maximum\nframe\u0027s length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38413",
"url": "https://www.suse.com/security/cve/CVE-2025-38413"
},
{
"category": "external",
"summary": "SUSE Bug 1247131 for CVE-2025-38413",
"url": "https://bugzilla.suse.com/1247131"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38413"
},
{
"cve": "CVE-2025-38414",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38414"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850\n\nGCC_GCC_PCIE_HOT_RST is wrongly defined for WCN7850, causing kernel crash\non some specific platforms.\n\nSince this register is divergent for WCN7850 and QCN9274, move it to\nregister table to allow different definitions. Then correct the register\naddress for WCN7850 to fix this issue.\n\nNote IPQ5332 is not affected as it is not PCIe based device.\n\nTested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38414",
"url": "https://www.suse.com/security/cve/CVE-2025-38414"
},
{
"category": "external",
"summary": "SUSE Bug 1247145 for CVE-2025-38414",
"url": "https://bugzilla.suse.com/1247145"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38414"
},
{
"cve": "CVE-2025-38415",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38415"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nSquashfs: check return result of sb_min_blocksize\n\nSyzkaller reports an \"UBSAN: shift-out-of-bounds in squashfs_bio_read\" bug.\n\nSyzkaller forks multiple processes which after mounting the Squashfs\nfilesystem, issues an ioctl(\"/dev/loop0\", LOOP_SET_BLOCK_SIZE, 0x8000). \nNow if this ioctl occurs at the same time another process is in the\nprocess of mounting a Squashfs filesystem on /dev/loop0, the failure\noccurs. When this happens the following code in squashfs_fill_super()\nfails.\n\n----\nmsblk-\u003edevblksize = sb_min_blocksize(sb, SQUASHFS_DEVBLK_SIZE);\nmsblk-\u003edevblksize_log2 = ffz(~msblk-\u003edevblksize);\n----\n\nsb_min_blocksize() returns 0, which means msblk-\u003edevblksize is set to 0.\n\nAs a result, ffz(~msblk-\u003edevblksize) returns 64, and msblk-\u003edevblksize_log2\nis set to 64.\n\nThis subsequently causes the\n\nUBSAN: shift-out-of-bounds in fs/squashfs/block.c:195:36\nshift exponent 64 is too large for 64-bit type \u0027u64\u0027 (aka\n\u0027unsigned long long\u0027)\n\nThis commit adds a check for a 0 return by sb_min_blocksize().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38415",
"url": "https://www.suse.com/security/cve/CVE-2025-38415"
},
{
"category": "external",
"summary": "SUSE Bug 1247147 for CVE-2025-38415",
"url": "https://bugzilla.suse.com/1247147"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38415"
},
{
"cve": "CVE-2025-38416",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38416"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFC: nci: uart: Set tty-\u003edisc_data only in success path\n\nSetting tty-\u003edisc_data before opening the NCI device means we need to\nclean it up on error paths. This also opens some short window if device\nstarts sending data, even before NCIUARTSETDRIVER IOCTL succeeded\n(broken hardware?). Close the window by exposing tty-\u003edisc_data only on\nthe success path, when opening of the NCI device and try_module_get()\nsucceeds.\n\nThe code differs in error path in one aspect: tty-\u003edisc_data won\u0027t be\never assigned thus NULL-ified. This however should not be relevant\ndifference, because of \"tty-\u003edisc_data=NULL\" in nci_uart_tty_open().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38416",
"url": "https://www.suse.com/security/cve/CVE-2025-38416"
},
{
"category": "external",
"summary": "SUSE Bug 1247151 for CVE-2025-38416",
"url": "https://bugzilla.suse.com/1247151"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38416"
},
{
"cve": "CVE-2025-38417",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38417"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix eswitch code memory leak in reset scenario\n\nAdd simple eswitch mode checker in attaching VF procedure and allocate\nrequired port representor memory structures only in switchdev mode.\nThe reset flows triggers VF (if present) detach/attach procedure.\nIt might involve VF port representor(s) re-creation if the device is\nconfigured is switchdev mode (not legacy one).\nThe memory was blindly allocated in current implementation,\nregardless of the mode and not freed if in legacy mode.\n\nKmemeleak trace:\nunreferenced object (percpu) 0x7e3bce5b888458 (size 40):\n comm \"bash\", pid 1784, jiffies 4295743894\n hex dump (first 32 bytes on cpu 45):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc 0):\n pcpu_alloc_noprof+0x4c4/0x7c0\n ice_repr_create+0x66/0x130 [ice]\n ice_repr_create_vf+0x22/0x70 [ice]\n ice_eswitch_attach_vf+0x1b/0xa0 [ice]\n ice_reset_all_vfs+0x1dd/0x2f0 [ice]\n ice_pci_err_resume+0x3b/0xb0 [ice]\n pci_reset_function+0x8f/0x120\n reset_store+0x56/0xa0\n kernfs_fop_write_iter+0x120/0x1b0\n vfs_write+0x31c/0x430\n ksys_write+0x61/0xd0\n do_syscall_64+0x5b/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nTesting hints (ethX is PF netdev):\n- create at least one VF\n echo 1 \u003e /sys/class/net/ethX/device/sriov_numvfs\n- trigger the reset\n echo 1 \u003e /sys/class/net/ethX/device/reset",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38417",
"url": "https://www.suse.com/security/cve/CVE-2025-38417"
},
{
"category": "external",
"summary": "SUSE Bug 1247282 for CVE-2025-38417",
"url": "https://bugzilla.suse.com/1247282"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "low"
}
],
"title": "CVE-2025-38417"
},
{
"cve": "CVE-2025-38418",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38418"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: core: Release rproc-\u003eclean_table after rproc_attach() fails\n\nWhen rproc-\u003estate = RPROC_DETACHED is attached to remote processor\nthrough rproc_attach(), if rproc_handle_resources() returns failure,\nthen the clean table should be released, otherwise the following\nmemory leak will occur.\n\nunreferenced object 0xffff000086a99800 (size 1024):\ncomm \"kworker/u12:3\", pid 59, jiffies 4294893670 (age 121.140s)\nhex dump (first 32 bytes):\n00 00 00 00 00 80 00 00 00 00 00 00 00 00 10 00 ............\n00 00 00 00 00 00 08 00 00 00 00 00 00 00 00 00 ............\nbacktrace:\n [\u003c000000008bbe4ca8\u003e] slab_post_alloc_hook+0x98/0x3fc\n [\u003c000000003b8a272b\u003e] __kmem_cache_alloc_node+0x13c/0x230\n [\u003c000000007a507c51\u003e] __kmalloc_node_track_caller+0x5c/0x260\n [\u003c0000000037818dae\u003e] kmemdup+0x34/0x60\n [\u003c00000000610f7f57\u003e] rproc_boot+0x35c/0x56c\n [\u003c0000000065f8871a\u003e] rproc_add+0x124/0x17c\n [\u003c00000000497416ee\u003e] imx_rproc_probe+0x4ec/0x5d4\n [\u003c000000003bcaa37d\u003e] platform_probe+0x68/0xd8\n [\u003c00000000771577f9\u003e] really_probe+0x110/0x27c\n [\u003c00000000531fea59\u003e] __driver_probe_device+0x78/0x12c\n [\u003c0000000080036a04\u003e] driver_probe_device+0x3c/0x118\n [\u003c000000007e0bddcb\u003e] __device_attach_driver+0xb8/0xf8\n [\u003c000000000cf1fa33\u003e] bus_for_each_drv+0x84/0xe4\n [\u003c000000001a53b53e\u003e] __device_attach+0xfc/0x18c\n [\u003c00000000d1a2a32c\u003e] device_initial_probe+0x14/0x20\n [\u003c00000000d8f8b7ae\u003e] bus_probe_device+0xb0/0xb4\n unreferenced object 0xffff0000864c9690 (size 16):",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38418",
"url": "https://www.suse.com/security/cve/CVE-2025-38418"
},
{
"category": "external",
"summary": "SUSE Bug 1247137 for CVE-2025-38418",
"url": "https://bugzilla.suse.com/1247137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38418"
},
{
"cve": "CVE-2025-38419",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38419"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach()\n\nWhen rproc-\u003estate = RPROC_DETACHED and rproc_attach() is used\nto attach to the remote processor, if rproc_handle_resources()\nreturns a failure, the resources allocated by imx_rproc_prepare()\nshould be released, otherwise the following memory leak will occur.\n\nSince almost the same thing is done in imx_rproc_prepare() and\nrproc_resource_cleanup(), Function rproc_resource_cleanup() is able\nto deal with empty lists so it is better to fix the \"goto\" statements\nin rproc_attach(). replace the \"unprepare_device\" goto statement with\n\"clean_up_resources\" and get rid of the \"unprepare_device\" label.\n\nunreferenced object 0xffff0000861c5d00 (size 128):\ncomm \"kworker/u12:3\", pid 59, jiffies 4294893509 (age 149.220s)\nhex dump (first 32 bytes):\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n00 00 02 88 00 00 00 00 00 00 10 00 00 00 00 00 ............\nbacktrace:\n [\u003c00000000f949fe18\u003e] slab_post_alloc_hook+0x98/0x37c\n [\u003c00000000adbfb3e7\u003e] __kmem_cache_alloc_node+0x138/0x2e0\n [\u003c00000000521c0345\u003e] kmalloc_trace+0x40/0x158\n [\u003c000000004e330a49\u003e] rproc_mem_entry_init+0x60/0xf8\n [\u003c000000002815755e\u003e] imx_rproc_prepare+0xe0/0x180\n [\u003c0000000003f61b4e\u003e] rproc_boot+0x2ec/0x528\n [\u003c00000000e7e994ac\u003e] rproc_add+0x124/0x17c\n [\u003c0000000048594076\u003e] imx_rproc_probe+0x4ec/0x5d4\n [\u003c00000000efc298a1\u003e] platform_probe+0x68/0xd8\n [\u003c00000000110be6fe\u003e] really_probe+0x110/0x27c\n [\u003c00000000e245c0ae\u003e] __driver_probe_device+0x78/0x12c\n [\u003c00000000f61f6f5e\u003e] driver_probe_device+0x3c/0x118\n [\u003c00000000a7874938\u003e] __device_attach_driver+0xb8/0xf8\n [\u003c0000000065319e69\u003e] bus_for_each_drv+0x84/0xe4\n [\u003c00000000db3eb243\u003e] __device_attach+0xfc/0x18c\n [\u003c0000000072e4e1a4\u003e] device_initial_probe+0x14/0x20",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38419",
"url": "https://www.suse.com/security/cve/CVE-2025-38419"
},
{
"category": "external",
"summary": "SUSE Bug 1247136 for CVE-2025-38419",
"url": "https://bugzilla.suse.com/1247136"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38419"
},
{
"cve": "CVE-2025-38420",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38420"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: carl9170: do not ping device which has failed to load firmware\n\nSyzkaller reports [1, 2] crashes caused by an attempts to ping\nthe device which has failed to load firmware. Since such a device\ndoesn\u0027t pass \u0027ieee80211_register_hw()\u0027, an internal workqueue\nmanaged by \u0027ieee80211_queue_work()\u0027 is not yet created and an\nattempt to queue work on it causes null-ptr-deref.\n\n[1] https://syzkaller.appspot.com/bug?extid=9a4aec827829942045ff\n[2] https://syzkaller.appspot.com/bug?extid=0d8afba53e8fb2633217",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38420",
"url": "https://www.suse.com/security/cve/CVE-2025-38420"
},
{
"category": "external",
"summary": "SUSE Bug 1247279 for CVE-2025-38420",
"url": "https://bugzilla.suse.com/1247279"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38420"
},
{
"cve": "CVE-2025-38421",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38421"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86/amd: pmf: Use device managed allocations\n\nIf setting up smart PC fails for any reason then this can lead to\na double free when unloading amd-pmf. This is because dev-\u003ebuf was\nfreed but never set to NULL and is again freed in amd_pmf_remove().\n\nTo avoid subtle allocation bugs in failures leading to a double free\nchange all allocations into device managed allocations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38421",
"url": "https://www.suse.com/security/cve/CVE-2025-38421"
},
{
"category": "external",
"summary": "SUSE Bug 1247130 for CVE-2025-38421",
"url": "https://bugzilla.suse.com/1247130"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38421"
},
{
"cve": "CVE-2025-38424",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38424"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix sample vs do_exit()\n\nBaisheng Gao reported an ARM64 crash, which Mark decoded as being a\nsynchronous external abort -- most likely due to trying to access\nMMIO in bad ways.\n\nThe crash further shows perf trying to do a user stack sample while in\nexit_mmap()\u0027s tlb_finish_mmu() -- i.e. while tearing down the address\nspace it is trying to access.\n\nIt turns out that we stop perf after we tear down the userspace mm; a\nreceipie for disaster, since perf likes to access userspace for\nvarious reasons.\n\nFlip this order by moving up where we stop perf in do_exit().\n\nAdditionally, harden PERF_SAMPLE_CALLCHAIN and PERF_SAMPLE_STACK_USER\nto abort when the current task does not have an mm (exit_mm() makes\nsure to set current-\u003emm = NULL; before commencing with the actual\nteardown). Such that CPU wide events don\u0027t trip on this same problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38424",
"url": "https://www.suse.com/security/cve/CVE-2025-38424"
},
{
"category": "external",
"summary": "SUSE Bug 1247293 for CVE-2025-38424",
"url": "https://bugzilla.suse.com/1247293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38424"
},
{
"cve": "CVE-2025-38425",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38425"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: tegra: check msg length in SMBUS block read\n\nFor SMBUS block read, do not continue to read if the message length\npassed from the device is \u00270\u0027 or greater than the maximum allowed bytes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38425",
"url": "https://www.suse.com/security/cve/CVE-2025-38425"
},
{
"category": "external",
"summary": "SUSE Bug 1247251 for CVE-2025-38425",
"url": "https://bugzilla.suse.com/1247251"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38425"
},
{
"cve": "CVE-2025-38426",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38426"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Add basic validation for RAS header\n\nIf RAS header read from EEPROM is corrupted, it could result in trying\nto allocate huge memory for reading the records. Add some validation to\nheader fields.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38426",
"url": "https://www.suse.com/security/cve/CVE-2025-38426"
},
{
"category": "external",
"summary": "SUSE Bug 1247252 for CVE-2025-38426",
"url": "https://bugzilla.suse.com/1247252"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38426"
},
{
"cve": "CVE-2025-38427",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38427"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvideo: screen_info: Relocate framebuffers behind PCI bridges\n\nApply PCI host-bridge window offsets to screen_info framebuffers. Fixes\ninvalid access to I/O memory.\n\nResources behind a PCI host bridge can be relocated by a certain offset\nin the kernel\u0027s CPU address range used for I/O. The framebuffer memory\nrange stored in screen_info refers to the CPU addresses as seen during\nboot (where the offset is 0). During boot up, firmware may assign a\ndifferent memory offset to the PCI host bridge and thereby relocating\nthe framebuffer address of the PCI graphics device as seen by the kernel.\nThe information in screen_info must be updated as well.\n\nThe helper pcibios_bus_to_resource() performs the relocation of the\nscreen_info\u0027s framebuffer resource (given in PCI bus addresses). The\nresult matches the I/O-memory resource of the PCI graphics device (given\nin CPU addresses). As before, we store away the information necessary to\nlater update the information in screen_info itself.\n\nCommit 78aa89d1dfba (\"firmware/sysfb: Update screen_info for relocated\nEFI framebuffers\") added the code for updating screen_info. It is based\non similar functionality that pre-existed in efifb. Efifb uses a pointer\nto the PCI resource, while the newer code does a memcpy of the region.\nHence efifb sees any updates to the PCI resource and avoids the issue.\n\nv3:\n- Only use struct pci_bus_region for PCI bus addresses (Bjorn)\n- Clarify address semantics in commit messages and comments (Bjorn)\nv2:\n- Fixed tags (Takashi, Ivan)\n- Updated information on efifb",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38427",
"url": "https://www.suse.com/security/cve/CVE-2025-38427"
},
{
"category": "external",
"summary": "SUSE Bug 1247152 for CVE-2025-38427",
"url": "https://bugzilla.suse.com/1247152"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38427"
},
{
"cve": "CVE-2025-38428",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38428"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: ims-pcu - check record size in ims_pcu_flash_firmware()\n\nThe \"len\" variable comes from the firmware and we generally do\ntrust firmware, but it\u0027s always better to double check. If the \"len\"\nis too large it could result in memory corruption when we do\n\"memcpy(fragment-\u003edata, rec-\u003edata, len);\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38428",
"url": "https://www.suse.com/security/cve/CVE-2025-38428"
},
{
"category": "external",
"summary": "SUSE Bug 1247150 for CVE-2025-38428",
"url": "https://bugzilla.suse.com/1247150"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38428"
},
{
"cve": "CVE-2025-38429",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38429"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: mhi: ep: Update read pointer only after buffer is written\n\nInside mhi_ep_ring_add_element, the read pointer (rd_offset) is updated\nbefore the buffer is written, potentially causing race conditions where\nthe host sees an updated read pointer before the buffer is actually\nwritten. Updating rd_offset prematurely can lead to the host accessing\nan uninitialized or incomplete element, resulting in data corruption.\n\nInvoke the buffer write before updating rd_offset to ensure the element\nis fully written before signaling its availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38429",
"url": "https://www.suse.com/security/cve/CVE-2025-38429"
},
{
"category": "external",
"summary": "SUSE Bug 1247253 for CVE-2025-38429",
"url": "https://bugzilla.suse.com/1247253"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38429"
},
{
"cve": "CVE-2025-38430",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38430"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: nfsd4_spo_must_allow() must check this is a v4 compound request\n\nIf the request being processed is not a v4 compound request, then\nexamining the cstate can have undefined results.\n\nThis patch adds a check that the rpc procedure being executed\n(rq_procinfo) is the NFSPROC4_COMPOUND procedure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38430",
"url": "https://www.suse.com/security/cve/CVE-2025-38430"
},
{
"category": "external",
"summary": "SUSE Bug 1247160 for CVE-2025-38430",
"url": "https://bugzilla.suse.com/1247160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38430"
},
{
"cve": "CVE-2025-38436",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38436"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/scheduler: signal scheduled fence when kill job\n\nWhen an entity from application B is killed, drm_sched_entity_kill()\nremoves all jobs belonging to that entity through\ndrm_sched_entity_kill_jobs_work(). If application A\u0027s job depends on a\nscheduled fence from application B\u0027s job, and that fence is not properly\nsignaled during the killing process, application A\u0027s dependency cannot be\ncleared.\n\nThis leads to application A hanging indefinitely while waiting for a\ndependency that will never be resolved. Fix this issue by ensuring that\nscheduled fences are properly signaled when an entity is killed, allowing\ndependent applications to continue execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38436",
"url": "https://www.suse.com/security/cve/CVE-2025-38436"
},
{
"category": "external",
"summary": "SUSE Bug 1247227 for CVE-2025-38436",
"url": "https://bugzilla.suse.com/1247227"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38436"
},
{
"cve": "CVE-2025-38438",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38438"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak.\n\nsof_pdata-\u003etplg_filename can have address allocated by kstrdup()\nand can be overwritten. Memory leak was detected with kmemleak:\n\nunreferenced object 0xffff88812391ff60 (size 16):\n comm \"kworker/4:1\", pid 161, jiffies 4294802931\n hex dump (first 16 bytes):\n 73 6f 66 2d 68 64 61 2d 67 65 6e 65 72 69 63 00 sof-hda-generic.\n backtrace (crc 4bf1675c):\n __kmalloc_node_track_caller_noprof+0x49c/0x6b0\n kstrdup+0x46/0xc0\n hda_machine_select.cold+0x1de/0x12cf [snd_sof_intel_hda_generic]\n sof_init_environment+0x16f/0xb50 [snd_sof]\n sof_probe_continue+0x45/0x7c0 [snd_sof]\n sof_probe_work+0x1e/0x40 [snd_sof]\n process_one_work+0x894/0x14b0\n worker_thread+0x5e5/0xfb0\n kthread+0x39d/0x760\n ret_from_fork+0x31/0x70\n ret_from_fork_asm+0x1a/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38438",
"url": "https://www.suse.com/security/cve/CVE-2025-38438"
},
{
"category": "external",
"summary": "SUSE Bug 1247157 for CVE-2025-38438",
"url": "https://bugzilla.suse.com/1247157"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38438"
},
{
"cve": "CVE-2025-38439",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38439"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Set DMA unmap len correctly for XDP_REDIRECT\n\nWhen transmitting an XDP_REDIRECT packet, call dma_unmap_len_set()\nwith the proper length instead of 0. This bug triggers this warning\non a system with IOMMU enabled:\n\nWARNING: CPU: 36 PID: 0 at drivers/iommu/dma-iommu.c:842 __iommu_dma_unmap+0x159/0x170\nRIP: 0010:__iommu_dma_unmap+0x159/0x170\nCode: a8 00 00 00 00 48 c7 45 b0 00 00 00 00 48 c7 45 c8 00 00 00 00 48 c7 45 a0 ff ff ff ff 4c 89 45\nb8 4c 89 45 c0 e9 77 ff ff ff \u003c0f\u003e 0b e9 60 ff ff ff e8 8b bf 6a 00 66 66 2e 0f 1f 84 00 00 00 00\nRSP: 0018:ff22d31181150c88 EFLAGS: 00010206\nRAX: 0000000000002000 RBX: 00000000e13a0000 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ff22d31181150cf0 R08: ff22d31181150ca8 R09: 0000000000000000\nR10: 0000000000000000 R11: ff22d311d36c9d80 R12: 0000000000001000\nR13: ff13544d10645010 R14: ff22d31181150c90 R15: ff13544d0b2bac00\nFS: 0000000000000000(0000) GS:ff13550908a00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00005be909dacff8 CR3: 0008000173408003 CR4: 0000000000f71ef0\nPKRU: 55555554\nCall Trace:\n\u003cIRQ\u003e\n? show_regs+0x6d/0x80\n? __warn+0x89/0x160\n? __iommu_dma_unmap+0x159/0x170\n? report_bug+0x17e/0x1b0\n? handle_bug+0x46/0x90\n? exc_invalid_op+0x18/0x80\n? asm_exc_invalid_op+0x1b/0x20\n? __iommu_dma_unmap+0x159/0x170\n? __iommu_dma_unmap+0xb3/0x170\niommu_dma_unmap_page+0x4f/0x100\ndma_unmap_page_attrs+0x52/0x220\n? srso_alias_return_thunk+0x5/0xfbef5\n? xdp_return_frame+0x2e/0xd0\nbnxt_tx_int_xdp+0xdf/0x440 [bnxt_en]\n__bnxt_poll_work_done+0x81/0x1e0 [bnxt_en]\nbnxt_poll+0xd3/0x1e0 [bnxt_en]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38439",
"url": "https://www.suse.com/security/cve/CVE-2025-38439"
},
{
"category": "external",
"summary": "SUSE Bug 1247155 for CVE-2025-38439",
"url": "https://bugzilla.suse.com/1247155"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "low"
}
],
"title": "CVE-2025-38439"
},
{
"cve": "CVE-2025-38440",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38440"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix race between DIM disable and net_dim()\n\nThere\u0027s a race between disabling DIM and NAPI callbacks using the dim\npointer on the RQ or SQ.\n\nIf NAPI checks the DIM state bit and sees it still set, it assumes\n`rq-\u003edim` or `sq-\u003edim` is valid. But if DIM gets disabled right after\nthat check, the pointer might already be set to NULL, leading to a NULL\npointer dereference in net_dim().\n\nFix this by calling `synchronize_net()` before freeing the DIM context.\nThis ensures all in-progress NAPI callbacks are finished before the\npointer is cleared.\n\nKernel log:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n...\nRIP: 0010:net_dim+0x23/0x190\n...\nCall Trace:\n \u003cTASK\u003e\n ? __die+0x20/0x60\n ? page_fault_oops+0x150/0x3e0\n ? common_interrupt+0xf/0xa0\n ? sysvec_call_function_single+0xb/0x90\n ? exc_page_fault+0x74/0x130\n ? asm_exc_page_fault+0x22/0x30\n ? net_dim+0x23/0x190\n ? mlx5e_poll_ico_cq+0x41/0x6f0 [mlx5_core]\n ? sysvec_apic_timer_interrupt+0xb/0x90\n mlx5e_handle_rx_dim+0x92/0xd0 [mlx5_core]\n mlx5e_napi_poll+0x2cd/0xac0 [mlx5_core]\n ? mlx5e_poll_ico_cq+0xe5/0x6f0 [mlx5_core]\n busy_poll_stop+0xa2/0x200\n ? mlx5e_napi_poll+0x1d9/0xac0 [mlx5_core]\n ? mlx5e_trigger_irq+0x130/0x130 [mlx5_core]\n __napi_busy_loop+0x345/0x3b0\n ? sysvec_call_function_single+0xb/0x90\n ? asm_sysvec_call_function_single+0x16/0x20\n ? sysvec_apic_timer_interrupt+0xb/0x90\n ? pcpu_free_area+0x1e4/0x2e0\n napi_busy_loop+0x11/0x20\n xsk_recvmsg+0x10c/0x130\n sock_recvmsg+0x44/0x70\n __sys_recvfrom+0xbc/0x130\n ? __schedule+0x398/0x890\n __x64_sys_recvfrom+0x20/0x30\n do_syscall_64+0x4c/0x100\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n...\n---[ end trace 0000000000000000 ]---\n...\n---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38440",
"url": "https://www.suse.com/security/cve/CVE-2025-38440"
},
{
"category": "external",
"summary": "SUSE Bug 1247290 for CVE-2025-38440",
"url": "https://bugzilla.suse.com/1247290"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38440"
},
{
"cve": "CVE-2025-38441",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38441"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto()\n\nsyzbot found a potential access to uninit-value in nf_flow_pppoe_proto()\n\nBlamed commit forgot the Ethernet header.\n\nBUG: KMSAN: uninit-value in nf_flow_offload_inet_hook+0x7e4/0x940 net/netfilter/nf_flow_table_inet.c:27\n nf_flow_offload_inet_hook+0x7e4/0x940 net/netfilter/nf_flow_table_inet.c:27\n nf_hook_entry_hookfn include/linux/netfilter.h:157 [inline]\n nf_hook_slow+0xe1/0x3d0 net/netfilter/core.c:623\n nf_hook_ingress include/linux/netfilter_netdev.h:34 [inline]\n nf_ingress net/core/dev.c:5742 [inline]\n __netif_receive_skb_core+0x4aff/0x70c0 net/core/dev.c:5837\n __netif_receive_skb_one_core net/core/dev.c:5975 [inline]\n __netif_receive_skb+0xcc/0xac0 net/core/dev.c:6090\n netif_receive_skb_internal net/core/dev.c:6176 [inline]\n netif_receive_skb+0x57/0x630 net/core/dev.c:6235\n tun_rx_batched+0x1df/0x980 drivers/net/tun.c:1485\n tun_get_user+0x4ee0/0x6b40 drivers/net/tun.c:1938\n tun_chr_write_iter+0x3e9/0x5c0 drivers/net/tun.c:1984\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0xb4b/0x1580 fs/read_write.c:686\n ksys_write fs/read_write.c:738 [inline]\n __do_sys_write fs/read_write.c:749 [inline]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38441",
"url": "https://www.suse.com/security/cve/CVE-2025-38441"
},
{
"category": "external",
"summary": "SUSE Bug 1247167 for CVE-2025-38441",
"url": "https://bugzilla.suse.com/1247167"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38441"
},
{
"cve": "CVE-2025-38443",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38443"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: fix uaf in nbd_genl_connect() error path\n\nThere is a use-after-free issue in nbd:\n\nblock nbd6: Receive control failed (result -104)\nblock nbd6: shutting down sockets\n==================================================================\nBUG: KASAN: slab-use-after-free in recv_work+0x694/0xa80 drivers/block/nbd.c:1022\nWrite of size 4 at addr ffff8880295de478 by task kworker/u33:0/67\n\nCPU: 2 UID: 0 PID: 67 Comm: kworker/u33:0 Not tainted 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(full)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nWorkqueue: nbd6-recv recv_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xc3/0x670 mm/kasan/report.c:521\n kasan_report+0xe0/0x110 mm/kasan/report.c:634\n check_region_inline mm/kasan/generic.c:183 [inline]\n kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189\n instrument_atomic_read_write include/linux/instrumented.h:96 [inline]\n atomic_dec include/linux/atomic/atomic-instrumented.h:592 [inline]\n recv_work+0x694/0xa80 drivers/block/nbd.c:1022\n process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238\n process_scheduled_works kernel/workqueue.c:3319 [inline]\n worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400\n kthread+0x3c2/0x780 kernel/kthread.c:464\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nnbd_genl_connect() does not properly stop the device on certain\nerror paths after nbd_start_device() has been called. This causes\nthe error path to put nbd-\u003econfig while recv_work continue to use\nthe config after putting it, leading to use-after-free in recv_work.\n\nThis patch moves nbd_start_device() after the backend file creation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38443",
"url": "https://www.suse.com/security/cve/CVE-2025-38443"
},
{
"category": "external",
"summary": "SUSE Bug 1247164 for CVE-2025-38443",
"url": "https://bugzilla.suse.com/1247164"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38443"
},
{
"cve": "CVE-2025-38444",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38444"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nraid10: cleanup memleak at raid10_make_request\n\nIf raid10_read_request or raid10_write_request registers a new\nrequest and the REQ_NOWAIT flag is set, the code does not\nfree the malloc from the mempool.\n\nunreferenced object 0xffff8884802c3200 (size 192):\n comm \"fio\", pid 9197, jiffies 4298078271\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 88 41 02 00 00 00 00 00 .........A......\n 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc c1a049a2):\n __kmalloc+0x2bb/0x450\n mempool_alloc+0x11b/0x320\n raid10_make_request+0x19e/0x650 [raid10]\n md_handle_request+0x3b3/0x9e0\n __submit_bio+0x394/0x560\n __submit_bio_noacct+0x145/0x530\n submit_bio_noacct_nocheck+0x682/0x830\n __blkdev_direct_IO_async+0x4dc/0x6b0\n blkdev_read_iter+0x1e5/0x3b0\n __io_read+0x230/0x1110\n io_read+0x13/0x30\n io_issue_sqe+0x134/0x1180\n io_submit_sqes+0x48c/0xe90\n __do_sys_io_uring_enter+0x574/0x8b0\n do_syscall_64+0x5c/0xe0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nV4: changing backing tree to see if CKI tests will pass.\nThe patch code has not changed between any versions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38444",
"url": "https://www.suse.com/security/cve/CVE-2025-38444"
},
{
"category": "external",
"summary": "SUSE Bug 1247162 for CVE-2025-38444",
"url": "https://bugzilla.suse.com/1247162"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38444"
},
{
"cve": "CVE-2025-38445",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38445"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid1: Fix stack memory use after return in raid1_reshape\n\nIn the raid1_reshape function, newpool is\nallocated on the stack and assigned to conf-\u003er1bio_pool.\nThis results in conf-\u003er1bio_pool.wait.head pointing\nto a stack address.\nAccessing this address later can lead to a kernel panic.\n\nExample access path:\n\nraid1_reshape()\n{\n\t// newpool is on the stack\n\tmempool_t newpool, oldpool;\n\t// initialize newpool.wait.head to stack address\n\tmempool_init(\u0026newpool, ...);\n\tconf-\u003er1bio_pool = newpool;\n}\n\nraid1_read_request() or raid1_write_request()\n{\n\talloc_r1bio()\n\t{\n\t\tmempool_alloc()\n\t\t{\n\t\t\t// if pool-\u003ealloc fails\n\t\t\tremove_element()\n\t\t\t{\n\t\t\t\t--pool-\u003ecurr_nr;\n\t\t\t}\n\t\t}\n\t}\n}\n\nmempool_free()\n{\n\tif (pool-\u003ecurr_nr \u003c pool-\u003emin_nr) {\n\t\t// pool-\u003ewait.head is a stack address\n\t\t// wake_up() will try to access this invalid address\n\t\t// which leads to a kernel panic\n\t\treturn;\n\t\twake_up(\u0026pool-\u003ewait);\n\t}\n}\n\nFix:\nreinit conf-\u003er1bio_pool.wait after assigning newpool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38445",
"url": "https://www.suse.com/security/cve/CVE-2025-38445"
},
{
"category": "external",
"summary": "SUSE Bug 1247229 for CVE-2025-38445",
"url": "https://bugzilla.suse.com/1247229"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38445"
},
{
"cve": "CVE-2025-38446",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38446"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: imx: Fix an out-of-bounds access in dispmix_csr_clk_dev_data\n\nWhen num_parents is 4, __clk_register() occurs an out-of-bounds\nwhen accessing parent_names member. Use ARRAY_SIZE() instead of\nhardcode number here.\n\n BUG: KASAN: global-out-of-bounds in __clk_register+0x1844/0x20d8\n Read of size 8 at addr ffff800086988e78 by task kworker/u24:3/59\n Hardware name: NXP i.MX95 19X19 board (DT)\n Workqueue: events_unbound deferred_probe_work_func\n Call trace:\n dump_backtrace+0x94/0xec\n show_stack+0x18/0x24\n dump_stack_lvl+0x8c/0xcc\n print_report+0x398/0x5fc\n kasan_report+0xd4/0x114\n __asan_report_load8_noabort+0x20/0x2c\n __clk_register+0x1844/0x20d8\n clk_hw_register+0x44/0x110\n __clk_hw_register_mux+0x284/0x3a8\n imx95_bc_probe+0x4f4/0xa70",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38446",
"url": "https://www.suse.com/security/cve/CVE-2025-38446"
},
{
"category": "external",
"summary": "SUSE Bug 1247231 for CVE-2025-38446",
"url": "https://bugzilla.suse.com/1247231"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38446"
},
{
"cve": "CVE-2025-38448",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38448"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: u_serial: Fix race condition in TTY wakeup\n\nA race condition occurs when gs_start_io() calls either gs_start_rx() or\ngs_start_tx(), as those functions briefly drop the port_lock for\nusb_ep_queue(). This allows gs_close() and gserial_disconnect() to clear\nport.tty and port_usb, respectively.\n\nUse the null-safe TTY Port helper function to wake up TTY.\n\nExample\n CPU1:\t\t\t CPU2:\n gserial_connect() // lock\n \t\t\t gs_close() // await lock\n gs_start_rx() // unlock\n usb_ep_queue()\n \t\t\t gs_close() // lock, reset port.tty and unlock\n gs_start_rx() // lock\n tty_wakeup() // NPE",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38448",
"url": "https://www.suse.com/security/cve/CVE-2025-38448"
},
{
"category": "external",
"summary": "SUSE Bug 1247233 for CVE-2025-38448",
"url": "https://bugzilla.suse.com/1247233"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38448"
},
{
"cve": "CVE-2025-38449",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38449"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gem: Acquire references on GEM handles for framebuffers\n\nA GEM handle can be released while the GEM buffer object is attached\nto a DRM framebuffer. This leads to the release of the dma-buf backing\nthe buffer object, if any. [1] Trying to use the framebuffer in further\nmode-setting operations leads to a segmentation fault. Most easily\nhappens with driver that use shadow planes for vmap-ing the dma-buf\nduring a page flip. An example is shown below.\n\n[ 156.791968] ------------[ cut here ]------------\n[ 156.796830] WARNING: CPU: 2 PID: 2255 at drivers/dma-buf/dma-buf.c:1527 dma_buf_vmap+0x224/0x430\n[...]\n[ 156.942028] RIP: 0010:dma_buf_vmap+0x224/0x430\n[ 157.043420] Call Trace:\n[ 157.045898] \u003cTASK\u003e\n[ 157.048030] ? show_trace_log_lvl+0x1af/0x2c0\n[ 157.052436] ? show_trace_log_lvl+0x1af/0x2c0\n[ 157.056836] ? show_trace_log_lvl+0x1af/0x2c0\n[ 157.061253] ? drm_gem_shmem_vmap+0x74/0x710\n[ 157.065567] ? dma_buf_vmap+0x224/0x430\n[ 157.069446] ? __warn.cold+0x58/0xe4\n[ 157.073061] ? dma_buf_vmap+0x224/0x430\n[ 157.077111] ? report_bug+0x1dd/0x390\n[ 157.080842] ? handle_bug+0x5e/0xa0\n[ 157.084389] ? exc_invalid_op+0x14/0x50\n[ 157.088291] ? asm_exc_invalid_op+0x16/0x20\n[ 157.092548] ? dma_buf_vmap+0x224/0x430\n[ 157.096663] ? dma_resv_get_singleton+0x6d/0x230\n[ 157.101341] ? __pfx_dma_buf_vmap+0x10/0x10\n[ 157.105588] ? __pfx_dma_resv_get_singleton+0x10/0x10\n[ 157.110697] drm_gem_shmem_vmap+0x74/0x710\n[ 157.114866] drm_gem_vmap+0xa9/0x1b0\n[ 157.118763] drm_gem_vmap_unlocked+0x46/0xa0\n[ 157.123086] drm_gem_fb_vmap+0xab/0x300\n[ 157.126979] drm_atomic_helper_prepare_planes.part.0+0x487/0xb10\n[ 157.133032] ? lockdep_init_map_type+0x19d/0x880\n[ 157.137701] drm_atomic_helper_commit+0x13d/0x2e0\n[ 157.142671] ? drm_atomic_nonblocking_commit+0xa0/0x180\n[ 157.147988] drm_mode_atomic_ioctl+0x766/0xe40\n[...]\n[ 157.346424] ---[ end trace 0000000000000000 ]---\n\nAcquiring GEM handles for the framebuffer\u0027s GEM buffer objects prevents\nthis from happening. The framebuffer\u0027s cleanup later puts the handle\nreferences.\n\nCommit 1a148af06000 (\"drm/gem-shmem: Use dma_buf from GEM object\ninstance\") triggers the segmentation fault easily by using the dma-buf\nfield more widely. The underlying issue with reference counting has\nbeen present before.\n\nv2:\n- acquire the handle instead of the BO (Christian)\n- fix comment style (Christian)\n- drop the Fixes tag (Christian)\n- rename err_ gotos\n- add missing Link tag",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38449",
"url": "https://www.suse.com/security/cve/CVE-2025-38449"
},
{
"category": "external",
"summary": "SUSE Bug 1247255 for CVE-2025-38449",
"url": "https://bugzilla.suse.com/1247255"
},
{
"category": "external",
"summary": "SUSE Bug 1247258 for CVE-2025-38449",
"url": "https://bugzilla.suse.com/1247258"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38449"
},
{
"cve": "CVE-2025-38450",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38450"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7925: prevent NULL pointer dereference in mt7925_sta_set_decap_offload()\n\nAdd a NULL check for msta-\u003evif before accessing its members to prevent\na kernel panic in AP mode deployment. This also fix the issue reported\nin [1].\n\nThe crash occurs when this function is triggered before the station is\nfully initialized. The call trace shows a page fault at\nmt7925_sta_set_decap_offload() due to accessing resources when msta-\u003evif\nis NULL.\n\nFix this by adding an early return if msta-\u003evif is NULL and also check\nwcid.sta is ready. This ensures we only proceed with decap offload\nconfiguration when the station\u0027s state is properly initialized.\n\n[14739.655703] Unable to handle kernel paging request at virtual address ffffffffffffffa0\n[14739.811820] CPU: 0 UID: 0 PID: 895854 Comm: hostapd Tainted: G\n[14739.821394] Tainted: [C]=CRAP, [O]=OOT_MODULE\n[14739.825746] Hardware name: Raspberry Pi 4 Model B Rev 1.1 (DT)\n[14739.831577] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[14739.838538] pc : mt7925_sta_set_decap_offload+0xc0/0x1b8 [mt7925_common]\n[14739.845271] lr : mt7925_sta_set_decap_offload+0x58/0x1b8 [mt7925_common]\n[14739.851985] sp : ffffffc085efb500\n[14739.855295] x29: ffffffc085efb500 x28: 0000000000000000 x27: ffffff807803a158\n[14739.862436] x26: ffffff8041ececb8 x25: 0000000000000001 x24: 0000000000000001\n[14739.869577] x23: 0000000000000001 x22: 0000000000000008 x21: ffffff8041ecea88\n[14739.876715] x20: ffffff8041c19ca0 x19: ffffff8078031fe0 x18: 0000000000000000\n[14739.883853] x17: 0000000000000000 x16: ffffffe2aeac1110 x15: 000000559da48080\n[14739.890991] x14: 0000000000000001 x13: 0000000000000000 x12: 0000000000000000\n[14739.898130] x11: 0a10020001008e88 x10: 0000000000001a50 x9 : ffffffe26457bfa0\n[14739.905269] x8 : ffffff8042013bb0 x7 : ffffff807fb6cbf8 x6 : dead000000000100\n[14739.912407] x5 : dead000000000122 x4 : ffffff80780326c8 x3 : 0000000000000000\n[14739.919546] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffffff8041ececb8\n[14739.926686] Call trace:\n[14739.929130] mt7925_sta_set_decap_offload+0xc0/0x1b8 [mt7925_common]\n[14739.935505] ieee80211_check_fast_rx+0x19c/0x510 [mac80211]\n[14739.941344] _sta_info_move_state+0xe4/0x510 [mac80211]\n[14739.946860] sta_info_move_state+0x1c/0x30 [mac80211]\n[14739.952116] sta_apply_auth_flags.constprop.0+0x90/0x1b0 [mac80211]\n[14739.958708] sta_apply_parameters+0x234/0x5e0 [mac80211]\n[14739.964332] ieee80211_add_station+0xdc/0x190 [mac80211]\n[14739.969950] nl80211_new_station+0x46c/0x670 [cfg80211]\n[14739.975516] genl_family_rcv_msg_doit+0xdc/0x150\n[14739.980158] genl_rcv_msg+0x218/0x298\n[14739.983830] netlink_rcv_skb+0x64/0x138\n[14739.987670] genl_rcv+0x40/0x60\n[14739.990816] netlink_unicast+0x314/0x380\n[14739.994742] netlink_sendmsg+0x198/0x3f0\n[14739.998664] __sock_sendmsg+0x64/0xc0\n[14740.002324] ____sys_sendmsg+0x260/0x298\n[14740.006242] ___sys_sendmsg+0xb4/0x110",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38450",
"url": "https://www.suse.com/security/cve/CVE-2025-38450"
},
{
"category": "external",
"summary": "SUSE Bug 1247376 for CVE-2025-38450",
"url": "https://bugzilla.suse.com/1247376"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38450"
},
{
"cve": "CVE-2025-38451",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38451"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/md-bitmap: fix GPF in bitmap_get_stats()\n\nThe commit message of commit 6ec1f0239485 (\"md/md-bitmap: fix stats\ncollection for external bitmaps\") states:\n\n Remove the external bitmap check as the statistics should be\n available regardless of bitmap storage location.\n\n Return -EINVAL only for invalid bitmap with no storage (neither in\n superblock nor in external file).\n\nBut, the code does not adhere to the above, as it does only check for\na valid super-block for \"internal\" bitmaps. Hence, we observe:\n\nOops: GPF, probably for non-canonical address 0x1cd66f1f40000028\nRIP: 0010:bitmap_get_stats+0x45/0xd0\nCall Trace:\n\n seq_read_iter+0x2b9/0x46a\n seq_read+0x12f/0x180\n proc_reg_read+0x57/0xb0\n vfs_read+0xf6/0x380\n ksys_read+0x6d/0xf0\n do_syscall_64+0x8c/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nWe fix this by checking the existence of a super-block for both the\ninternal and external case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38451",
"url": "https://www.suse.com/security/cve/CVE-2025-38451"
},
{
"category": "external",
"summary": "SUSE Bug 1247102 for CVE-2025-38451",
"url": "https://bugzilla.suse.com/1247102"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38451"
},
{
"cve": "CVE-2025-38453",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38453"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/msg_ring: ensure io_kiocb freeing is deferred for RCU\n\nsyzbot reports that defer/local task_work adding via msg_ring can hit\na request that has been freed:\n\nCPU: 1 UID: 0 PID: 19356 Comm: iou-wrk-19354 Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xd2/0x2b0 mm/kasan/report.c:521\n kasan_report+0x118/0x150 mm/kasan/report.c:634\n io_req_local_work_add io_uring/io_uring.c:1184 [inline]\n __io_req_task_work_add+0x589/0x950 io_uring/io_uring.c:1252\n io_msg_remote_post io_uring/msg_ring.c:103 [inline]\n io_msg_data_remote io_uring/msg_ring.c:133 [inline]\n __io_msg_ring_data+0x820/0xaa0 io_uring/msg_ring.c:151\n io_msg_ring_data io_uring/msg_ring.c:173 [inline]\n io_msg_ring+0x134/0xa00 io_uring/msg_ring.c:314\n __io_issue_sqe+0x17e/0x4b0 io_uring/io_uring.c:1739\n io_issue_sqe+0x165/0xfd0 io_uring/io_uring.c:1762\n io_wq_submit_work+0x6e9/0xb90 io_uring/io_uring.c:1874\n io_worker_handle_work+0x7cd/0x1180 io_uring/io-wq.c:642\n io_wq_worker+0x42f/0xeb0 io_uring/io-wq.c:696\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nwhich is supposed to be safe with how requests are allocated. But msg\nring requests alloc and free on their own, and hence must defer freeing\nto a sane time.\n\nAdd an rcu_head and use kfree_rcu() in both spots where requests are\nfreed. Only the one in io_msg_tw_complete() is strictly required as it\nhas been visible on the other ring, but use it consistently in the other\nspot as well.\n\nThis should not cause any other issues outside of KASAN rightfully\ncomplaining about it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38453",
"url": "https://www.suse.com/security/cve/CVE-2025-38453"
},
{
"category": "external",
"summary": "SUSE Bug 1247234 for CVE-2025-38453",
"url": "https://bugzilla.suse.com/1247234"
},
{
"category": "external",
"summary": "SUSE Bug 1247737 for CVE-2025-38453",
"url": "https://bugzilla.suse.com/1247737"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38453"
},
{
"cve": "CVE-2025-38454",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38454"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: ad1816a: Fix potential NULL pointer deref in snd_card_ad1816a_pnp()\n\nUse pr_warn() instead of dev_warn() when \u0027pdev\u0027 is NULL to avoid a\npotential NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38454",
"url": "https://www.suse.com/security/cve/CVE-2025-38454"
},
{
"category": "external",
"summary": "SUSE Bug 1247426 for CVE-2025-38454",
"url": "https://bugzilla.suse.com/1247426"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38454"
},
{
"cve": "CVE-2025-38455",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38455"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight\n\nReject migration of SEV{-ES} state if either the source or destination VM\nis actively creating a vCPU, i.e. if kvm_vm_ioctl_create_vcpu() is in the\nsection between incrementing created_vcpus and online_vcpus. The bulk of\nvCPU creation runs _outside_ of kvm-\u003elock to allow creating multiple vCPUs\nin parallel, and so sev_info.es_active can get toggled from false=\u003etrue in\nthe destination VM after (or during) svm_vcpu_create(), resulting in an\nSEV{-ES} VM effectively having a non-SEV{-ES} vCPU.\n\nThe issue manifests most visibly as a crash when trying to free a vCPU\u0027s\nNULL VMSA page in an SEV-ES VM, but any number of things can go wrong.\n\n BUG: unable to handle page fault for address: ffffebde00000000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0000 [#1] SMP KASAN NOPTI\n CPU: 227 UID: 0 PID: 64063 Comm: syz.5.60023 Tainted: G U O 6.15.0-smp-DEV #2 NONE\n Tainted: [U]=USER, [O]=OOT_MODULE\n Hardware name: Google, Inc. Arcadia_IT_80/Arcadia_IT_80, BIOS 12.52.0-0 10/28/2024\n RIP: 0010:constant_test_bit arch/x86/include/asm/bitops.h:206 [inline]\n RIP: 0010:arch_test_bit arch/x86/include/asm/bitops.h:238 [inline]\n RIP: 0010:_test_bit include/asm-generic/bitops/instrumented-non-atomic.h:142 [inline]\n RIP: 0010:PageHead include/linux/page-flags.h:866 [inline]\n RIP: 0010:___free_pages+0x3e/0x120 mm/page_alloc.c:5067\n Code: \u003c49\u003e f7 06 40 00 00 00 75 05 45 31 ff eb 0c 66 90 4c 89 f0 4c 39 f0\n RSP: 0018:ffff8984551978d0 EFLAGS: 00010246\n RAX: 0000777f80000001 RBX: 0000000000000000 RCX: ffffffff918aeb98\n RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffebde00000000\n RBP: 0000000000000000 R08: ffffebde00000007 R09: 1ffffd7bc0000000\n R10: dffffc0000000000 R11: fffff97bc0000001 R12: dffffc0000000000\n R13: ffff8983e19751a8 R14: ffffebde00000000 R15: 1ffffd7bc0000000\n FS: 0000000000000000(0000) GS:ffff89ee661d3000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: ffffebde00000000 CR3: 000000793ceaa000 CR4: 0000000000350ef0\n DR0: 0000000000000000 DR1: 0000000000000b5f DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n sev_free_vcpu+0x413/0x630 arch/x86/kvm/svm/sev.c:3169\n svm_vcpu_free+0x13a/0x2a0 arch/x86/kvm/svm/svm.c:1515\n kvm_arch_vcpu_destroy+0x6a/0x1d0 arch/x86/kvm/x86.c:12396\n kvm_vcpu_destroy virt/kvm/kvm_main.c:470 [inline]\n kvm_destroy_vcpus+0xd1/0x300 virt/kvm/kvm_main.c:490\n kvm_arch_destroy_vm+0x636/0x820 arch/x86/kvm/x86.c:12895\n kvm_put_kvm+0xb8e/0xfb0 virt/kvm/kvm_main.c:1310\n kvm_vm_release+0x48/0x60 virt/kvm/kvm_main.c:1369\n __fput+0x3e4/0x9e0 fs/file_table.c:465\n task_work_run+0x1a9/0x220 kernel/task_work.c:227\n exit_task_work include/linux/task_work.h:40 [inline]\n do_exit+0x7f0/0x25b0 kernel/exit.c:953\n do_group_exit+0x203/0x2d0 kernel/exit.c:1102\n get_signal+0x1357/0x1480 kernel/signal.c:3034\n arch_do_signal_or_restart+0x40/0x690 arch/x86/kernel/signal.c:337\n exit_to_user_mode_loop kernel/entry/common.c:111 [inline]\n exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]\n __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]\n syscall_exit_to_user_mode+0x67/0xb0 kernel/entry/common.c:218\n do_syscall_64+0x7c/0x150 arch/x86/entry/syscall_64.c:100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n RIP: 0033:0x7f87a898e969\n \u003c/TASK\u003e\n Modules linked in: gq(O)\n gsmi: Log Shutdown Reason 0x03\n CR2: ffffebde00000000\n ---[ end trace 0000000000000000 ]---\n\nDeliberately don\u0027t check for a NULL VMSA when freeing the vCPU, as crashing\nthe host is likely desirable due to the VMSA being consumed by hardware.\nE.g. if KVM manages to allow VMRUN on the vCPU, hardware may read/write a\nbogus VMSA page. Accessing P\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38455",
"url": "https://www.suse.com/security/cve/CVE-2025-38455"
},
{
"category": "external",
"summary": "SUSE Bug 1247101 for CVE-2025-38455",
"url": "https://bugzilla.suse.com/1247101"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38455"
},
{
"cve": "CVE-2025-38456",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38456"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmi:msghandler: Fix potential memory corruption in ipmi_create_user()\n\nThe \"intf\" list iterator is an invalid pointer if the correct\n\"intf-\u003eintf_num\" is not found. Calling atomic_dec(\u0026intf-\u003enr_users) on\nand invalid pointer will lead to memory corruption.\n\nWe don\u0027t really need to call atomic_dec() if we haven\u0027t called\natomic_add_return() so update the if (intf-\u003ein_shutdown) path as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38456",
"url": "https://www.suse.com/security/cve/CVE-2025-38456"
},
{
"category": "external",
"summary": "SUSE Bug 1247099 for CVE-2025-38456",
"url": "https://bugzilla.suse.com/1247099"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38456"
},
{
"cve": "CVE-2025-38457",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38457"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Abort __tc_modify_qdisc if parent class does not exist\n\nLion\u0027s patch [1] revealed an ancient bug in the qdisc API.\nWhenever a user creates/modifies a qdisc specifying as a parent another\nqdisc, the qdisc API will, during grafting, detect that the user is\nnot trying to attach to a class and reject. However grafting is\nperformed after qdisc_create (and thus the qdiscs\u0027 init callback) is\nexecuted. In qdiscs that eventually call qdisc_tree_reduce_backlog\nduring init or change (such as fq, hhf, choke, etc), an issue\narises. For example, executing the following commands:\n\nsudo tc qdisc add dev lo root handle a: htb default 2\nsudo tc qdisc add dev lo parent a: handle beef fq\n\nQdiscs such as fq, hhf, choke, etc unconditionally invoke\nqdisc_tree_reduce_backlog() in their control path init() or change() which\nthen causes a failure to find the child class; however, that does not stop\nthe unconditional invocation of the assumed child qdisc\u0027s qlen_notify with\na null class. All these qdiscs make the assumption that class is non-null.\n\nThe solution is ensure that qdisc_leaf() which looks up the parent\nclass, and is invoked prior to qdisc_create(), should return failure on\nnot finding the class.\nIn this patch, we leverage qdisc_leaf to return ERR_PTRs whenever the\nparentid doesn\u0027t correspond to a class, so that we can detect it\nearlier on and abort before qdisc_create is called.\n\n[1] https://lore.kernel.org/netdev/d912cbd7-193b-4269-9857-525bee8bbb6a@gmail.com/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38457",
"url": "https://www.suse.com/security/cve/CVE-2025-38457"
},
{
"category": "external",
"summary": "SUSE Bug 1247098 for CVE-2025-38457",
"url": "https://bugzilla.suse.com/1247098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38457"
},
{
"cve": "CVE-2025-38458",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38458"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: clip: Fix NULL pointer dereference in vcc_sendmsg()\n\natmarpd_dev_ops does not implement the send method, which may cause crash\nas bellow.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nPGD 0 P4D 0\nOops: Oops: 0010 [#1] SMP KASAN NOPTI\nCPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted 6.15.0-rc6-syzkaller-00346-g5723cc3450bc #0 PREEMPT(full)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nRIP: 0010:0x0\nCode: Unable to access opcode bytes at 0xffffffffffffffd6.\nRSP: 0018:ffffc9000d3cf778 EFLAGS: 00010246\nRAX: 1ffffffff1910dd1 RBX: 00000000000000c0 RCX: dffffc0000000000\nRDX: ffffc9000dc82000 RSI: ffff88803e4c4640 RDI: ffff888052cd0000\nRBP: ffffc9000d3cf8d0 R08: ffff888052c9143f R09: 1ffff1100a592287\nR10: dffffc0000000000 R11: 0000000000000000 R12: 1ffff92001a79f00\nR13: ffff888052cd0000 R14: ffff88803e4c4640 R15: ffffffff8c886e88\nFS: 00007fbc762566c0(0000) GS:ffff88808d6c2000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: ffffffffffffffd6 CR3: 0000000041f1b000 CR4: 0000000000352ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n vcc_sendmsg+0xa10/0xc50 net/atm/common.c:644\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg+0x219/0x270 net/socket.c:727\n ____sys_sendmsg+0x52d/0x830 net/socket.c:2566\n ___sys_sendmsg+0x21f/0x2a0 net/socket.c:2620\n __sys_sendmmsg+0x227/0x430 net/socket.c:2709\n __do_sys_sendmmsg net/socket.c:2736 [inline]\n __se_sys_sendmmsg net/socket.c:2733 [inline]\n __x64_sys_sendmmsg+0xa0/0xc0 net/socket.c:2733\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38458",
"url": "https://www.suse.com/security/cve/CVE-2025-38458"
},
{
"category": "external",
"summary": "SUSE Bug 1247116 for CVE-2025-38458",
"url": "https://bugzilla.suse.com/1247116"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38458"
},
{
"cve": "CVE-2025-38459",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38459"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: clip: Fix infinite recursive call of clip_push().\n\nsyzbot reported the splat below. [0]\n\nThis happens if we call ioctl(ATMARP_MKIP) more than once.\n\nDuring the first call, clip_mkip() sets clip_push() to vcc-\u003epush(),\nand the second call copies it to clip_vcc-\u003eold_push().\n\nLater, when the socket is close()d, vcc_destroy_socket() passes\nNULL skb to clip_push(), which calls clip_vcc-\u003eold_push(),\ntriggering the infinite recursion.\n\nLet\u0027s prevent the second ioctl(ATMARP_MKIP) by checking\nvcc-\u003euser_back, which is allocated by the first call as clip_vcc.\n\nNote also that we use lock_sock() to prevent racy calls.\n\n[0]:\nBUG: TASK stack guard page was hit at ffffc9000d66fff8 (stack is ffffc9000d670000..ffffc9000d678000)\nOops: stack guard page: 0000 [#1] SMP KASAN NOPTI\nCPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nRIP: 0010:clip_push+0x5/0x720 net/atm/clip.c:191\nCode: e0 8f aa 8c e8 1c ad 5b fa eb ae 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 \u003c41\u003e 57 41 56 41 55 41 54 53 48 83 ec 20 48 89 f3 49 89 fd 48 bd 00\nRSP: 0018:ffffc9000d670000 EFLAGS: 00010246\nRAX: 1ffff1100235a4a5 RBX: ffff888011ad2508 RCX: ffff8880003c0000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888037f01000\nRBP: dffffc0000000000 R08: ffffffff8fa104f7 R09: 1ffffffff1f4209e\nR10: dffffc0000000000 R11: ffffffff8a99b300 R12: ffffffff8a99b300\nR13: ffff888037f01000 R14: ffff888011ad2500 R15: ffff888037f01578\nFS: 000055557ab6d500(0000) GS:ffff88808d250000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: ffffc9000d66fff8 CR3: 0000000043172000 CR4: 0000000000352ef0\nCall Trace:\n \u003cTASK\u003e\n clip_push+0x6dc/0x720 net/atm/clip.c:200\n clip_push+0x6dc/0x720 net/atm/clip.c:200\n clip_push+0x6dc/0x720 net/atm/clip.c:200\n...\n clip_push+0x6dc/0x720 net/atm/clip.c:200\n clip_push+0x6dc/0x720 net/atm/clip.c:200\n clip_push+0x6dc/0x720 net/atm/clip.c:200\n vcc_destroy_socket net/atm/common.c:183 [inline]\n vcc_release+0x157/0x460 net/atm/common.c:205\n __sock_release net/socket.c:647 [inline]\n sock_close+0xc0/0x240 net/socket.c:1391\n __fput+0x449/0xa70 fs/file_table.c:465\n task_work_run+0x1d1/0x260 kernel/task_work.c:227\n resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]\n exit_to_user_mode_loop+0xec/0x110 kernel/entry/common.c:114\n exit_to_user_mode_prepare include/linux/entry-common.h:330 [inline]\n syscall_exit_to_user_mode_work include/linux/entry-common.h:414 [inline]\n syscall_exit_to_user_mode include/linux/entry-common.h:449 [inline]\n do_syscall_64+0x2bd/0x3b0 arch/x86/entry/syscall_64.c:100\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7ff31c98e929\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fffb5aa1f78 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4\nRAX: 0000000000000000 RBX: 0000000000012747 RCX: 00007ff31c98e929\nRDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003\nRBP: 00007ff31cbb7ba0 R08: 0000000000000001 R09: 0000000db5aa226f\nR10: 00007ff31c7ff030 R11: 0000000000000246 R12: 00007ff31cbb608c\nR13: 00007ff31cbb6080 R14: ffffffffffffffff R15: 00007fffb5aa2090\n \u003c/TASK\u003e\nModules linked in:",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38459",
"url": "https://www.suse.com/security/cve/CVE-2025-38459"
},
{
"category": "external",
"summary": "SUSE Bug 1247119 for CVE-2025-38459",
"url": "https://bugzilla.suse.com/1247119"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38459"
},
{
"cve": "CVE-2025-38460",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38460"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: clip: Fix potential null-ptr-deref in to_atmarpd().\n\natmarpd is protected by RTNL since commit f3a0592b37b8 (\"[ATM]: clip\ncauses unregister hang\").\n\nHowever, it is not enough because to_atmarpd() is called without RTNL,\nespecially clip_neigh_solicit() / neigh_ops-\u003esolicit() is unsleepable.\n\nAlso, there is no RTNL dependency around atmarpd.\n\nLet\u0027s use a private mutex and RCU to protect access to atmarpd in\nto_atmarpd().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38460",
"url": "https://www.suse.com/security/cve/CVE-2025-38460"
},
{
"category": "external",
"summary": "SUSE Bug 1247143 for CVE-2025-38460",
"url": "https://bugzilla.suse.com/1247143"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38460"
},
{
"cve": "CVE-2025-38461",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38461"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Fix transport_* TOCTOU\n\nTransport assignment may race with module unload. Protect new_transport\nfrom becoming a stale pointer.\n\nThis also takes care of an insecure call in vsock_use_local_transport();\nadd a lockdep assert.\n\nBUG: unable to handle page fault for address: fffffbfff8056000\nOops: Oops: 0000 [#1] SMP KASAN\nRIP: 0010:vsock_assign_transport+0x366/0x600\nCall Trace:\n vsock_connect+0x59c/0xc40\n __sys_connect+0xe8/0x100\n __x64_sys_connect+0x6e/0xc0\n do_syscall_64+0x92/0x1c0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38461",
"url": "https://www.suse.com/security/cve/CVE-2025-38461"
},
{
"category": "external",
"summary": "SUSE Bug 1247103 for CVE-2025-38461",
"url": "https://bugzilla.suse.com/1247103"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38461"
},
{
"cve": "CVE-2025-38462",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38462"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Fix transport_{g2h,h2g} TOCTOU\n\nvsock_find_cid() and vsock_dev_do_ioctl() may race with module unload.\ntransport_{g2h,h2g} may become NULL after the NULL check.\n\nIntroduce vsock_transport_local_cid() to protect from a potential\nnull-ptr-deref.\n\nKASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f]\nRIP: 0010:vsock_find_cid+0x47/0x90\nCall Trace:\n __vsock_bind+0x4b2/0x720\n vsock_bind+0x90/0xe0\n __sys_bind+0x14d/0x1e0\n __x64_sys_bind+0x6e/0xc0\n do_syscall_64+0x92/0x1c0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nKASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f]\nRIP: 0010:vsock_dev_do_ioctl.isra.0+0x58/0xf0\nCall Trace:\n __x64_sys_ioctl+0x12d/0x190\n do_syscall_64+0x92/0x1c0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38462",
"url": "https://www.suse.com/security/cve/CVE-2025-38462"
},
{
"category": "external",
"summary": "SUSE Bug 1247104 for CVE-2025-38462",
"url": "https://bugzilla.suse.com/1247104"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38462"
},
{
"cve": "CVE-2025-38463",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38463"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Correct signedness in skb remaining space calculation\n\nSyzkaller reported a bug [1] where sk-\u003esk_forward_alloc can overflow.\n\nWhen we send data, if an skb exists at the tail of the write queue, the\nkernel will attempt to append the new data to that skb. However, the code\nthat checks for available space in the skb is flawed:\n\u0027\u0027\u0027\ncopy = size_goal - skb-\u003elen\n\u0027\u0027\u0027\n\nThe types of the variables involved are:\n\u0027\u0027\u0027\ncopy: ssize_t (s64 on 64-bit systems)\nsize_goal: int\nskb-\u003elen: unsigned int\n\u0027\u0027\u0027\n\nDue to C\u0027s type promotion rules, the signed size_goal is converted to an\nunsigned int to match skb-\u003elen before the subtraction. The result is an\nunsigned int.\n\nWhen this unsigned int result is then assigned to the s64 copy variable,\nit is zero-extended, preserving its non-negative value. Consequently, copy\nis always \u003e= 0.\n\nAssume we are sending 2GB of data and size_goal has been adjusted to a\nvalue smaller than skb-\u003elen. The subtraction will result in copy holding a\nvery large positive integer. In the subsequent logic, this large value is\nused to update sk-\u003esk_forward_alloc, which can easily cause it to overflow.\n\nThe syzkaller reproducer uses TCP_REPAIR to reliably create this\ncondition. However, this can also occur in real-world scenarios. The\ntcp_bound_to_half_wnd() function can also reduce size_goal to a small\nvalue. This would cause the subsequent tcp_wmem_schedule() to set\nsk-\u003esk_forward_alloc to a value close to INT_MAX. Further memory\nallocation requests would then cause sk_forward_alloc to wrap around and\nbecome negative.\n\n[1]: https://syzkaller.appspot.com/bug?extid=de6565462ab540f50e47",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38463",
"url": "https://www.suse.com/security/cve/CVE-2025-38463"
},
{
"category": "external",
"summary": "SUSE Bug 1247113 for CVE-2025-38463",
"url": "https://bugzilla.suse.com/1247113"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38463"
},
{
"cve": "CVE-2025-38464",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38464"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: Fix use-after-free in tipc_conn_close().\n\nsyzbot reported a null-ptr-deref in tipc_conn_close() during netns\ndismantle. [0]\n\ntipc_topsrv_stop() iterates tipc_net(net)-\u003etopsrv-\u003econn_idr and calls\ntipc_conn_close() for each tipc_conn.\n\nThe problem is that tipc_conn_close() is called after releasing the\nIDR lock.\n\nAt the same time, there might be tipc_conn_recv_work() running and it\ncould call tipc_conn_close() for the same tipc_conn and release its\nlast -\u003ekref.\n\nOnce we release the IDR lock in tipc_topsrv_stop(), there is no\nguarantee that the tipc_conn is alive.\n\nLet\u0027s hold the ref before releasing the lock and put the ref after\ntipc_conn_close() in tipc_topsrv_stop().\n\n[0]:\nBUG: KASAN: use-after-free in tipc_conn_close+0x122/0x140 net/tipc/topsrv.c:165\nRead of size 8 at addr ffff888099305a08 by task kworker/u4:3/435\n\nCPU: 0 PID: 435 Comm: kworker/u4:3 Not tainted 4.19.204-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nWorkqueue: netns cleanup_net\nCall Trace:\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0x1fc/0x2ef lib/dump_stack.c:118\n print_address_description.cold+0x54/0x219 mm/kasan/report.c:256\n kasan_report_error.cold+0x8a/0x1b9 mm/kasan/report.c:354\n kasan_report mm/kasan/report.c:412 [inline]\n __asan_report_load8_noabort+0x88/0x90 mm/kasan/report.c:433\n tipc_conn_close+0x122/0x140 net/tipc/topsrv.c:165\n tipc_topsrv_stop net/tipc/topsrv.c:701 [inline]\n tipc_topsrv_exit_net+0x27b/0x5c0 net/tipc/topsrv.c:722\n ops_exit_list+0xa5/0x150 net/core/net_namespace.c:153\n cleanup_net+0x3b4/0x8b0 net/core/net_namespace.c:553\n process_one_work+0x864/0x1570 kernel/workqueue.c:2153\n worker_thread+0x64c/0x1130 kernel/workqueue.c:2296\n kthread+0x33f/0x460 kernel/kthread.c:259\n ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415\n\nAllocated by task 23:\n kmem_cache_alloc_trace+0x12f/0x380 mm/slab.c:3625\n kmalloc include/linux/slab.h:515 [inline]\n kzalloc include/linux/slab.h:709 [inline]\n tipc_conn_alloc+0x43/0x4f0 net/tipc/topsrv.c:192\n tipc_topsrv_accept+0x1b5/0x280 net/tipc/topsrv.c:470\n process_one_work+0x864/0x1570 kernel/workqueue.c:2153\n worker_thread+0x64c/0x1130 kernel/workqueue.c:2296\n kthread+0x33f/0x460 kernel/kthread.c:259\n ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415\n\nFreed by task 23:\n __cache_free mm/slab.c:3503 [inline]\n kfree+0xcc/0x210 mm/slab.c:3822\n tipc_conn_kref_release net/tipc/topsrv.c:150 [inline]\n kref_put include/linux/kref.h:70 [inline]\n conn_put+0x2cd/0x3a0 net/tipc/topsrv.c:155\n process_one_work+0x864/0x1570 kernel/workqueue.c:2153\n worker_thread+0x64c/0x1130 kernel/workqueue.c:2296\n kthread+0x33f/0x460 kernel/kthread.c:259\n ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415\n\nThe buggy address belongs to the object at ffff888099305a00\n which belongs to the cache kmalloc-512 of size 512\nThe buggy address is located 8 bytes inside of\n 512-byte region [ffff888099305a00, ffff888099305c00)\nThe buggy address belongs to the page:\npage:ffffea000264c140 count:1 mapcount:0 mapping:ffff88813bff0940 index:0x0\nflags: 0xfff00000000100(slab)\nraw: 00fff00000000100 ffffea00028b6b88 ffffea0002cd2b08 ffff88813bff0940\nraw: 0000000000000000 ffff888099305000 0000000100000006 0000000000000000\npage dumped because: kasan: bad access detected\n\nMemory state around the buggy address:\n ffff888099305900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff888099305980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n\u003effff888099305a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ^\n ffff888099305a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff888099305b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38464",
"url": "https://www.suse.com/security/cve/CVE-2025-38464"
},
{
"category": "external",
"summary": "SUSE Bug 1247112 for CVE-2025-38464",
"url": "https://bugzilla.suse.com/1247112"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38464"
},
{
"cve": "CVE-2025-38465",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38465"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: Fix wraparounds of sk-\u003esk_rmem_alloc.\n\nNetlink has this pattern in some places\n\n if (atomic_read(\u0026sk-\u003esk_rmem_alloc) \u003e sk-\u003esk_rcvbuf)\n \tatomic_add(skb-\u003etruesize, \u0026sk-\u003esk_rmem_alloc);\n\n, which has the same problem fixed by commit 5a465a0da13e (\"udp:\nFix multiple wraparounds of sk-\u003esk_rmem_alloc.\").\n\nFor example, if we set INT_MAX to SO_RCVBUFFORCE, the condition\nis always false as the two operands are of int.\n\nThen, a single socket can eat as many skb as possible until OOM\nhappens, and we can see multiple wraparounds of sk-\u003esk_rmem_alloc.\n\nLet\u0027s fix it by using atomic_add_return() and comparing the two\nvariables as unsigned int.\n\nBefore:\n [root@fedora ~]# ss -f netlink\n Recv-Q Send-Q Local Address:Port Peer Address:Port\n -1668710080 0 rtnl:nl_wraparound/293 *\n\nAfter:\n [root@fedora ~]# ss -f netlink\n Recv-Q Send-Q Local Address:Port Peer Address:Port\n 2147483072 0 rtnl:nl_wraparound/290 *\n ^\n `--- INT_MAX - 576",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38465",
"url": "https://www.suse.com/security/cve/CVE-2025-38465"
},
{
"category": "external",
"summary": "SUSE Bug 1247118 for CVE-2025-38465",
"url": "https://bugzilla.suse.com/1247118"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38465"
},
{
"cve": "CVE-2025-38466",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38466"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Revert to requiring CAP_SYS_ADMIN for uprobes\n\nJann reports that uprobes can be used destructively when used in the\nmiddle of an instruction. The kernel only verifies there is a valid\ninstruction at the requested offset, but due to variable instruction\nlength cannot determine if this is an instruction as seen by the\nintended execution stream.\n\nAdditionally, Mark Rutland notes that on architectures that mix data\nin the text segment (like arm64), a similar things can be done if the\ndata word is \u0027mistaken\u0027 for an instruction.\n\nAs such, require CAP_SYS_ADMIN for uprobes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38466",
"url": "https://www.suse.com/security/cve/CVE-2025-38466"
},
{
"category": "external",
"summary": "SUSE Bug 1247442 for CVE-2025-38466",
"url": "https://bugzilla.suse.com/1247442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38466"
},
{
"cve": "CVE-2025-38467",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38467"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/exynos: exynos7_drm_decon: add vblank check in IRQ handling\n\nIf there\u0027s support for another console device (such as a TTY serial),\nthe kernel occasionally panics during boot. The panic message and a\nrelevant snippet of the call stack is as follows:\n\n Unable to handle kernel NULL pointer dereference at virtual address 000000000000000\n Call trace:\n drm_crtc_handle_vblank+0x10/0x30 (P)\n decon_irq_handler+0x88/0xb4\n [...]\n\nOtherwise, the panics don\u0027t happen. This indicates that it\u0027s some sort\nof race condition.\n\nAdd a check to validate if the drm device can handle vblanks before\ncalling drm_crtc_handle_vblank() to avoid this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38467",
"url": "https://www.suse.com/security/cve/CVE-2025-38467"
},
{
"category": "external",
"summary": "SUSE Bug 1247146 for CVE-2025-38467",
"url": "https://bugzilla.suse.com/1247146"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38467"
},
{
"cve": "CVE-2025-38468",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38468"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree\n\nhtb_lookup_leaf has a BUG_ON that can trigger with the following:\n\ntc qdisc del dev lo root\ntc qdisc add dev lo root handle 1: htb default 1\ntc class add dev lo parent 1: classid 1:1 htb rate 64bit\ntc qdisc add dev lo parent 1:1 handle 2: netem\ntc qdisc add dev lo parent 2:1 handle 3: blackhole\nping -I lo -c1 -W0.001 127.0.0.1\n\nThe root cause is the following:\n\n1. htb_dequeue calls htb_dequeue_tree which calls the dequeue handler on\n the selected leaf qdisc\n2. netem_dequeue calls enqueue on the child qdisc\n3. blackhole_enqueue drops the packet and returns a value that is not\n just NET_XMIT_SUCCESS\n4. Because of this, netem_dequeue calls qdisc_tree_reduce_backlog, and\n since qlen is now 0, it calls htb_qlen_notify -\u003e htb_deactivate -\u003e\n htb_deactiviate_prios -\u003e htb_remove_class_from_row -\u003e htb_safe_rb_erase\n5. As this is the only class in the selected hprio rbtree,\n __rb_change_child in __rb_erase_augmented sets the rb_root pointer to\n NULL\n6. Because blackhole_dequeue returns NULL, netem_dequeue returns NULL,\n which causes htb_dequeue_tree to call htb_lookup_leaf with the same\n hprio rbtree, and fail the BUG_ON\n\nThe function graph for this scenario is shown here:\n 0) | htb_enqueue() {\n 0) + 13.635 us | netem_enqueue();\n 0) 4.719 us | htb_activate_prios();\n 0) # 2249.199 us | }\n 0) | htb_dequeue() {\n 0) 2.355 us | htb_lookup_leaf();\n 0) | netem_dequeue() {\n 0) + 11.061 us | blackhole_enqueue();\n 0) | qdisc_tree_reduce_backlog() {\n 0) | qdisc_lookup_rcu() {\n 0) 1.873 us | qdisc_match_from_root();\n 0) 6.292 us | }\n 0) 1.894 us | htb_search();\n 0) | htb_qlen_notify() {\n 0) 2.655 us | htb_deactivate_prios();\n 0) 6.933 us | }\n 0) + 25.227 us | }\n 0) 1.983 us | blackhole_dequeue();\n 0) + 86.553 us | }\n 0) # 2932.761 us | qdisc_warn_nonwc();\n 0) | htb_lookup_leaf() {\n 0) | BUG_ON();\n ------------------------------------------\n\nThe full original bug report can be seen here [1].\n\nWe can fix this just by returning NULL instead of the BUG_ON,\nas htb_dequeue_tree returns NULL when htb_lookup_leaf returns\nNULL.\n\n[1] https://lore.kernel.org/netdev/pF5XOOIim0IuEfhI-SOxTgRvNoDwuux7UHKnE_Y5-zVd4wmGvNk2ceHjKb8ORnzw0cGwfmVu42g9dL7XyJLf1NEzaztboTWcm0Ogxuojoeo=@willsroot.io/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38468",
"url": "https://www.suse.com/security/cve/CVE-2025-38468"
},
{
"category": "external",
"summary": "SUSE Bug 1247437 for CVE-2025-38468",
"url": "https://bugzilla.suse.com/1247437"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38468"
},
{
"cve": "CVE-2025-38470",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38470"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime\n\nAssuming the \"rx-vlan-filter\" feature is enabled on a net device, the\n8021q module will automatically add or remove VLAN 0 when the net device\nis put administratively up or down, respectively. There are a couple of\nproblems with the above scheme.\n\nThe first problem is a memory leak that can happen if the \"rx-vlan-filter\"\nfeature is disabled while the device is running:\n\n # ip link add bond1 up type bond mode 0\n # ethtool -K bond1 rx-vlan-filter off\n # ip link del dev bond1\n\nWhen the device is put administratively down the \"rx-vlan-filter\"\nfeature is disabled, so the 8021q module will not remove VLAN 0 and the\nmemory will be leaked [1].\n\nAnother problem that can happen is that the kernel can automatically\ndelete VLAN 0 when the device is put administratively down despite not\nadding it when the device was put administratively up since during that\ntime the \"rx-vlan-filter\" feature was disabled. null-ptr-unref or\nbug_on[2] will be triggered by unregister_vlan_dev() for refcount\nimbalance if toggling filtering during runtime:\n\n$ ip link add bond0 type bond mode 0\n$ ip link add link bond0 name vlan0 type vlan id 0 protocol 802.1q\n$ ethtool -K bond0 rx-vlan-filter off\n$ ifconfig bond0 up\n$ ethtool -K bond0 rx-vlan-filter on\n$ ifconfig bond0 down\n$ ip link del vlan0\n\nRoot cause is as below:\nstep1: add vlan0 for real_dev, such as bond, team.\nregister_vlan_dev\n vlan_vid_add(real_dev,htons(ETH_P_8021Q),0) //refcnt=1\nstep2: disable vlan filter feature and enable real_dev\nstep3: change filter from 0 to 1\nvlan_device_event\n vlan_filter_push_vids\n ndo_vlan_rx_add_vid //No refcnt added to real_dev vlan0\nstep4: real_dev down\nvlan_device_event\n vlan_vid_del(dev, htons(ETH_P_8021Q), 0); //refcnt=0\n vlan_info_rcu_free //free vlan0\nstep5: delete vlan0\nunregister_vlan_dev\n BUG_ON(!vlan_info); //vlan_info is null\n\nFix both problems by noting in the VLAN info whether VLAN 0 was\nautomatically added upon NETDEV_UP and based on that decide whether it\nshould be deleted upon NETDEV_DOWN, regardless of the state of the\n\"rx-vlan-filter\" feature.\n\n[1]\nunreferenced object 0xffff8880068e3100 (size 256):\n comm \"ip\", pid 384, jiffies 4296130254\n hex dump (first 32 bytes):\n 00 20 30 0d 80 88 ff ff 00 00 00 00 00 00 00 00 . 0.............\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc 81ce31fa):\n __kmalloc_cache_noprof+0x2b5/0x340\n vlan_vid_add+0x434/0x940\n vlan_device_event.cold+0x75/0xa8\n notifier_call_chain+0xca/0x150\n __dev_notify_flags+0xe3/0x250\n rtnl_configure_link+0x193/0x260\n rtnl_newlink_create+0x383/0x8e0\n __rtnl_newlink+0x22c/0xa40\n rtnl_newlink+0x627/0xb00\n rtnetlink_rcv_msg+0x6fb/0xb70\n netlink_rcv_skb+0x11f/0x350\n netlink_unicast+0x426/0x710\n netlink_sendmsg+0x75a/0xc20\n __sock_sendmsg+0xc1/0x150\n ____sys_sendmsg+0x5aa/0x7b0\n ___sys_sendmsg+0xfc/0x180\n\n[2]\nkernel BUG at net/8021q/vlan.c:99!\nOops: invalid opcode: 0000 [#1] SMP KASAN PTI\nCPU: 0 UID: 0 PID: 382 Comm: ip Not tainted 6.16.0-rc3 #61 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:unregister_vlan_dev (net/8021q/vlan.c:99 (discriminator 1))\nRSP: 0018:ffff88810badf310 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff88810da84000 RCX: ffffffffb47ceb9a\nRDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff88810e8b43c8\nRBP: 0000000000000000 R08: 0000000000000000 R09: fffffbfff6cefe80\nR10: ffffffffb677f407 R11: ffff88810badf3c0 R12: ffff88810e8b4000\nR13: 0000000000000000 R14: ffff88810642a5c0 R15: 000000000000017e\nFS: 00007f1ff68c20c0(0000) GS:ffff888163a24000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f1ff5dad240 CR3: 0000000107e56000 CR4: 00000000000006f0\nCall Trace:\n \u003cTASK\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38470",
"url": "https://www.suse.com/security/cve/CVE-2025-38470"
},
{
"category": "external",
"summary": "SUSE Bug 1247288 for CVE-2025-38470",
"url": "https://bugzilla.suse.com/1247288"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38470"
},
{
"cve": "CVE-2025-38472",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38472"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_conntrack: fix crash due to removal of uninitialised entry\n\nA crash in conntrack was reported while trying to unlink the conntrack\nentry from the hash bucket list:\n [exception RIP: __nf_ct_delete_from_lists+172]\n [..]\n #7 [ff539b5a2b043aa0] nf_ct_delete at ffffffffc124d421 [nf_conntrack]\n #8 [ff539b5a2b043ad0] nf_ct_gc_expired at ffffffffc124d999 [nf_conntrack]\n #9 [ff539b5a2b043ae0] __nf_conntrack_find_get at ffffffffc124efbc [nf_conntrack]\n [..]\n\nThe nf_conn struct is marked as allocated from slab but appears to be in\na partially initialised state:\n\n ct hlist pointer is garbage; looks like the ct hash value\n (hence crash).\n ct-\u003estatus is equal to IPS_CONFIRMED|IPS_DYING, which is expected\n ct-\u003etimeout is 30000 (=30s), which is unexpected.\n\nEverything else looks like normal udp conntrack entry. If we ignore\nct-\u003estatus and pretend its 0, the entry matches those that are newly\nallocated but not yet inserted into the hash:\n - ct hlist pointers are overloaded and store/cache the raw tuple hash\n - ct-\u003etimeout matches the relative time expected for a new udp flow\n rather than the absolute \u0027jiffies\u0027 value.\n\nIf it were not for the presence of IPS_CONFIRMED,\n__nf_conntrack_find_get() would have skipped the entry.\n\nTheory is that we did hit following race:\n\ncpu x \t\t\tcpu y\t\t\tcpu z\n found entry E\t\tfound entry E\n E is expired\t\t\u003cpreemption\u003e\n nf_ct_delete()\n return E to rcu slab\n\t\t\t\t\tinit_conntrack\n\t\t\t\t\tE is re-inited,\n\t\t\t\t\tct-\u003estatus set to 0\n\t\t\t\t\treply tuplehash hnnode.pprev\n\t\t\t\t\tstores hash value.\n\ncpu y found E right before it was deleted on cpu x.\nE is now re-inited on cpu z. cpu y was preempted before\nchecking for expiry and/or confirm bit.\n\n\t\t\t\t\t-\u003erefcnt set to 1\n\t\t\t\t\tE now owned by skb\n\t\t\t\t\t-\u003etimeout set to 30000\n\nIf cpu y were to resume now, it would observe E as\nexpired but would skip E due to missing CONFIRMED bit.\n\n\t\t\t\t\tnf_conntrack_confirm gets called\n\t\t\t\t\tsets: ct-\u003estatus |= CONFIRMED\n\t\t\t\t\tThis is wrong: E is not yet added\n\t\t\t\t\tto hashtable.\n\ncpu y resumes, it observes E as expired but CONFIRMED:\n\t\t\t\u003cresumes\u003e\n\t\t\tnf_ct_expired()\n\t\t\t -\u003e yes (ct-\u003etimeout is 30s)\n\t\t\tconfirmed bit set.\n\ncpu y will try to delete E from the hashtable:\n\t\t\tnf_ct_delete() -\u003e set DYING bit\n\t\t\t__nf_ct_delete_from_lists\n\nEven this scenario doesn\u0027t guarantee a crash:\ncpu z still holds the table bucket lock(s) so y blocks:\n\n\t\t\twait for spinlock held by z\n\n\t\t\t\t\tCONFIRMED is set but there is no\n\t\t\t\t\tguarantee ct will be added to hash:\n\t\t\t\t\t\"chaintoolong\" or \"clash resolution\"\n\t\t\t\t\tlogic both skip the insert step.\n\t\t\t\t\treply hnnode.pprev still stores the\n\t\t\t\t\thash value.\n\n\t\t\t\t\tunlocks spinlock\n\t\t\t\t\treturn NF_DROP\n\t\t\t\u003cunblocks, then\n\t\t\t crashes on hlist_nulls_del_rcu pprev\u003e\n\nIn case CPU z does insert the entry into the hashtable, cpu y will unlink\nE again right away but no crash occurs.\n\nWithout \u0027cpu y\u0027 race, \u0027garbage\u0027 hlist is of no consequence:\nct refcnt remains at 1, eventually skb will be free\u0027d and E gets\ndestroyed via: nf_conntrack_put -\u003e nf_conntrack_destroy -\u003e nf_ct_destroy.\n\nTo resolve this, move the IPS_CONFIRMED assignment after the table\ninsertion but before the unlock.\n\nPablo points out that the confirm-bit-store could be reordered to happen\nbefore hlist add resp. the timeout fixup, so switch to set_bit and\nbefore_atomic memory barrier to prevent this.\n\nIt doesn\u0027t matter if other CPUs can observe a newly inserted entry right\nbefore the CONFIRMED bit was set:\n\nSuch event cannot be distinguished from above \"E is the old incarnation\"\ncase: the entry will be skipped.\n\nAlso change nf_ct_should_gc() to first check the confirmed bit.\n\nThe gc sequence is:\n 1. Check if entry has expired, if not skip to next entry\n 2. Obtain a reference to the expired entry.\n 3. Call nf_ct_should_gc() to double-check step 1.\n\nnf_ct_should_gc() is thus called only for entries that already failed an\nexpiry check. After this patch, once the confirmed bit check pas\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38472",
"url": "https://www.suse.com/security/cve/CVE-2025-38472"
},
{
"category": "external",
"summary": "SUSE Bug 1247313 for CVE-2025-38472",
"url": "https://bugzilla.suse.com/1247313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38472"
},
{
"cve": "CVE-2025-38473",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38473"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb()\n\nsyzbot reported null-ptr-deref in l2cap_sock_resume_cb(). [0]\n\nl2cap_sock_resume_cb() has a similar problem that was fixed by commit\n1bff51ea59a9 (\"Bluetooth: fix use-after-free error in lock_sock_nested()\").\n\nSince both l2cap_sock_kill() and l2cap_sock_resume_cb() are executed\nunder l2cap_sock_resume_cb(), we can avoid the issue simply by checking\nif chan-\u003edata is NULL.\n\nLet\u0027s not access to the killed socket in l2cap_sock_resume_cb().\n\n[0]:\nBUG: KASAN: null-ptr-deref in instrument_atomic_write include/linux/instrumented.h:82 [inline]\nBUG: KASAN: null-ptr-deref in clear_bit include/asm-generic/bitops/instrumented-atomic.h:41 [inline]\nBUG: KASAN: null-ptr-deref in l2cap_sock_resume_cb+0xb4/0x17c net/bluetooth/l2cap_sock.c:1711\nWrite of size 8 at addr 0000000000000570 by task kworker/u9:0/52\n\nCPU: 1 UID: 0 PID: 52 Comm: kworker/u9:0 Not tainted 6.16.0-rc4-syzkaller-g7482bb149b9f #0 PREEMPT\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nWorkqueue: hci0 hci_rx_work\nCall trace:\n show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:501 (C)\n __dump_stack+0x30/0x40 lib/dump_stack.c:94\n dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120\n print_report+0x58/0x84 mm/kasan/report.c:524\n kasan_report+0xb0/0x110 mm/kasan/report.c:634\n check_region_inline mm/kasan/generic.c:-1 [inline]\n kasan_check_range+0x264/0x2a4 mm/kasan/generic.c:189\n __kasan_check_write+0x20/0x30 mm/kasan/shadow.c:37\n instrument_atomic_write include/linux/instrumented.h:82 [inline]\n clear_bit include/asm-generic/bitops/instrumented-atomic.h:41 [inline]\n l2cap_sock_resume_cb+0xb4/0x17c net/bluetooth/l2cap_sock.c:1711\n l2cap_security_cfm+0x524/0xea0 net/bluetooth/l2cap_core.c:7357\n hci_auth_cfm include/net/bluetooth/hci_core.h:2092 [inline]\n hci_auth_complete_evt+0x2e8/0xa4c net/bluetooth/hci_event.c:3514\n hci_event_func net/bluetooth/hci_event.c:7511 [inline]\n hci_event_packet+0x650/0xe9c net/bluetooth/hci_event.c:7565\n hci_rx_work+0x320/0xb18 net/bluetooth/hci_core.c:4070\n process_one_work+0x7e8/0x155c kernel/workqueue.c:3238\n process_scheduled_works kernel/workqueue.c:3321 [inline]\n worker_thread+0x958/0xed8 kernel/workqueue.c:3402\n kthread+0x5fc/0x75c kernel/kthread.c:464\n ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:847",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38473",
"url": "https://www.suse.com/security/cve/CVE-2025-38473"
},
{
"category": "external",
"summary": "SUSE Bug 1247289 for CVE-2025-38473",
"url": "https://bugzilla.suse.com/1247289"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38473"
},
{
"cve": "CVE-2025-38474",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38474"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: net: sierra: check for no status endpoint\n\nThe driver checks for having three endpoints and\nhaving bulk in and out endpoints, but not that\nthe third endpoint is interrupt input.\nRectify the omission.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38474",
"url": "https://www.suse.com/security/cve/CVE-2025-38474"
},
{
"category": "external",
"summary": "SUSE Bug 1247311 for CVE-2025-38474",
"url": "https://bugzilla.suse.com/1247311"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38474"
},
{
"cve": "CVE-2025-38475",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38475"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmc: Fix various oops due to inet_sock type confusion.\n\nsyzbot reported weird splats [0][1] in cipso_v4_sock_setattr() while\nfreeing inet_sk(sk)-\u003einet_opt.\n\nThe address was freed multiple times even though it was read-only memory.\n\ncipso_v4_sock_setattr() did nothing wrong, and the root cause was type\nconfusion.\n\nThe cited commit made it possible to create smc_sock as an INET socket.\n\nThe issue is that struct smc_sock does not have struct inet_sock as the\nfirst member but hijacks AF_INET and AF_INET6 sk_family, which confuses\nvarious places.\n\nIn this case, inet_sock.inet_opt was actually smc_sock.clcsk_data_ready(),\nwhich is an address of a function in the text segment.\n\n $ pahole -C inet_sock vmlinux\n struct inet_sock {\n ...\n struct ip_options_rcu * inet_opt; /* 784 8 */\n\n $ pahole -C smc_sock vmlinux\n struct smc_sock {\n ...\n void (*clcsk_data_ready)(struct sock *); /* 784 8 */\n\nThe same issue for another field was reported before. [2][3]\n\nAt that time, an ugly hack was suggested [4], but it makes both INET\nand SMC code error-prone and hard to change.\n\nAlso, yet another variant was fixed by a hacky commit 98d4435efcbf3\n(\"net/smc: prevent NULL pointer dereference in txopt_get\").\n\nInstead of papering over the root cause by such hacks, we should not\nallow non-INET socket to reuse the INET infra.\n\nLet\u0027s add inet_sock as the first member of smc_sock.\n\n[0]:\nkvfree_call_rcu(): Double-freed call. rcu_head 000000006921da73\nWARNING: CPU: 0 PID: 6718 at mm/slab_common.c:1956 kvfree_call_rcu+0x94/0x3f0 mm/slab_common.c:1955\nModules linked in:\nCPU: 0 UID: 0 PID: 6718 Comm: syz.0.17 Tainted: G W 6.16.0-rc4-syzkaller-g7482bb149b9f #0 PREEMPT\nTainted: [W]=WARN\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\npstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : kvfree_call_rcu+0x94/0x3f0 mm/slab_common.c:1955\nlr : kvfree_call_rcu+0x94/0x3f0 mm/slab_common.c:1955\nsp : ffff8000a03a7730\nx29: ffff8000a03a7730 x28: 00000000fffffff5 x27: 1fffe000184823d3\nx26: dfff800000000000 x25: ffff0000c2411e9e x24: ffff0000dd88da00\nx23: ffff8000891ac9a0 x22: 00000000ffffffea x21: ffff8000891ac9a0\nx20: ffff8000891ac9a0 x19: ffff80008afc2480 x18: 00000000ffffffff\nx17: 0000000000000000 x16: ffff80008ae642c8 x15: ffff700011ede14c\nx14: 1ffff00011ede14c x13: 0000000000000004 x12: ffffffffffffffff\nx11: ffff700011ede14c x10: 0000000000ff0100 x9 : 5fa3c1ffaf0ff000\nx8 : 5fa3c1ffaf0ff000 x7 : 0000000000000001 x6 : 0000000000000001\nx5 : ffff8000a03a7078 x4 : ffff80008f766c20 x3 : ffff80008054d360\nx2 : 0000000000000000 x1 : 0000000000000201 x0 : 0000000000000000\nCall trace:\n kvfree_call_rcu+0x94/0x3f0 mm/slab_common.c:1955 (P)\n cipso_v4_sock_setattr+0x2f0/0x3f4 net/ipv4/cipso_ipv4.c:1914\n netlbl_sock_setattr+0x240/0x334 net/netlabel/netlabel_kapi.c:1000\n smack_netlbl_add+0xa8/0x158 security/smack/smack_lsm.c:2581\n smack_inode_setsecurity+0x378/0x430 security/smack/smack_lsm.c:2912\n security_inode_setsecurity+0x118/0x3c0 security/security.c:2706\n __vfs_setxattr_noperm+0x174/0x5c4 fs/xattr.c:251\n __vfs_setxattr_locked+0x1ec/0x218 fs/xattr.c:295\n vfs_setxattr+0x158/0x2ac fs/xattr.c:321\n do_setxattr fs/xattr.c:636 [inline]\n file_setxattr+0x1b8/0x294 fs/xattr.c:646\n path_setxattrat+0x2ac/0x320 fs/xattr.c:711\n __do_sys_fsetxattr fs/xattr.c:761 [inline]\n __se_sys_fsetxattr fs/xattr.c:758 [inline]\n __arm64_sys_fsetxattr+0xc0/0xdc fs/xattr.c:758\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879\n el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898\n el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600\n\n[\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38475",
"url": "https://www.suse.com/security/cve/CVE-2025-38475"
},
{
"category": "external",
"summary": "SUSE Bug 1247308 for CVE-2025-38475",
"url": "https://bugzilla.suse.com/1247308"
},
{
"category": "external",
"summary": "SUSE Bug 1247309 for CVE-2025-38475",
"url": "https://bugzilla.suse.com/1247309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38475"
},
{
"cve": "CVE-2025-38476",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38476"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrpl: Fix use-after-free in rpl_do_srh_inline().\n\nRunning lwt_dst_cache_ref_loop.sh in selftest with KASAN triggers\nthe splat below [0].\n\nrpl_do_srh_inline() fetches ipv6_hdr(skb) and accesses it after\nskb_cow_head(), which is illegal as the header could be freed then.\n\nLet\u0027s fix it by making oldhdr to a local struct instead of a pointer.\n\n[0]:\n[root@fedora net]# ./lwt_dst_cache_ref_loop.sh\n...\nTEST: rpl (input)\n[ 57.631529] ==================================================================\nBUG: KASAN: slab-use-after-free in rpl_do_srh_inline.isra.0 (net/ipv6/rpl_iptunnel.c:174)\nRead of size 40 at addr ffff888122bf96d8 by task ping6/1543\n\nCPU: 50 UID: 0 PID: 1543 Comm: ping6 Not tainted 6.16.0-rc5-01302-gfadd1e6231b1 #23 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl (lib/dump_stack.c:122)\n print_report (mm/kasan/report.c:409 mm/kasan/report.c:521)\n kasan_report (mm/kasan/report.c:221 mm/kasan/report.c:636)\n kasan_check_range (mm/kasan/generic.c:175 (discriminator 1) mm/kasan/generic.c:189 (discriminator 1))\n __asan_memmove (mm/kasan/shadow.c:94 (discriminator 2))\n rpl_do_srh_inline.isra.0 (net/ipv6/rpl_iptunnel.c:174)\n rpl_input (net/ipv6/rpl_iptunnel.c:201 net/ipv6/rpl_iptunnel.c:282)\n lwtunnel_input (net/core/lwtunnel.c:459)\n ipv6_rcv (./include/net/dst.h:471 (discriminator 1) ./include/net/dst.h:469 (discriminator 1) net/ipv6/ip6_input.c:79 (discriminator 1) ./include/linux/netfilter.h:317 (discriminator 1) ./include/linux/netfilter.h:311 (discriminator 1) net/ipv6/ip6_input.c:311 (discriminator 1))\n __netif_receive_skb_one_core (net/core/dev.c:5967)\n process_backlog (./include/linux/rcupdate.h:869 net/core/dev.c:6440)\n __napi_poll.constprop.0 (net/core/dev.c:7452)\n net_rx_action (net/core/dev.c:7518 net/core/dev.c:7643)\n handle_softirqs (kernel/softirq.c:579)\n do_softirq (kernel/softirq.c:480 (discriminator 20))\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n __local_bh_enable_ip (kernel/softirq.c:407)\n __dev_queue_xmit (net/core/dev.c:4740)\n ip6_finish_output2 (./include/linux/netdevice.h:3358 ./include/net/neighbour.h:526 ./include/net/neighbour.h:540 net/ipv6/ip6_output.c:141)\n ip6_finish_output (net/ipv6/ip6_output.c:215 net/ipv6/ip6_output.c:226)\n ip6_output (./include/linux/netfilter.h:306 net/ipv6/ip6_output.c:248)\n ip6_send_skb (net/ipv6/ip6_output.c:1983)\n rawv6_sendmsg (net/ipv6/raw.c:588 net/ipv6/raw.c:918)\n __sys_sendto (net/socket.c:714 (discriminator 1) net/socket.c:729 (discriminator 1) net/socket.c:2228 (discriminator 1))\n __x64_sys_sendto (net/socket.c:2231)\n do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1))\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\nRIP: 0033:0x7f68cffb2a06\nCode: 5d e8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 75 19 83 e2 39 83 fa 08 75 11 e8 26 ff ff ff 66 0f 1f 44 00 00 48 8b 45 10 0f 05 \u003c48\u003e 8b 5d f8 c9 c3 0f 1f 40 00 f3 0f 1e fa 55 48 89 e5 48 83 ec 08\nRSP: 002b:00007ffefb7c53d0 EFLAGS: 00000202 ORIG_RAX: 000000000000002c\nRAX: ffffffffffffffda RBX: 0000564cd69f10a0 RCX: 00007f68cffb2a06\nRDX: 0000000000000040 RSI: 0000564cd69f10a4 RDI: 0000000000000003\nRBP: 00007ffefb7c53f0 R08: 0000564cd6a032ac R09: 000000000000001c\nR10: 0000000000000000 R11: 0000000000000202 R12: 0000564cd69f10a4\nR13: 0000000000000040 R14: 00007ffefb7c66e0 R15: 0000564cd69f10a0\n \u003c/TASK\u003e\n\nAllocated by task 1543:\n kasan_save_stack (mm/kasan/common.c:48)\n kasan_save_track (mm/kasan/common.c:60 (discriminator 1) mm/kasan/common.c:69 (discriminator 1))\n __kasan_slab_alloc (mm/kasan/common.c:319 mm/kasan/common.c:345)\n kmem_cache_alloc_node_noprof (./include/linux/kasan.h:250 mm/slub.c:4148 mm/slub.c:4197 mm/slub.c:4249)\n kmalloc_reserve (net/core/skbuff.c:581 (discriminator 88))\n __alloc_skb (net/core/skbuff.c:669)\n __ip6_append_data (net/ipv6/ip6_output.c:1672 (discriminator 1))\n ip6_\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38476",
"url": "https://www.suse.com/security/cve/CVE-2025-38476"
},
{
"category": "external",
"summary": "SUSE Bug 1247317 for CVE-2025-38476",
"url": "https://bugzilla.suse.com/1247317"
},
{
"category": "external",
"summary": "SUSE Bug 1251203 for CVE-2025-38476",
"url": "https://bugzilla.suse.com/1251203"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38476"
},
{
"cve": "CVE-2025-38477",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38477"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: sch_qfq: Fix race condition on qfq_aggregate\n\nA race condition can occur when \u0027agg\u0027 is modified in qfq_change_agg\n(called during qfq_enqueue) while other threads access it\nconcurrently. For example, qfq_dump_class may trigger a NULL\ndereference, and qfq_delete_class may cause a use-after-free.\n\nThis patch addresses the issue by:\n\n1. Moved qfq_destroy_class into the critical section.\n\n2. Added sch_tree_lock protection to qfq_dump_class and\nqfq_dump_class_stats.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38477",
"url": "https://www.suse.com/security/cve/CVE-2025-38477"
},
{
"category": "external",
"summary": "SUSE Bug 1247314 for CVE-2025-38477",
"url": "https://bugzilla.suse.com/1247314"
},
{
"category": "external",
"summary": "SUSE Bug 1247315 for CVE-2025-38477",
"url": "https://bugzilla.suse.com/1247315"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38477"
},
{
"cve": "CVE-2025-38478",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38478"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: Fix initialization of data for instructions that write to subdevice\n\nSome Comedi subdevice instruction handlers are known to access\ninstruction data elements beyond the first `insn-\u003en` elements in some\ncases. The `do_insn_ioctl()` and `do_insnlist_ioctl()` functions\nallocate at least `MIN_SAMPLES` (16) data elements to deal with this,\nbut they do not initialize all of that. For Comedi instruction codes\nthat write to the subdevice, the first `insn-\u003en` data elements are\ncopied from user-space, but the remaining elements are left\nuninitialized. That could be a problem if the subdevice instruction\nhandler reads the uninitialized data. Ensure that the first\n`MIN_SAMPLES` elements are initialized before calling these instruction\nhandlers, filling the uncopied elements with 0. For\n`do_insnlist_ioctl()`, the same data buffer elements are used for\nhandling a list of instructions, so ensure the first `MIN_SAMPLES`\nelements are initialized for each instruction that writes to the\nsubdevice.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38478",
"url": "https://www.suse.com/security/cve/CVE-2025-38478"
},
{
"category": "external",
"summary": "SUSE Bug 1247273 for CVE-2025-38478",
"url": "https://bugzilla.suse.com/1247273"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38478"
},
{
"cve": "CVE-2025-38480",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38480"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: Fix use of uninitialized data in insn_rw_emulate_bits()\n\nFor Comedi `INSN_READ` and `INSN_WRITE` instructions on \"digital\"\nsubdevices (subdevice types `COMEDI_SUBD_DI`, `COMEDI_SUBD_DO`, and\n`COMEDI_SUBD_DIO`), it is common for the subdevice driver not to have\n`insn_read` and `insn_write` handler functions, but to have an\n`insn_bits` handler function for handling Comedi `INSN_BITS`\ninstructions. In that case, the subdevice\u0027s `insn_read` and/or\n`insn_write` function handler pointers are set to point to the\n`insn_rw_emulate_bits()` function by `__comedi_device_postconfig()`.\n\nFor `INSN_WRITE`, `insn_rw_emulate_bits()` currently assumes that the\nsupplied `data[0]` value is a valid copy from user memory. It will at\nleast exist because `do_insnlist_ioctl()` and `do_insn_ioctl()` in\n\"comedi_fops.c\" ensure at lease `MIN_SAMPLES` (16) elements are\nallocated. However, if `insn-\u003en` is 0 (which is allowable for\n`INSN_READ` and `INSN_WRITE` instructions, then `data[0]` may contain\nuninitialized data, and certainly contains invalid data, possibly from a\ndifferent instruction in the array of instructions handled by\n`do_insnlist_ioctl()`. This will result in an incorrect value being\nwritten to the digital output channel (or to the digital input/output\nchannel if configured as an output), and may be reflected in the\ninternal saved state of the channel.\n\nFix it by returning 0 early if `insn-\u003en` is 0, before reaching the code\nthat accesses `data[0]`. Previously, the function always returned 1 on\nsuccess, but it is supposed to be the number of data samples actually\nread or written up to `insn-\u003en`, which is 0 in this case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38480",
"url": "https://www.suse.com/security/cve/CVE-2025-38480"
},
{
"category": "external",
"summary": "SUSE Bug 1247274 for CVE-2025-38480",
"url": "https://bugzilla.suse.com/1247274"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38480"
},
{
"cve": "CVE-2025-38481",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38481"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large\n\nThe handling of the `COMEDI_INSNLIST` ioctl allocates a kernel buffer to\nhold the array of `struct comedi_insn`, getting the length from the\n`n_insns` member of the `struct comedi_insnlist` supplied by the user.\nThe allocation will fail with a WARNING and a stack dump if it is too\nlarge.\n\nAvoid that by failing with an `-EINVAL` error if the supplied `n_insns`\nvalue is unreasonable.\n\nDefine the limit on the `n_insns` value in the `MAX_INSNS` macro. Set\nthis to the same value as `MAX_SAMPLES` (65536), which is the maximum\nallowed sum of the values of the member `n` in the array of `struct\ncomedi_insn`, and sensible comedi instructions will have an `n` of at\nleast 1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38481",
"url": "https://www.suse.com/security/cve/CVE-2025-38481"
},
{
"category": "external",
"summary": "SUSE Bug 1247276 for CVE-2025-38481",
"url": "https://bugzilla.suse.com/1247276"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "low"
}
],
"title": "CVE-2025-38481"
},
{
"cve": "CVE-2025-38482",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38482"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: das6402: Fix bit shift out of bounds\n\nWhen checking for a supported IRQ number, the following test is used:\n\n\t/* IRQs 2,3,5,6,7, 10,11,15 are valid for \"enhanced\" mode */\n\tif ((1 \u003c\u003c it-\u003eoptions[1]) \u0026 0x8cec) {\n\nHowever, `it-\u003eoptions[i]` is an unchecked `int` value from userspace, so\nthe shift amount could be negative or out of bounds. Fix the test by\nrequiring `it-\u003eoptions[1]` to be within bounds before proceeding with\nthe original test. Valid `it-\u003eoptions[1]` values that select the IRQ\nwill be in the range [1,15]. The value 0 explicitly disables the use of\ninterrupts.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38482",
"url": "https://www.suse.com/security/cve/CVE-2025-38482"
},
{
"category": "external",
"summary": "SUSE Bug 1247277 for CVE-2025-38482",
"url": "https://bugzilla.suse.com/1247277"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38482"
},
{
"cve": "CVE-2025-38483",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38483"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: das16m1: Fix bit shift out of bounds\n\nWhen checking for a supported IRQ number, the following test is used:\n\n\t/* only irqs 2, 3, 4, 5, 6, 7, 10, 11, 12, 14, and 15 are valid */\n\tif ((1 \u003c\u003c it-\u003eoptions[1]) \u0026 0xdcfc) {\n\nHowever, `it-\u003eoptions[i]` is an unchecked `int` value from userspace, so\nthe shift amount could be negative or out of bounds. Fix the test by\nrequiring `it-\u003eoptions[1]` to be within bounds before proceeding with\nthe original test.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38483",
"url": "https://www.suse.com/security/cve/CVE-2025-38483"
},
{
"category": "external",
"summary": "SUSE Bug 1247278 for CVE-2025-38483",
"url": "https://bugzilla.suse.com/1247278"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38483"
},
{
"cve": "CVE-2025-38484",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38484"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: backend: fix out-of-bound write\n\nThe buffer is set to 80 character. If a caller write more characters,\ncount is truncated to the max available space in \"simple_write_to_buffer\".\nBut afterwards a string terminator is written to the buffer at offset count\nwithout boundary check. The zero termination is written OUT-OF-BOUND.\n\nAdd a check that the given buffer is smaller then the buffer to prevent.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38484",
"url": "https://www.suse.com/security/cve/CVE-2025-38484"
},
{
"category": "external",
"summary": "SUSE Bug 1247235 for CVE-2025-38484",
"url": "https://bugzilla.suse.com/1247235"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38484"
},
{
"cve": "CVE-2025-38485",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38485"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush\n\nfxls8962af_fifo_flush() uses indio_dev-\u003eactive_scan_mask (with\niio_for_each_active_channel()) without making sure the indio_dev\nstays in buffer mode.\nThere is a race if indio_dev exits buffer mode in the middle of the\ninterrupt that flushes the fifo. Fix this by calling\nsynchronize_irq() to ensure that no interrupt is currently running when\ndisabling buffer mode.\n\nUnable to handle kernel NULL pointer dereference at virtual address 00000000 when read\n[...]\n_find_first_bit_le from fxls8962af_fifo_flush+0x17c/0x290\nfxls8962af_fifo_flush from fxls8962af_interrupt+0x80/0x178\nfxls8962af_interrupt from irq_thread_fn+0x1c/0x7c\nirq_thread_fn from irq_thread+0x110/0x1f4\nirq_thread from kthread+0xe0/0xfc\nkthread from ret_from_fork+0x14/0x2c",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38485",
"url": "https://www.suse.com/security/cve/CVE-2025-38485"
},
{
"category": "external",
"summary": "SUSE Bug 1247236 for CVE-2025-38485",
"url": "https://bugzilla.suse.com/1247236"
},
{
"category": "external",
"summary": "SUSE Bug 1247237 for CVE-2025-38485",
"url": "https://bugzilla.suse.com/1247237"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38485"
},
{
"cve": "CVE-2025-38487",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38487"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: aspeed: lpc-snoop: Don\u0027t disable channels that aren\u0027t enabled\n\nMitigate e.g. the following:\n\n # echo 1e789080.lpc-snoop \u003e /sys/bus/platform/drivers/aspeed-lpc-snoop/unbind\n ...\n [ 120.363594] Unable to handle kernel NULL pointer dereference at virtual address 00000004 when write\n [ 120.373866] [00000004] *pgd=00000000\n [ 120.377910] Internal error: Oops: 805 [#1] SMP ARM\n [ 120.383306] CPU: 1 UID: 0 PID: 315 Comm: sh Not tainted 6.15.0-rc1-00009-g926217bc7d7d-dirty #20 NONE\n ...\n [ 120.679543] Call trace:\n [ 120.679559] misc_deregister from aspeed_lpc_snoop_remove+0x84/0xac\n [ 120.692462] aspeed_lpc_snoop_remove from platform_remove+0x28/0x38\n [ 120.700996] platform_remove from device_release_driver_internal+0x188/0x200\n ...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38487",
"url": "https://www.suse.com/security/cve/CVE-2025-38487"
},
{
"category": "external",
"summary": "SUSE Bug 1247238 for CVE-2025-38487",
"url": "https://bugzilla.suse.com/1247238"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38487"
},
{
"cve": "CVE-2025-38488",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38488"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix use-after-free in crypt_message when using async crypto\n\nThe CVE-2024-50047 fix removed asynchronous crypto handling from\ncrypt_message(), assuming all crypto operations are synchronous.\nHowever, when hardware crypto accelerators are used, this can cause\nuse-after-free crashes:\n\n crypt_message()\n // Allocate the creq buffer containing the req\n creq = smb2_get_aead_req(..., \u0026req);\n\n // Async encryption returns -EINPROGRESS immediately\n rc = enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req);\n\n // Free creq while async operation is still in progress\n kvfree_sensitive(creq, ...);\n\nHardware crypto modules often implement async AEAD operations for\nperformance. When crypto_aead_encrypt/decrypt() returns -EINPROGRESS,\nthe operation completes asynchronously. Without crypto_wait_req(),\nthe function immediately frees the request buffer, leading to crashes\nwhen the driver later accesses the freed memory.\n\nThis results in a use-after-free condition when the hardware crypto\ndriver later accesses the freed request structure, leading to kernel\ncrashes with NULL pointer dereferences.\n\nThe issue occurs because crypto_alloc_aead() with mask=0 doesn\u0027t\nguarantee synchronous operation. Even without CRYPTO_ALG_ASYNC in\nthe mask, async implementations can be selected.\n\nFix by restoring the async crypto handling:\n- DECLARE_CRYPTO_WAIT(wait) for completion tracking\n- aead_request_set_callback() for async completion notification\n- crypto_wait_req() to wait for operation completion\n\nThis ensures the request buffer isn\u0027t freed until the crypto operation\ncompletes, whether synchronous or asynchronous, while preserving the\nCVE-2024-50047 fix.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38488",
"url": "https://www.suse.com/security/cve/CVE-2025-38488"
},
{
"category": "external",
"summary": "SUSE Bug 1247239 for CVE-2025-38488",
"url": "https://bugzilla.suse.com/1247239"
},
{
"category": "external",
"summary": "SUSE Bug 1247240 for CVE-2025-38488",
"url": "https://bugzilla.suse.com/1247240"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38488"
},
{
"cve": "CVE-2025-38489",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38489"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again\n\nCommit 7ded842b356d (\"s390/bpf: Fix bpf_plt pointer arithmetic\") has\naccidentally removed the critical piece of commit c730fce7c70c\n(\"s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL\"), causing\nintermittent kernel panics in e.g. perf\u0027s on_switch() prog to reappear.\n\nRestore the fix and add a comment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38489",
"url": "https://www.suse.com/security/cve/CVE-2025-38489"
},
{
"category": "external",
"summary": "SUSE Bug 1247241 for CVE-2025-38489",
"url": "https://bugzilla.suse.com/1247241"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38489"
},
{
"cve": "CVE-2025-38490",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38490"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: libwx: remove duplicate page_pool_put_full_page()\n\npage_pool_put_full_page() should only be invoked when freeing Rx buffers\nor building a skb if the size is too short. At other times, the pages\nneed to be reused. So remove the redundant page put. In the original\ncode, double free pages cause kernel panic:\n\n[ 876.949834] __irq_exit_rcu+0xc7/0x130\n[ 876.949836] common_interrupt+0xb8/0xd0\n[ 876.949838] \u003c/IRQ\u003e\n[ 876.949838] \u003cTASK\u003e\n[ 876.949840] asm_common_interrupt+0x22/0x40\n[ 876.949841] RIP: 0010:cpuidle_enter_state+0xc2/0x420\n[ 876.949843] Code: 00 00 e8 d1 1d 5e ff e8 ac f0 ff ff 49 89 c5 0f 1f 44 00 00 31 ff e8 cd fc 5c ff 45 84 ff 0f 85 40 02 00 00 fb 0f 1f 44 00 00 \u003c45\u003e 85 f6 0f 88 84 01 00 00 49 63 d6 48 8d 04 52 48 8d 04 82 49 8d\n[ 876.949844] RSP: 0018:ffffaa7340267e78 EFLAGS: 00000246\n[ 876.949845] RAX: ffff9e3f135be000 RBX: 0000000000000002 RCX: 0000000000000000\n[ 876.949846] RDX: 000000cc2dc4cb7c RSI: ffffffff89ee49ae RDI: ffffffff89ef9f9e\n[ 876.949847] RBP: ffff9e378f940800 R08: 0000000000000002 R09: 00000000000000ed\n[ 876.949848] R10: 000000000000afc8 R11: ffff9e3e9e5a9b6c R12: ffffffff8a6d8580\n[ 876.949849] R13: 000000cc2dc4cb7c R14: 0000000000000002 R15: 0000000000000000\n[ 876.949852] ? cpuidle_enter_state+0xb3/0x420\n[ 876.949855] cpuidle_enter+0x29/0x40\n[ 876.949857] cpuidle_idle_call+0xfd/0x170\n[ 876.949859] do_idle+0x7a/0xc0\n[ 876.949861] cpu_startup_entry+0x25/0x30\n[ 876.949862] start_secondary+0x117/0x140\n[ 876.949864] common_startup_64+0x13e/0x148\n[ 876.949867] \u003c/TASK\u003e\n[ 876.949868] ---[ end trace 0000000000000000 ]---\n[ 876.949869] ------------[ cut here ]------------\n[ 876.949870] list_del corruption, ffffead40445a348-\u003enext is NULL\n[ 876.949873] WARNING: CPU: 14 PID: 0 at lib/list_debug.c:52 __list_del_entry_valid_or_report+0x67/0x120\n[ 876.949875] Modules linked in: snd_hrtimer(E) bnep(E) binfmt_misc(E) amdgpu(E) squashfs(E) vfat(E) loop(E) fat(E) amd_atl(E) snd_hda_codec_realtek(E) intel_rapl_msr(E) snd_hda_codec_generic(E) intel_rapl_common(E) snd_hda_scodec_component(E) snd_hda_codec_hdmi(E) snd_hda_intel(E) edac_mce_amd(E) snd_intel_dspcfg(E) snd_hda_codec(E) snd_hda_core(E) amdxcp(E) kvm_amd(E) snd_hwdep(E) gpu_sched(E) drm_panel_backlight_quirks(E) cec(E) snd_pcm(E) drm_buddy(E) snd_seq_dummy(E) drm_ttm_helper(E) btusb(E) kvm(E) snd_seq_oss(E) btrtl(E) ttm(E) btintel(E) snd_seq_midi(E) btbcm(E) drm_exec(E) snd_seq_midi_event(E) i2c_algo_bit(E) snd_rawmidi(E) bluetooth(E) drm_suballoc_helper(E) irqbypass(E) snd_seq(E) ghash_clmulni_intel(E) sha512_ssse3(E) drm_display_helper(E) aesni_intel(E) snd_seq_device(E) rfkill(E) snd_timer(E) gf128mul(E) drm_client_lib(E) drm_kms_helper(E) snd(E) i2c_piix4(E) joydev(E) soundcore(E) wmi_bmof(E) ccp(E) k10temp(E) i2c_smbus(E) gpio_amdpt(E) i2c_designware_platform(E) gpio_generic(E) sg(E)\n[ 876.949914] i2c_designware_core(E) sch_fq_codel(E) parport_pc(E) drm(E) ppdev(E) lp(E) parport(E) fuse(E) nfnetlink(E) ip_tables(E) ext4 crc16 mbcache jbd2 sd_mod sfp mdio_i2c i2c_core txgbe ahci ngbe pcs_xpcs libahci libwx r8169 phylink libata realtek ptp pps_core video wmi\n[ 876.949933] CPU: 14 UID: 0 PID: 0 Comm: swapper/14 Kdump: loaded Tainted: G W E 6.16.0-rc2+ #20 PREEMPT(voluntary)\n[ 876.949935] Tainted: [W]=WARN, [E]=UNSIGNED_MODULE\n[ 876.949936] Hardware name: Micro-Star International Co., Ltd. MS-7E16/X670E GAMING PLUS WIFI (MS-7E16), BIOS 1.90 12/31/2024\n[ 876.949936] RIP: 0010:__list_del_entry_valid_or_report+0x67/0x120\n[ 876.949938] Code: 00 00 00 48 39 7d 08 0f 85 a6 00 00 00 5b b8 01 00 00 00 5d 41 5c e9 73 0d 93 ff 48 89 fe 48 c7 c7 a0 31 e8 89 e8 59 7c b3 ff \u003c0f\u003e 0b 31 c0 5b 5d 41 5c e9 57 0d 93 ff 48 89 fe 48 c7 c7 c8 31 e8\n[ 876.949940] RSP: 0018:ffffaa73405d0c60 EFLAGS: 00010282\n[ 876.949941] RAX: 0000000000000000 RBX: ffffead40445a348 RCX: 0000000000000000\n[ 876.949942] RDX: 0000000000000105 RSI: 00000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38490",
"url": "https://www.suse.com/security/cve/CVE-2025-38490"
},
{
"category": "external",
"summary": "SUSE Bug 1247243 for CVE-2025-38490",
"url": "https://bugzilla.suse.com/1247243"
},
{
"category": "external",
"summary": "SUSE Bug 1247384 for CVE-2025-38490",
"url": "https://bugzilla.suse.com/1247384"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38490"
},
{
"cve": "CVE-2025-38491",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38491"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: make fallback action and fallback decision atomic\n\nSyzkaller reported the following splat:\n\n WARNING: CPU: 1 PID: 7704 at net/mptcp/protocol.h:1223 __mptcp_do_fallback net/mptcp/protocol.h:1223 [inline]\n WARNING: CPU: 1 PID: 7704 at net/mptcp/protocol.h:1223 mptcp_do_fallback net/mptcp/protocol.h:1244 [inline]\n WARNING: CPU: 1 PID: 7704 at net/mptcp/protocol.h:1223 check_fully_established net/mptcp/options.c:982 [inline]\n WARNING: CPU: 1 PID: 7704 at net/mptcp/protocol.h:1223 mptcp_incoming_options+0x21a8/0x2510 net/mptcp/options.c:1153\n Modules linked in:\n CPU: 1 UID: 0 PID: 7704 Comm: syz.3.1419 Not tainted 6.16.0-rc3-gbd5ce2324dba #20 PREEMPT(voluntary)\n Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n RIP: 0010:__mptcp_do_fallback net/mptcp/protocol.h:1223 [inline]\n RIP: 0010:mptcp_do_fallback net/mptcp/protocol.h:1244 [inline]\n RIP: 0010:check_fully_established net/mptcp/options.c:982 [inline]\n RIP: 0010:mptcp_incoming_options+0x21a8/0x2510 net/mptcp/options.c:1153\n Code: 24 18 e8 bb 2a 00 fd e9 1b df ff ff e8 b1 21 0f 00 e8 ec 5f c4 fc 44 0f b7 ac 24 b0 00 00 00 e9 54 f1 ff ff e8 d9 5f c4 fc 90 \u003c0f\u003e 0b 90 e9 b8 f4 ff ff e8 8b 2a 00 fd e9 8d e6 ff ff e8 81 2a 00\n RSP: 0018:ffff8880a3f08448 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: ffff8880180a8000 RCX: ffffffff84afcf45\n RDX: ffff888090223700 RSI: ffffffff84afdaa7 RDI: 0000000000000001\n RBP: ffff888017955780 R08: 0000000000000001 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000\n R13: ffff8880180a8910 R14: ffff8880a3e9d058 R15: 0000000000000000\n FS: 00005555791b8500(0000) GS:ffff88811c495000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000110c2800b7 CR3: 0000000058e44000 CR4: 0000000000350ef0\n Call Trace:\n \u003cIRQ\u003e\n tcp_reset+0x26f/0x2b0 net/ipv4/tcp_input.c:4432\n tcp_validate_incoming+0x1057/0x1b60 net/ipv4/tcp_input.c:5975\n tcp_rcv_established+0x5b5/0x21f0 net/ipv4/tcp_input.c:6166\n tcp_v4_do_rcv+0x5dc/0xa70 net/ipv4/tcp_ipv4.c:1925\n tcp_v4_rcv+0x3473/0x44a0 net/ipv4/tcp_ipv4.c:2363\n ip_protocol_deliver_rcu+0xba/0x480 net/ipv4/ip_input.c:205\n ip_local_deliver_finish+0x2f1/0x500 net/ipv4/ip_input.c:233\n NF_HOOK include/linux/netfilter.h:317 [inline]\n NF_HOOK include/linux/netfilter.h:311 [inline]\n ip_local_deliver+0x1be/0x560 net/ipv4/ip_input.c:254\n dst_input include/net/dst.h:469 [inline]\n ip_rcv_finish net/ipv4/ip_input.c:447 [inline]\n NF_HOOK include/linux/netfilter.h:317 [inline]\n NF_HOOK include/linux/netfilter.h:311 [inline]\n ip_rcv+0x514/0x810 net/ipv4/ip_input.c:567\n __netif_receive_skb_one_core+0x197/0x1e0 net/core/dev.c:5975\n __netif_receive_skb+0x1f/0x120 net/core/dev.c:6088\n process_backlog+0x301/0x1360 net/core/dev.c:6440\n __napi_poll.constprop.0+0xba/0x550 net/core/dev.c:7453\n napi_poll net/core/dev.c:7517 [inline]\n net_rx_action+0xb44/0x1010 net/core/dev.c:7644\n handle_softirqs+0x1d0/0x770 kernel/softirq.c:579\n do_softirq+0x3f/0x90 kernel/softirq.c:480\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n __local_bh_enable_ip+0xed/0x110 kernel/softirq.c:407\n local_bh_enable include/linux/bottom_half.h:33 [inline]\n inet_csk_listen_stop+0x2c5/0x1070 net/ipv4/inet_connection_sock.c:1524\n mptcp_check_listen_stop.part.0+0x1cc/0x220 net/mptcp/protocol.c:2985\n mptcp_check_listen_stop net/mptcp/mib.h:118 [inline]\n __mptcp_close+0x9b9/0xbd0 net/mptcp/protocol.c:3000\n mptcp_close+0x2f/0x140 net/mptcp/protocol.c:3066\n inet_release+0xed/0x200 net/ipv4/af_inet.c:435\n inet6_release+0x4f/0x70 net/ipv6/af_inet6.c:487\n __sock_release+0xb3/0x270 net/socket.c:649\n sock_close+0x1c/0x30 net/socket.c:1439\n __fput+0x402/0xb70 fs/file_table.c:465\n task_work_run+0x150/0x240 kernel/task_work.c:227\n resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]\n exit_to_user_mode_loop+0xd4\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38491",
"url": "https://www.suse.com/security/cve/CVE-2025-38491"
},
{
"category": "external",
"summary": "SUSE Bug 1247280 for CVE-2025-38491",
"url": "https://bugzilla.suse.com/1247280"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38491"
},
{
"cve": "CVE-2025-38493",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38493"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/osnoise: Fix crash in timerlat_dump_stack()\n\nWe have observed kernel panics when using timerlat with stack saving,\nwith the following dmesg output:\n\nmemcpy: detected buffer overflow: 88 byte write of buffer size 0\nWARNING: CPU: 2 PID: 8153 at lib/string_helpers.c:1032 __fortify_report+0x55/0xa0\nCPU: 2 UID: 0 PID: 8153 Comm: timerlatu/2 Kdump: loaded Not tainted 6.15.3-200.fc42.x86_64 #1 PREEMPT(lazy)\nCall Trace:\n \u003cTASK\u003e\n ? trace_buffer_lock_reserve+0x2a/0x60\n __fortify_panic+0xd/0xf\n __timerlat_dump_stack.cold+0xd/0xd\n timerlat_dump_stack.part.0+0x47/0x80\n timerlat_fd_read+0x36d/0x390\n vfs_read+0xe2/0x390\n ? syscall_exit_to_user_mode+0x1d5/0x210\n ksys_read+0x73/0xe0\n do_syscall_64+0x7b/0x160\n ? exc_page_fault+0x7e/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n__timerlat_dump_stack() constructs the ftrace stack entry like this:\n\nstruct stack_entry *entry;\n...\nmemcpy(\u0026entry-\u003ecaller, fstack-\u003ecalls, size);\nentry-\u003esize = fstack-\u003enr_entries;\n\nSince commit e7186af7fb26 (\"tracing: Add back FORTIFY_SOURCE logic to\nkernel_stack event structure\"), struct stack_entry marks its caller\nfield with __counted_by(size). At the time of the memcpy, entry-\u003esize\ncontains garbage from the ringbuffer, which under some circumstances is\nzero, triggering a kernel panic by buffer overflow.\n\nPopulate the size field before the memcpy so that the out-of-bounds\ncheck knows the correct size. This is analogous to\n__ftrace_trace_stack().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38493",
"url": "https://www.suse.com/security/cve/CVE-2025-38493"
},
{
"category": "external",
"summary": "SUSE Bug 1247283 for CVE-2025-38493",
"url": "https://bugzilla.suse.com/1247283"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38493"
},
{
"cve": "CVE-2025-38494",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38494"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: do not bypass hid_hw_raw_request\n\nhid_hw_raw_request() is actually useful to ensure the provided buffer\nand length are valid. Directly calling in the low level transport driver\nfunction bypassed those checks and allowed invalid paramto be used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38494",
"url": "https://www.suse.com/security/cve/CVE-2025-38494"
},
{
"category": "external",
"summary": "SUSE Bug 1247349 for CVE-2025-38494",
"url": "https://bugzilla.suse.com/1247349"
},
{
"category": "external",
"summary": "SUSE Bug 1247350 for CVE-2025-38494",
"url": "https://bugzilla.suse.com/1247350"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38494"
},
{
"cve": "CVE-2025-38495",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38495"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: ensure the allocated report buffer can contain the reserved report ID\n\nWhen the report ID is not used, the low level transport drivers expect\nthe first byte to be 0. However, currently the allocated buffer not\naccount for that extra byte, meaning that instead of having 8 guaranteed\nbytes for implement to be working, we only have 7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38495",
"url": "https://www.suse.com/security/cve/CVE-2025-38495"
},
{
"category": "external",
"summary": "SUSE Bug 1247348 for CVE-2025-38495",
"url": "https://bugzilla.suse.com/1247348"
},
{
"category": "external",
"summary": "SUSE Bug 1247351 for CVE-2025-38495",
"url": "https://bugzilla.suse.com/1247351"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38495"
},
{
"cve": "CVE-2025-38496",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38496"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-bufio: fix sched in atomic context\n\nIf \"try_verify_in_tasklet\" is set for dm-verity, DM_BUFIO_CLIENT_NO_SLEEP\nis enabled for dm-bufio. However, when bufio tries to evict buffers, there\nis a chance to trigger scheduling in spin_lock_bh, the following warning\nis hit:\n\nBUG: sleeping function called from invalid context at drivers/md/dm-bufio.c:2745\nin_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 123, name: kworker/2:2\npreempt_count: 201, expected: 0\nRCU nest depth: 0, expected: 0\n4 locks held by kworker/2:2/123:\n #0: ffff88800a2d1548 ((wq_completion)dm_bufio_cache){....}-{0:0}, at: process_one_work+0xe46/0x1970\n #1: ffffc90000d97d20 ((work_completion)(\u0026dm_bufio_replacement_work)){....}-{0:0}, at: process_one_work+0x763/0x1970\n #2: ffffffff8555b528 (dm_bufio_clients_lock){....}-{3:3}, at: do_global_cleanup+0x1ce/0x710\n #3: ffff88801d5820b8 (\u0026c-\u003espinlock){....}-{2:2}, at: do_global_cleanup+0x2a5/0x710\nPreemption disabled at:\n[\u003c0000000000000000\u003e] 0x0\nCPU: 2 UID: 0 PID: 123 Comm: kworker/2:2 Not tainted 6.16.0-rc3-g90548c634bd0 #305 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nWorkqueue: dm_bufio_cache do_global_cleanup\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x53/0x70\n __might_resched+0x360/0x4e0\n do_global_cleanup+0x2f5/0x710\n process_one_work+0x7db/0x1970\n worker_thread+0x518/0xea0\n kthread+0x359/0x690\n ret_from_fork+0xf3/0x1b0\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nThat can be reproduced by:\n\n veritysetup format --data-block-size=4096 --hash-block-size=4096 /dev/vda /dev/vdb\n SIZE=$(blockdev --getsz /dev/vda)\n dmsetup create myverity -r --table \"0 $SIZE verity 1 /dev/vda /dev/vdb 4096 4096 \u003cdata_blocks\u003e 1 sha256 \u003croot_hash\u003e \u003csalt\u003e 1 try_verify_in_tasklet\"\n mount /dev/dm-0 /mnt -o ro\n echo 102400 \u003e /sys/module/dm_bufio/parameters/max_cache_size_bytes\n [read files in /mnt]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38496",
"url": "https://www.suse.com/security/cve/CVE-2025-38496"
},
{
"category": "external",
"summary": "SUSE Bug 1247284 for CVE-2025-38496",
"url": "https://bugzilla.suse.com/1247284"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38496"
},
{
"cve": "CVE-2025-38497",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38497"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: configfs: Fix OOB read on empty string write\n\nWhen writing an empty string to either \u0027qw_sign\u0027 or \u0027landingPage\u0027\nsysfs attributes, the store functions attempt to access page[l - 1]\nbefore validating that the length \u0027l\u0027 is greater than zero.\n\nThis patch fixes the vulnerability by adding a check at the beginning\nof os_desc_qw_sign_store() and webusb_landingPage_store() to handle\nthe zero-length input case gracefully by returning immediately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38497",
"url": "https://www.suse.com/security/cve/CVE-2025-38497"
},
{
"category": "external",
"summary": "SUSE Bug 1247347 for CVE-2025-38497",
"url": "https://bugzilla.suse.com/1247347"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38497"
},
{
"cve": "CVE-2025-38499",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38499"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns\n\nWhat we want is to verify there is that clone won\u0027t expose something\nhidden by a mount we wouldn\u0027t be able to undo. \"Wouldn\u0027t be able to undo\"\nmay be a result of MNT_LOCKED on a child, but it may also come from\nlacking admin rights in the userns of the namespace mount belongs to.\n\nclone_private_mnt() checks the former, but not the latter.\n\nThere\u0027s a number of rather confusing CAP_SYS_ADMIN checks in various\nuserns during the mount, especially with the new mount API; they serve\ndifferent purposes and in case of clone_private_mnt() they usually,\nbut not always end up covering the missing check mentioned above.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38499",
"url": "https://www.suse.com/security/cve/CVE-2025-38499"
},
{
"category": "external",
"summary": "SUSE Bug 1247976 for CVE-2025-38499",
"url": "https://bugzilla.suse.com/1247976"
},
{
"category": "external",
"summary": "SUSE Bug 1248673 for CVE-2025-38499",
"url": "https://bugzilla.suse.com/1248673"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38499"
},
{
"cve": "CVE-2025-38500",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38500"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: interface: fix use-after-free after changing collect_md xfrm interface\n\ncollect_md property on xfrm interfaces can only be set on device creation,\nthus xfrmi_changelink() should fail when called on such interfaces.\n\nThe check to enforce this was done only in the case where the xi was\nreturned from xfrmi_locate() which doesn\u0027t look for the collect_md\ninterface, and thus the validation was never reached.\n\nCalling changelink would thus errornously place the special interface xi\nin the xfrmi_net-\u003exfrmi hash, but since it also exists in the\nxfrmi_net-\u003ecollect_md_xfrmi pointer it would lead to a double free when\nthe net namespace was taken down [1].\n\nChange the check to use the xi from netdev_priv which is available earlier\nin the function to prevent changes in xfrm collect_md interfaces.\n\n[1] resulting oops:\n[ 8.516540] kernel BUG at net/core/dev.c:12029!\n[ 8.516552] Oops: invalid opcode: 0000 [#1] SMP NOPTI\n[ 8.516559] CPU: 0 UID: 0 PID: 12 Comm: kworker/u80:0 Not tainted 6.15.0-virtme #5 PREEMPT(voluntary)\n[ 8.516565] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 8.516569] Workqueue: netns cleanup_net\n[ 8.516579] RIP: 0010:unregister_netdevice_many_notify+0x101/0xab0\n[ 8.516590] Code: 90 0f 0b 90 48 8b b0 78 01 00 00 48 8b 90 80 01 00 00 48 89 56 08 48 89 32 4c 89 80 78 01 00 00 48 89 b8 80 01 00 00 eb ac 90 \u003c0f\u003e 0b 48 8b 45 00 4c 8d a0 88 fe ff ff 48 39 c5 74 5c 41 80 bc 24\n[ 8.516593] RSP: 0018:ffffa93b8006bd30 EFLAGS: 00010206\n[ 8.516598] RAX: ffff98fe4226e000 RBX: ffffa93b8006bd58 RCX: ffffa93b8006bc60\n[ 8.516601] RDX: 0000000000000004 RSI: 0000000000000000 RDI: dead000000000122\n[ 8.516603] RBP: ffffa93b8006bdd8 R08: dead000000000100 R09: ffff98fe4133c100\n[ 8.516605] R10: 0000000000000000 R11: 00000000000003d2 R12: ffffa93b8006be00\n[ 8.516608] R13: ffffffff96c1a510 R14: ffffffff96c1a510 R15: ffffa93b8006be00\n[ 8.516615] FS: 0000000000000000(0000) GS:ffff98fee73b7000(0000) knlGS:0000000000000000\n[ 8.516619] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 8.516622] CR2: 00007fcd2abd0700 CR3: 000000003aa40000 CR4: 0000000000752ef0\n[ 8.516625] PKRU: 55555554\n[ 8.516627] Call Trace:\n[ 8.516632] \u003cTASK\u003e\n[ 8.516635] ? rtnl_is_locked+0x15/0x20\n[ 8.516641] ? unregister_netdevice_queue+0x29/0xf0\n[ 8.516650] ops_undo_list+0x1f2/0x220\n[ 8.516659] cleanup_net+0x1ad/0x2e0\n[ 8.516664] process_one_work+0x160/0x380\n[ 8.516673] worker_thread+0x2aa/0x3c0\n[ 8.516679] ? __pfx_worker_thread+0x10/0x10\n[ 8.516686] kthread+0xfb/0x200\n[ 8.516690] ? __pfx_kthread+0x10/0x10\n[ 8.516693] ? __pfx_kthread+0x10/0x10\n[ 8.516697] ret_from_fork+0x82/0xf0\n[ 8.516705] ? __pfx_kthread+0x10/0x10\n[ 8.516709] ret_from_fork_asm+0x1a/0x30\n[ 8.516718] \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38500",
"url": "https://www.suse.com/security/cve/CVE-2025-38500"
},
{
"category": "external",
"summary": "SUSE Bug 1248088 for CVE-2025-38500",
"url": "https://bugzilla.suse.com/1248088"
},
{
"category": "external",
"summary": "SUSE Bug 1248672 for CVE-2025-38500",
"url": "https://bugzilla.suse.com/1248672"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38500"
},
{
"cve": "CVE-2025-38503",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38503"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix assertion when building free space tree\n\nWhen building the free space tree with the block group tree feature\nenabled, we can hit an assertion failure like this:\n\n BTRFS info (device loop0 state M): rebuilding free space tree\n assertion failed: ret == 0, in fs/btrfs/free-space-tree.c:1102\n ------------[ cut here ]------------\n kernel BUG at fs/btrfs/free-space-tree.c:1102!\n Internal error: Oops - BUG: 00000000f2000800 [#1] SMP\n Modules linked in:\n CPU: 1 UID: 0 PID: 6592 Comm: syz-executor322 Not tainted 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\n pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : populate_free_space_tree+0x514/0x518 fs/btrfs/free-space-tree.c:1102\n lr : populate_free_space_tree+0x514/0x518 fs/btrfs/free-space-tree.c:1102\n sp : ffff8000a4ce7600\n x29: ffff8000a4ce76e0 x28: ffff0000c9bc6000 x27: ffff0000ddfff3d8\n x26: ffff0000ddfff378 x25: dfff800000000000 x24: 0000000000000001\n x23: ffff8000a4ce7660 x22: ffff70001499cecc x21: ffff0000e1d8c160\n x20: ffff0000e1cb7800 x19: ffff0000e1d8c0b0 x18: 00000000ffffffff\n x17: ffff800092f39000 x16: ffff80008ad27e48 x15: ffff700011e740c0\n x14: 1ffff00011e740c0 x13: 0000000000000004 x12: ffffffffffffffff\n x11: ffff700011e740c0 x10: 0000000000ff0100 x9 : 94ef24f55d2dbc00\n x8 : 94ef24f55d2dbc00 x7 : 0000000000000001 x6 : 0000000000000001\n x5 : ffff8000a4ce6f98 x4 : ffff80008f415ba0 x3 : ffff800080548ef0\n x2 : 0000000000000000 x1 : 0000000100000000 x0 : 000000000000003e\n Call trace:\n populate_free_space_tree+0x514/0x518 fs/btrfs/free-space-tree.c:1102 (P)\n btrfs_rebuild_free_space_tree+0x14c/0x54c fs/btrfs/free-space-tree.c:1337\n btrfs_start_pre_rw_mount+0xa78/0xe10 fs/btrfs/disk-io.c:3074\n btrfs_remount_rw fs/btrfs/super.c:1319 [inline]\n btrfs_reconfigure+0x828/0x2418 fs/btrfs/super.c:1543\n reconfigure_super+0x1d4/0x6f0 fs/super.c:1083\n do_remount fs/namespace.c:3365 [inline]\n path_mount+0xb34/0xde0 fs/namespace.c:4200\n do_mount fs/namespace.c:4221 [inline]\n __do_sys_mount fs/namespace.c:4432 [inline]\n __se_sys_mount fs/namespace.c:4409 [inline]\n __arm64_sys_mount+0x3e8/0x468 fs/namespace.c:4409\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x58/0x17c arch/arm64/kernel/entry-common.c:767\n el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:786\n el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600\n Code: f0047182 91178042 528089c3 9771d47b (d4210000)\n ---[ end trace 0000000000000000 ]---\n\nThis happens because we are processing an empty block group, which has\nno extents allocated from it, there are no items for this block group,\nincluding the block group item since block group items are stored in a\ndedicated tree when using the block group tree feature. It also means\nthis is the block group with the highest start offset, so there are no\nhigher keys in the extent root, hence btrfs_search_slot_for_read()\nreturns 1 (no higher key found).\n\nFix this by asserting \u0027ret\u0027 is 0 only if the block group tree feature\nis not enabled, in which case we should find a block group item for\nthe block group since it\u0027s stored in the extent root and block group\nitem keys are greater than extent item keys (the value for\nBTRFS_BLOCK_GROUP_ITEM_KEY is 192 and for BTRFS_EXTENT_ITEM_KEY and\nBTRFS_METADATA_ITEM_KEY the values are 168 and 169 respectively).\nIn case \u0027ret\u0027 is 1, we just need to add a record to the free space\ntree which spans the whole block group, and we can achieve this by\nmaking \u0027ret == 0\u0027 as the while loop\u0027s condition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38503",
"url": "https://www.suse.com/security/cve/CVE-2025-38503"
},
{
"category": "external",
"summary": "SUSE Bug 1248183 for CVE-2025-38503",
"url": "https://bugzilla.suse.com/1248183"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38503"
},
{
"cve": "CVE-2025-38506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38506"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Allow CPU to reschedule while setting per-page memory attributes\n\nWhen running an SEV-SNP guest with a sufficiently large amount of memory (1TB+),\nthe host can experience CPU soft lockups when running an operation in\nkvm_vm_set_mem_attributes() to set memory attributes on the whole\nrange of guest memory.\n\nwatchdog: BUG: soft lockup - CPU#8 stuck for 26s! [qemu-kvm:6372]\nCPU: 8 UID: 0 PID: 6372 Comm: qemu-kvm Kdump: loaded Not tainted 6.15.0-rc7.20250520.el9uek.rc1.x86_64 #1 PREEMPT(voluntary)\nHardware name: Oracle Corporation ORACLE SERVER E4-2c/Asm,MB Tray,2U,E4-2c, BIOS 78016600 11/13/2024\nRIP: 0010:xas_create+0x78/0x1f0\nCode: 00 00 00 41 80 fc 01 0f 84 82 00 00 00 ba 06 00 00 00 bd 06 00 00 00 49 8b 45 08 4d 8d 65 08 41 39 d6 73 20 83 ed 06 48 85 c0 \u003c74\u003e 67 48 89 c2 83 e2 03 48 83 fa 02 75 0c 48 3d 00 10 00 00 0f 87\nRSP: 0018:ffffad890a34b940 EFLAGS: 00000286\nRAX: ffff96f30b261daa RBX: ffffad890a34b9c8 RCX: 0000000000000000\nRDX: 000000000000001e RSI: 0000000000000000 RDI: 0000000000000000\nRBP: 0000000000000018 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffad890a356868\nR13: ffffad890a356860 R14: 0000000000000000 R15: ffffad890a356868\nFS: 00007f5578a2a400(0000) GS:ffff97ed317e1000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f015c70fb18 CR3: 00000001109fd006 CR4: 0000000000f70ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n xas_store+0x58/0x630\n __xa_store+0xa5/0x130\n xa_store+0x2c/0x50\n kvm_vm_set_mem_attributes+0x343/0x710 [kvm]\n kvm_vm_ioctl+0x796/0xab0 [kvm]\n __x64_sys_ioctl+0xa3/0xd0\n do_syscall_64+0x8c/0x7a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f5578d031bb\nCode: ff ff ff 85 c0 79 9b 49 c7 c4 ff ff ff ff 5b 5d 4c 89 e0 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 2d 4c 0f 00 f7 d8 64 89 01 48\nRSP: 002b:00007ffe0a742b88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 000000004020aed2 RCX: 00007f5578d031bb\nRDX: 00007ffe0a742c80 RSI: 000000004020aed2 RDI: 000000000000000b\nRBP: 0000010000000000 R08: 0000010000000000 R09: 0000017680000000\nR10: 0000000000000080 R11: 0000000000000246 R12: 00005575e5f95120\nR13: 00007ffe0a742c80 R14: 0000000000000008 R15: 00005575e5f961e0\n\nWhile looping through the range of memory setting the attributes,\ncall cond_resched() to give the scheduler a chance to run a higher\npriority task on the runqueue if necessary and avoid staying in\nkernel mode long enough to trigger the lockup.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38506",
"url": "https://www.suse.com/security/cve/CVE-2025-38506"
},
{
"category": "external",
"summary": "SUSE Bug 1248186 for CVE-2025-38506",
"url": "https://bugzilla.suse.com/1248186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "low"
}
],
"title": "CVE-2025-38506"
},
{
"cve": "CVE-2025-38508",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38508"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/sev: Use TSC_FACTOR for Secure TSC frequency calculation\n\nWhen using Secure TSC, the GUEST_TSC_FREQ MSR reports a frequency based on\nthe nominal P0 frequency, which deviates slightly (typically ~0.2%) from\nthe actual mean TSC frequency due to clocking parameters.\n\nOver extended VM uptime, this discrepancy accumulates, causing clock skew\nbetween the hypervisor and a SEV-SNP VM, leading to early timer interrupts as\nperceived by the guest.\n\nThe guest kernel relies on the reported nominal frequency for TSC-based\ntimekeeping, while the actual frequency set during SNP_LAUNCH_START may\ndiffer. This mismatch results in inaccurate time calculations, causing the\nguest to perceive hrtimers as firing earlier than expected.\n\nUtilize the TSC_FACTOR from the SEV firmware\u0027s secrets page (see \"Secrets\nPage Format\" in the SNP Firmware ABI Specification) to calculate the mean\nTSC frequency, ensuring accurate timekeeping and mitigating clock skew in\nSEV-SNP VMs.\n\nUse early_ioremap_encrypted() to map the secrets page as\nioremap_encrypted() uses kmalloc() which is not available during early TSC\ninitialization and causes a panic.\n\n [ bp: Drop the silly dummy var:\n https://lore.kernel.org/r/20250630192726.GBaGLlHl84xIopx4Pt@fat_crate.local ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38508",
"url": "https://www.suse.com/security/cve/CVE-2025-38508"
},
{
"category": "external",
"summary": "SUSE Bug 1248190 for CVE-2025-38508",
"url": "https://bugzilla.suse.com/1248190"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38508"
},
{
"cve": "CVE-2025-38514",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38514"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix oops due to non-existence of prealloc backlog struct\n\nIf an AF_RXRPC service socket is opened and bound, but calls are\npreallocated, then rxrpc_alloc_incoming_call() will oops because the\nrxrpc_backlog struct doesn\u0027t get allocated until the first preallocation is\nmade.\n\nFix this by returning NULL from rxrpc_alloc_incoming_call() if there is no\nbacklog struct. This will cause the incoming call to be aborted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38514",
"url": "https://www.suse.com/security/cve/CVE-2025-38514"
},
{
"category": "external",
"summary": "SUSE Bug 1248202 for CVE-2025-38514",
"url": "https://bugzilla.suse.com/1248202"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38514"
},
{
"cve": "CVE-2025-38524",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38524"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix recv-recv race of completed call\n\nIf a call receives an event (such as incoming data), the call gets placed\non the socket\u0027s queue and a thread in recvmsg can be awakened to go and\nprocess it. Once the thread has picked up the call off of the queue,\nfurther events will cause it to be requeued, and once the socket lock is\ndropped (recvmsg uses call-\u003euser_mutex to allow the socket to be used in\nparallel), a second thread can come in and its recvmsg can pop the call off\nthe socket queue again.\n\nIn such a case, the first thread will be receiving stuff from the call and\nthe second thread will be blocked on call-\u003euser_mutex. The first thread\ncan, at this point, process both the event that it picked call for and the\nevent that the second thread picked the call for and may see the call\nterminate - in which case the call will be \"released\", decoupling the call\nfrom the user call ID assigned to it (RXRPC_USER_CALL_ID in the control\nmessage).\n\nThe first thread will return okay, but then the second thread will wake up\nholding the user_mutex and, if it sees that the call has been released by\nthe first thread, it will BUG thusly:\n\n\tkernel BUG at net/rxrpc/recvmsg.c:474!\n\nFix this by just dequeuing the call and ignoring it if it is seen to be\nalready released. We can\u0027t tell userspace about it anyway as the user call\nID has become stale.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38524",
"url": "https://www.suse.com/security/cve/CVE-2025-38524"
},
{
"category": "external",
"summary": "SUSE Bug 1248194 for CVE-2025-38524",
"url": "https://bugzilla.suse.com/1248194"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38524"
},
{
"cve": "CVE-2025-38526",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38526"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: add NULL check in eswitch lag check\n\nThe function ice_lag_is_switchdev_running() is being called from outside of\nthe LAG event handler code. This results in the lag-\u003eupper_netdev being\nNULL sometimes. To avoid a NULL-pointer dereference, there needs to be a\ncheck before it is dereferenced.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38526",
"url": "https://www.suse.com/security/cve/CVE-2025-38526"
},
{
"category": "external",
"summary": "SUSE Bug 1248192 for CVE-2025-38526",
"url": "https://bugzilla.suse.com/1248192"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38526"
},
{
"cve": "CVE-2025-38527",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38527"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix use-after-free in cifs_oplock_break\n\nA race condition can occur in cifs_oplock_break() leading to a\nuse-after-free of the cinode structure when unmounting:\n\n cifs_oplock_break()\n _cifsFileInfo_put(cfile)\n cifsFileInfo_put_final()\n cifs_sb_deactive()\n [last ref, start releasing sb]\n kill_sb()\n kill_anon_super()\n generic_shutdown_super()\n evict_inodes()\n dispose_list()\n evict()\n destroy_inode()\n call_rcu(\u0026inode-\u003ei_rcu, i_callback)\n spin_lock(\u0026cinode-\u003eopen_file_lock) \u003c- OK\n [later] i_callback()\n cifs_free_inode()\n kmem_cache_free(cinode)\n spin_unlock(\u0026cinode-\u003eopen_file_lock) \u003c- UAF\n cifs_done_oplock_break(cinode) \u003c- UAF\n\nThe issue occurs when umount has already released its reference to the\nsuperblock. When _cifsFileInfo_put() calls cifs_sb_deactive(), this\nreleases the last reference, triggering the immediate cleanup of all\ninodes under RCU. However, cifs_oplock_break() continues to access the\ncinode after this point, resulting in use-after-free.\n\nFix this by holding an extra reference to the superblock during the\nentire oplock break operation. This ensures that the superblock and\nits inodes remain valid until the oplock break completes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38527",
"url": "https://www.suse.com/security/cve/CVE-2025-38527"
},
{
"category": "external",
"summary": "SUSE Bug 1248199 for CVE-2025-38527",
"url": "https://bugzilla.suse.com/1248199"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38527"
},
{
"cve": "CVE-2025-38528",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38528"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Reject %p% format string in bprintf-like helpers\n\nstatic const char fmt[] = \"%p%\";\n bpf_trace_printk(fmt, sizeof(fmt));\n\nThe above BPF program isn\u0027t rejected and causes a kernel warning at\nruntime:\n\n Please remove unsupported %\\x00 in format string\n WARNING: CPU: 1 PID: 7244 at lib/vsprintf.c:2680 format_decode+0x49c/0x5d0\n\nThis happens because bpf_bprintf_prepare skips over the second %,\ndetected as punctuation, while processing %p. This patch fixes it by\nnot skipping over punctuation. %\\x00 is then processed in the next\niteration and rejected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38528",
"url": "https://www.suse.com/security/cve/CVE-2025-38528"
},
{
"category": "external",
"summary": "SUSE Bug 1248198 for CVE-2025-38528",
"url": "https://bugzilla.suse.com/1248198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38528"
},
{
"cve": "CVE-2025-38531",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38531"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: common: st_sensors: Fix use of uninitialize device structs\n\nThroughout the various probe functions \u0026indio_dev-\u003edev is used before it\nis initialized. This caused a kernel panic in st_sensors_power_enable()\nwhen the call to devm_regulator_bulk_get_enable() fails and then calls\ndev_err_probe() with the uninitialized device.\n\nThis seems to only cause a panic with dev_err_probe(), dev_err(),\ndev_warn() and dev_info() don\u0027t seem to cause a panic, but are fixed\nas well.\n\nThe issue is reported and traced here: [1]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38531",
"url": "https://www.suse.com/security/cve/CVE-2025-38531"
},
{
"category": "external",
"summary": "SUSE Bug 1248205 for CVE-2025-38531",
"url": "https://bugzilla.suse.com/1248205"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38531"
},
{
"cve": "CVE-2025-38533",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38533"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: libwx: fix the using of Rx buffer DMA\n\nThe wx_rx_buffer structure contained two DMA address fields: \u0027dma\u0027 and\n\u0027page_dma\u0027. However, only \u0027page_dma\u0027 was actually initialized and used\nto program the Rx descriptor. But \u0027dma\u0027 was uninitialized and used in\nsome paths.\n\nThis could lead to undefined behavior, including DMA errors or\nuse-after-free, if the uninitialized \u0027dma\u0027 was used. Althrough such\nerror has not yet occurred, it is worth fixing in the code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38533",
"url": "https://www.suse.com/security/cve/CVE-2025-38533"
},
{
"category": "external",
"summary": "SUSE Bug 1248200 for CVE-2025-38533",
"url": "https://bugzilla.suse.com/1248200"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38533"
},
{
"cve": "CVE-2025-38539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38539"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Add down_write(trace_event_sem) when adding trace event\n\nWhen a module is loaded, it adds trace events defined by the module. It\nmay also need to modify the modules trace printk formats to replace enum\nnames with their values.\n\nIf two modules are loaded at the same time, the adding of the event to the\nftrace_events list can corrupt the walking of the list in the code that is\nmodifying the printk format strings and crash the kernel.\n\nThe addition of the event should take the trace_event_sem for write while\nit adds the new event.\n\nAlso add a lockdep_assert_held() on that semaphore in\n__trace_add_event_dirs() as it iterates the list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38539",
"url": "https://www.suse.com/security/cve/CVE-2025-38539"
},
{
"category": "external",
"summary": "SUSE Bug 1248211 for CVE-2025-38539",
"url": "https://bugzilla.suse.com/1248211"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38539"
},
{
"cve": "CVE-2025-38544",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38544"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix bug due to prealloc collision\n\nWhen userspace is using AF_RXRPC to provide a server, it has to preallocate\nincoming calls and assign to them call IDs that will be used to thread\nrelated recvmsg() and sendmsg() together. The preallocated call IDs will\nautomatically be attached to calls as they come in until the pool is empty.\n\nTo the kernel, the call IDs are just arbitrary numbers, but userspace can\nuse the call ID to hold a pointer to prepared structs. In any case, the\nuser isn\u0027t permitted to create two calls with the same call ID (call IDs\nbecome available again when the call ends) and EBADSLT should result from\nsendmsg() if an attempt is made to preallocate a call with an in-use call\nID.\n\nHowever, the cleanup in the error handling will trigger both assertions in\nrxrpc_cleanup_call() because the call isn\u0027t marked complete and isn\u0027t\nmarked as having been released.\n\nFix this by setting the call state in rxrpc_service_prealloc_one() and then\nmarking it as being released before calling the cleanup function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38544",
"url": "https://www.suse.com/security/cve/CVE-2025-38544"
},
{
"category": "external",
"summary": "SUSE Bug 1248225 for CVE-2025-38544",
"url": "https://bugzilla.suse.com/1248225"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38544"
},
{
"cve": "CVE-2025-38545",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38545"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: ti: am65-cpsw-nuss: Fix skb size by accounting for skb_shared_info\n\nWhile transitioning from netdev_alloc_ip_align() to build_skb(), memory\nfor the \"skb_shared_info\" member of an \"skb\" was not allocated. Fix this\nby allocating \"PAGE_SIZE\" as the skb length, accounting for the packet\nlength, headroom and tailroom, thereby including the required memory space\nfor skb_shared_info.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38545",
"url": "https://www.suse.com/security/cve/CVE-2025-38545"
},
{
"category": "external",
"summary": "SUSE Bug 1248224 for CVE-2025-38545",
"url": "https://bugzilla.suse.com/1248224"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38545"
},
{
"cve": "CVE-2025-38546",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38546"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: clip: Fix memory leak of struct clip_vcc.\n\nioctl(ATMARP_MKIP) allocates struct clip_vcc and set it to\nvcc-\u003euser_back.\n\nThe code assumes that vcc_destroy_socket() passes NULL skb\nto vcc-\u003epush() when the socket is close()d, and then clip_push()\nfrees clip_vcc.\n\nHowever, ioctl(ATMARPD_CTRL) sets NULL to vcc-\u003epush() in\natm_init_atmarp(), resulting in memory leak.\n\nLet\u0027s serialise two ioctl() by lock_sock() and check vcc-\u003epush()\nin atm_init_atmarp() to prevent memleak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38546",
"url": "https://www.suse.com/security/cve/CVE-2025-38546"
},
{
"category": "external",
"summary": "SUSE Bug 1248223 for CVE-2025-38546",
"url": "https://bugzilla.suse.com/1248223"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38546"
},
{
"cve": "CVE-2025-38549",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38549"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nefivarfs: Fix memory leak of efivarfs_fs_info in fs_context error paths\n\nWhen processing mount options, efivarfs allocates efivarfs_fs_info (sfi)\nearly in fs_context initialization. However, sfi is associated with the\nsuperblock and typically freed when the superblock is destroyed. If the\nfs_context is released (final put) before fill_super is called-such as\non error paths or during reconfiguration-the sfi structure would leak,\nas ownership never transfers to the superblock.\n\nImplement the .free callback in efivarfs_context_ops to ensure any\nallocated sfi is properly freed if the fs_context is torn down before\nfill_super, preventing this memory leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38549",
"url": "https://www.suse.com/security/cve/CVE-2025-38549"
},
{
"category": "external",
"summary": "SUSE Bug 1248235 for CVE-2025-38549",
"url": "https://bugzilla.suse.com/1248235"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "low"
}
],
"title": "CVE-2025-38549"
},
{
"cve": "CVE-2025-38552",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38552"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: plug races between subflow fail and subflow creation\n\nWe have races similar to the one addressed by the previous patch between\nsubflow failing and additional subflow creation. They are just harder to\ntrigger.\n\nThe solution is similar. Use a separate flag to track the condition\n\u0027socket state prevent any additional subflow creation\u0027 protected by the\nfallback lock.\n\nThe socket fallback makes such flag true, and also receiving or sending\nan MP_FAIL option.\n\nThe field \u0027allow_infinite_fallback\u0027 is now always touched under the\nrelevant lock, we can drop the ONCE annotation on write.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38552",
"url": "https://www.suse.com/security/cve/CVE-2025-38552"
},
{
"category": "external",
"summary": "SUSE Bug 1248230 for CVE-2025-38552",
"url": "https://bugzilla.suse.com/1248230"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38552"
},
{
"cve": "CVE-2025-38553",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38553"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Restrict conditions for adding duplicating netems to qdisc tree\n\nnetem_enqueue\u0027s duplication prevention logic breaks when a netem\nresides in a qdisc tree with other netems - this can lead to a\nsoft lockup and OOM loop in netem_dequeue, as seen in [1].\nEnsure that a duplicating netem cannot exist in a tree with other\nnetems.\n\nPrevious approaches suggested in discussions in chronological order:\n\n1) Track duplication status or ttl in the sk_buff struct. Considered\ntoo specific a use case to extend such a struct, though this would\nbe a resilient fix and address other previous and potential future\nDOS bugs like the one described in loopy fun [2].\n\n2) Restrict netem_enqueue recursion depth like in act_mirred with a\nper cpu variable. However, netem_dequeue can call enqueue on its\nchild, and the depth restriction could be bypassed if the child is a\nnetem.\n\n3) Use the same approach as in 2, but add metadata in netem_skb_cb\nto handle the netem_dequeue case and track a packet\u0027s involvement\nin duplication. This is an overly complex approach, and Jamal\nnotes that the skb cb can be overwritten to circumvent this\nsafeguard.\n\n4) Prevent the addition of a netem to a qdisc tree if its ancestral\npath contains a netem. However, filters and actions can cause a\npacket to change paths when re-enqueued to the root from netem\nduplication, leading us to the current solution: prevent a\nduplicating netem from inhabiting the same tree as other netems.\n\n[1] https://lore.kernel.org/netdev/8DuRWwfqjoRDLDmBMlIfbrsZg9Gx50DHJc1ilxsEBNe2D6NMoigR_eIRIG0LOjMc3r10nUUZtArXx4oZBIdUfZQrwjcQhdinnMis_0G7VEk=@willsroot.io/\n[2] https://lwn.net/Articles/719297/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38553",
"url": "https://www.suse.com/security/cve/CVE-2025-38553"
},
{
"category": "external",
"summary": "SUSE Bug 1248255 for CVE-2025-38553",
"url": "https://bugzilla.suse.com/1248255"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38553"
},
{
"cve": "CVE-2025-38554",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38554"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: fix a UAF when vma-\u003emm is freed after vma-\u003evm_refcnt got dropped\n\nBy inducing delays in the right places, Jann Horn created a reproducer for\na hard to hit UAF issue that became possible after VMAs were allowed to be\nrecycled by adding SLAB_TYPESAFE_BY_RCU to their cache.\n\nRace description is borrowed from Jann\u0027s discovery report:\nlock_vma_under_rcu() looks up a VMA locklessly with mas_walk() under\nrcu_read_lock(). At that point, the VMA may be concurrently freed, and it\ncan be recycled by another process. vma_start_read() then increments the\nvma-\u003evm_refcnt (if it is in an acceptable range), and if this succeeds,\nvma_start_read() can return a recycled VMA.\n\nIn this scenario where the VMA has been recycled, lock_vma_under_rcu()\nwill then detect the mismatching -\u003evm_mm pointer and drop the VMA through\nvma_end_read(), which calls vma_refcount_put(). vma_refcount_put() drops\nthe refcount and then calls rcuwait_wake_up() using a copy of vma-\u003evm_mm. \nThis is wrong: It implicitly assumes that the caller is keeping the VMA\u0027s\nmm alive, but in this scenario the caller has no relation to the VMA\u0027s mm,\nso the rcuwait_wake_up() can cause UAF.\n\nThe diagram depicting the race:\nT1 T2 T3\n== == ==\nlock_vma_under_rcu\n mas_walk\n \u003cVMA gets removed from mm\u003e\n mmap\n \u003cthe same VMA is reallocated\u003e\n vma_start_read\n __refcount_inc_not_zero_limited_acquire\n munmap\n __vma_enter_locked\n refcount_add_not_zero\n vma_end_read\n vma_refcount_put\n __refcount_dec_and_test\n rcuwait_wait_event\n \u003cfinish operation\u003e\n rcuwait_wake_up [UAF]\n\nNote that rcuwait_wait_event() in T3 does not block because refcount was\nalready dropped by T1. At this point T3 can exit and free the mm causing\nUAF in T1.\n\nTo avoid this we move vma-\u003evm_mm verification into vma_start_read() and\ngrab vma-\u003evm_mm to stabilize it before vma_refcount_put() operation.\n\n[surenb@google.com: v3]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38554",
"url": "https://www.suse.com/security/cve/CVE-2025-38554"
},
{
"category": "external",
"summary": "SUSE Bug 1248299 for CVE-2025-38554",
"url": "https://bugzilla.suse.com/1248299"
},
{
"category": "external",
"summary": "SUSE Bug 1248301 for CVE-2025-38554",
"url": "https://bugzilla.suse.com/1248301"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38554"
},
{
"cve": "CVE-2025-38555",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38555"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget : fix use-after-free in composite_dev_cleanup()\n\n1. In func configfs_composite_bind() -\u003e composite_os_desc_req_prepare():\nif kmalloc fails, the pointer cdev-\u003eos_desc_req will be freed but not\nset to NULL. Then it will return a failure to the upper-level function.\n2. in func configfs_composite_bind() -\u003e composite_dev_cleanup():\nit will checks whether cdev-\u003eos_desc_req is NULL. If it is not NULL, it\nwill attempt to use it.This will lead to a use-after-free issue.\n\nBUG: KASAN: use-after-free in composite_dev_cleanup+0xf4/0x2c0\nRead of size 8 at addr 0000004827837a00 by task init/1\n\nCPU: 10 PID: 1 Comm: init Tainted: G O 5.10.97-oh #1\n kasan_report+0x188/0x1cc\n __asan_load8+0xb4/0xbc\n composite_dev_cleanup+0xf4/0x2c0\n configfs_composite_bind+0x210/0x7ac\n udc_bind_to_driver+0xb4/0x1ec\n usb_gadget_probe_driver+0xec/0x21c\n gadget_dev_desc_UDC_store+0x264/0x27c",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38555",
"url": "https://www.suse.com/security/cve/CVE-2025-38555"
},
{
"category": "external",
"summary": "SUSE Bug 1248297 for CVE-2025-38555",
"url": "https://bugzilla.suse.com/1248297"
},
{
"category": "external",
"summary": "SUSE Bug 1248298 for CVE-2025-38555",
"url": "https://bugzilla.suse.com/1248298"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38555"
},
{
"cve": "CVE-2025-38556",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38556"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: Harden s32ton() against conversion to 0 bits\n\nTesting by the syzbot fuzzer showed that the HID core gets a\nshift-out-of-bounds exception when it tries to convert a 32-bit\nquantity to a 0-bit quantity. Ideally this should never occur, but\nthere are buggy devices and some might have a report field with size\nset to zero; we shouldn\u0027t reject the report or the device just because\nof that.\n\nInstead, harden the s32ton() routine so that it returns a reasonable\nresult instead of crashing when it is called with the number of bits\nset to 0 -- the same as what snto32() does.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38556",
"url": "https://www.suse.com/security/cve/CVE-2025-38556"
},
{
"category": "external",
"summary": "SUSE Bug 1248296 for CVE-2025-38556",
"url": "https://bugzilla.suse.com/1248296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38556"
},
{
"cve": "CVE-2025-38557",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38557"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: apple: validate feature-report field count to prevent NULL pointer dereference\n\nA malicious HID device with quirk APPLE_MAGIC_BACKLIGHT can trigger a NULL\npointer dereference whilst the power feature-report is toggled and sent to\nthe device in apple_magic_backlight_report_set(). The power feature-report\nis expected to have two data fields, but if the descriptor declares one\nfield then accessing field[1] and dereferencing it in\napple_magic_backlight_report_set() becomes invalid\nsince field[1] will be NULL.\n\nAn example of a minimal descriptor which can cause the crash is something\nlike the following where the report with ID 3 (power report) only\nreferences a single 1-byte field. When hid core parses the descriptor it\nwill encounter the final feature tag, allocate a hid_report (all members\nof field[] will be zeroed out), create field structure and populate it,\nincreasing the maxfield to 1. The subsequent field[1] access and\ndereference causes the crash.\n\n Usage Page (Vendor Defined 0xFF00)\n Usage (0x0F)\n Collection (Application)\n Report ID (1)\n Usage (0x01)\n Logical Minimum (0)\n Logical Maximum (255)\n Report Size (8)\n Report Count (1)\n Feature (Data,Var,Abs)\n\n Usage (0x02)\n Logical Maximum (32767)\n Report Size (16)\n Report Count (1)\n Feature (Data,Var,Abs)\n\n Report ID (3)\n Usage (0x03)\n Logical Minimum (0)\n Logical Maximum (1)\n Report Size (8)\n Report Count (1)\n Feature (Data,Var,Abs)\n End Collection\n\nHere we see the KASAN splat when the kernel dereferences the\nNULL pointer and crashes:\n\n [ 15.164723] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] SMP KASAN NOPTI\n [ 15.165691] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]\n [ 15.165691] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.15.0 #31 PREEMPT(voluntary)\n [ 15.165691] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\n [ 15.165691] RIP: 0010:apple_magic_backlight_report_set+0xbf/0x210\n [ 15.165691] Call Trace:\n [ 15.165691] \u003cTASK\u003e\n [ 15.165691] apple_probe+0x571/0xa20\n [ 15.165691] hid_device_probe+0x2e2/0x6f0\n [ 15.165691] really_probe+0x1ca/0x5c0\n [ 15.165691] __driver_probe_device+0x24f/0x310\n [ 15.165691] driver_probe_device+0x4a/0xd0\n [ 15.165691] __device_attach_driver+0x169/0x220\n [ 15.165691] bus_for_each_drv+0x118/0x1b0\n [ 15.165691] __device_attach+0x1d5/0x380\n [ 15.165691] device_initial_probe+0x12/0x20\n [ 15.165691] bus_probe_device+0x13d/0x180\n [ 15.165691] device_add+0xd87/0x1510\n [...]\n\nTo fix this issue we should validate the number of fields that the\nbacklight and power reports have and if they do not have the required\nnumber of fields then bail.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38557",
"url": "https://www.suse.com/security/cve/CVE-2025-38557"
},
{
"category": "external",
"summary": "SUSE Bug 1248304 for CVE-2025-38557",
"url": "https://bugzilla.suse.com/1248304"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38557"
},
{
"cve": "CVE-2025-38559",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38559"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86/intel/pmt: fix a crashlog NULL pointer access\n\nUsage of the intel_pmt_read() for binary sysfs, requires a pcidev. The\ncurrent use of the endpoint value is only valid for telemetry endpoint\nusage.\n\nWithout the ep, the crashlog usage causes the following NULL pointer\nexception:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nOops: Oops: 0000 [#1] SMP NOPTI\nRIP: 0010:intel_pmt_read+0x3b/0x70 [pmt_class]\nCode:\nCall Trace:\n \u003cTASK\u003e\n ? sysfs_kf_bin_read+0xc0/0xe0\n kernfs_fop_read_iter+0xac/0x1a0\n vfs_read+0x26d/0x350\n ksys_read+0x6b/0xe0\n __x64_sys_read+0x1d/0x30\n x64_sys_call+0x1bc8/0x1d70\n do_syscall_64+0x6d/0x110\n\nAugment struct intel_pmt_entry with a pointer to the pcidev to avoid\nthe NULL pointer exception.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38559",
"url": "https://www.suse.com/security/cve/CVE-2025-38559"
},
{
"category": "external",
"summary": "SUSE Bug 1248302 for CVE-2025-38559",
"url": "https://bugzilla.suse.com/1248302"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38559"
},
{
"cve": "CVE-2025-38560",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38560"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/sev: Evict cache lines during SNP memory validation\n\nAn SNP cache coherency vulnerability requires a cache line eviction\nmitigation when validating memory after a page state change to private.\nThe specific mitigation is to touch the first and last byte of each 4K\npage that is being validated. There is no need to perform the mitigation\nwhen performing a page state change to shared and rescinding validation.\n\nCPUID bit Fn8000001F_EBX[31] defines the COHERENCY_SFW_NO CPUID bit\nthat, when set, indicates that the software mitigation for this\nvulnerability is not needed.\n\nImplement the mitigation and invoke it when validating memory (making it\nprivate) and the COHERENCY_SFW_NO bit is not set, indicating the SNP\nguest is vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38560",
"url": "https://www.suse.com/security/cve/CVE-2025-38560"
},
{
"category": "external",
"summary": "SUSE Bug 1248312 for CVE-2025-38560",
"url": "https://bugzilla.suse.com/1248312"
},
{
"category": "external",
"summary": "SUSE Bug 1248313 for CVE-2025-38560",
"url": "https://bugzilla.suse.com/1248313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38560"
},
{
"cve": "CVE-2025-38563",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38563"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Prevent VMA split of buffer mappings\n\nThe perf mmap code is careful about mmap()\u0027ing the user page with the\nringbuffer and additionally the auxiliary buffer, when the event supports\nit. Once the first mapping is established, subsequent mapping have to use\nthe same offset and the same size in both cases. The reference counting for\nthe ringbuffer and the auxiliary buffer depends on this being correct.\n\nThough perf does not prevent that a related mapping is split via mmap(2),\nmunmap(2) or mremap(2). A split of a VMA results in perf_mmap_open() calls,\nwhich take reference counts, but then the subsequent perf_mmap_close()\ncalls are not longer fulfilling the offset and size checks. This leads to\nreference count leaks.\n\nAs perf already has the requirement for subsequent mappings to match the\ninitial mapping, the obvious consequence is that VMA splits, caused by\nresizing of a mapping or partial unmapping, have to be prevented.\n\nImplement the vm_operations_struct::may_split() callback and return\nunconditionally -EINVAL.\n\nThat ensures that the mapping offsets and sizes cannot be changed after the\nfact. Remapping to a different fixed address with the same size is still\npossible as it takes the references for the new mapping and drops those of\nthe old mapping.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38563",
"url": "https://www.suse.com/security/cve/CVE-2025-38563"
},
{
"category": "external",
"summary": "SUSE Bug 1248306 for CVE-2025-38563",
"url": "https://bugzilla.suse.com/1248306"
},
{
"category": "external",
"summary": "SUSE Bug 1248307 for CVE-2025-38563",
"url": "https://bugzilla.suse.com/1248307"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38563"
},
{
"cve": "CVE-2025-38564",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38564"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Handle buffer mapping fail correctly in perf_mmap()\n\nAfter successful allocation of a buffer or a successful attachment to an\nexisting buffer perf_mmap() tries to map the buffer read only into the page\ntable. If that fails, the already set up page table entries are zapped, but\nthe other perf specific side effects of that failure are not handled. The\ncalling code just cleans up the VMA and does not invoke perf_mmap_close().\n\nThis leaks reference counts, corrupts user-\u003evm accounting and also results\nin an unbalanced invocation of event::event_mapped().\n\nCure this by moving the event::event_mapped() invocation before the\nmap_range() call so that on map_range() failure perf_mmap_close() can be\ninvoked without causing an unbalanced event::event_unmapped() call.\n\nperf_mmap_close() undoes the reference counts and eventually frees buffers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38564",
"url": "https://www.suse.com/security/cve/CVE-2025-38564"
},
{
"category": "external",
"summary": "SUSE Bug 1248367 for CVE-2025-38564",
"url": "https://bugzilla.suse.com/1248367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38564"
},
{
"cve": "CVE-2025-38565",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38565"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Exit early on perf_mmap() fail\n\nWhen perf_mmap() fails to allocate a buffer, it still invokes the\nevent_mapped() callback of the related event. On X86 this might increase\nthe perf_rdpmc_allowed reference counter. But nothing undoes this as\nperf_mmap_close() is never called in this case, which causes another\nreference count leak.\n\nReturn early on failure to prevent that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38565",
"url": "https://www.suse.com/security/cve/CVE-2025-38565"
},
{
"category": "external",
"summary": "SUSE Bug 1248377 for CVE-2025-38565",
"url": "https://bugzilla.suse.com/1248377"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "low"
}
],
"title": "CVE-2025-38565"
},
{
"cve": "CVE-2025-38566",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38566"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: fix handling of server side tls alerts\n\nScott Mayhew discovered a security exploit in NFS over TLS in\ntls_alert_recv() due to its assumption it can read data from\nthe msg iterator\u0027s kvec..\n\nkTLS implementation splits TLS non-data record payload between\nthe control message buffer (which includes the type such as TLS\naler or TLS cipher change) and the rest of the payload (say TLS\nalert\u0027s level/description) which goes into the msg payload buffer.\n\nThis patch proposes to rework how control messages are setup and\nused by sock_recvmsg().\n\nIf no control message structure is setup, kTLS layer will read and\nprocess TLS data record types. As soon as it encounters a TLS control\nmessage, it would return an error. At that point, NFS can setup a\nkvec backed msg buffer and read in the control message such as a\nTLS alert. Msg iterator can advance the kvec pointer as a part of\nthe copy process thus we need to revert the iterator before calling\ninto the tls_alert_recv.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38566",
"url": "https://www.suse.com/security/cve/CVE-2025-38566"
},
{
"category": "external",
"summary": "SUSE Bug 1248374 for CVE-2025-38566",
"url": "https://bugzilla.suse.com/1248374"
},
{
"category": "external",
"summary": "SUSE Bug 1248376 for CVE-2025-38566",
"url": "https://bugzilla.suse.com/1248376"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38566"
},
{
"cve": "CVE-2025-38568",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38568"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: mqprio: fix stack out-of-bounds write in tc entry parsing\n\nTCA_MQPRIO_TC_ENTRY_INDEX is validated using\nNLA_POLICY_MAX(NLA_U32, TC_QOPT_MAX_QUEUE), which allows the value\nTC_QOPT_MAX_QUEUE (16). This leads to a 4-byte out-of-bounds stack\nwrite in the fp[] array, which only has room for 16 elements (0-15).\n\nFix this by changing the policy to allow only up to TC_QOPT_MAX_QUEUE - 1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38568",
"url": "https://www.suse.com/security/cve/CVE-2025-38568"
},
{
"category": "external",
"summary": "SUSE Bug 1248386 for CVE-2025-38568",
"url": "https://bugzilla.suse.com/1248386"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38568"
},
{
"cve": "CVE-2025-38571",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38571"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: fix client side handling of tls alerts\n\nA security exploit was discovered in NFS over TLS in tls_alert_recv\ndue to its assumption that there is valid data in the msghdr\u0027s\niterator\u0027s kvec.\n\nInstead, this patch proposes the rework how control messages are\nsetup and used by sock_recvmsg().\n\nIf no control message structure is setup, kTLS layer will read and\nprocess TLS data record types. As soon as it encounters a TLS control\nmessage, it would return an error. At that point, NFS can setup a kvec\nbacked control buffer and read in the control message such as a TLS\nalert. Scott found that a msg iterator can advance the kvec pointer\nas a part of the copy process thus we need to revert the iterator\nbefore calling into the tls_alert_recv.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38571",
"url": "https://www.suse.com/security/cve/CVE-2025-38571"
},
{
"category": "external",
"summary": "SUSE Bug 1248401 for CVE-2025-38571",
"url": "https://bugzilla.suse.com/1248401"
},
{
"category": "external",
"summary": "SUSE Bug 1248402 for CVE-2025-38571",
"url": "https://bugzilla.suse.com/1248402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38571"
},
{
"cve": "CVE-2025-38572",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38572"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: reject malicious packets in ipv6_gso_segment()\n\nsyzbot was able to craft a packet with very long IPv6 extension headers\nleading to an overflow of skb-\u003etransport_header.\n\nThis 16bit field has a limited range.\n\nAdd skb_reset_transport_header_careful() helper and use it\nfrom ipv6_gso_segment()\n\nWARNING: CPU: 0 PID: 5871 at ./include/linux/skbuff.h:3032 skb_reset_transport_header include/linux/skbuff.h:3032 [inline]\nWARNING: CPU: 0 PID: 5871 at ./include/linux/skbuff.h:3032 ipv6_gso_segment+0x15e2/0x21e0 net/ipv6/ip6_offload.c:151\nModules linked in:\nCPU: 0 UID: 0 PID: 5871 Comm: syz-executor211 Not tainted 6.16.0-rc6-syzkaller-g7abc678e3084 #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025\n RIP: 0010:skb_reset_transport_header include/linux/skbuff.h:3032 [inline]\n RIP: 0010:ipv6_gso_segment+0x15e2/0x21e0 net/ipv6/ip6_offload.c:151\nCall Trace:\n \u003cTASK\u003e\n skb_mac_gso_segment+0x31c/0x640 net/core/gso.c:53\n nsh_gso_segment+0x54a/0xe10 net/nsh/nsh.c:110\n skb_mac_gso_segment+0x31c/0x640 net/core/gso.c:53\n __skb_gso_segment+0x342/0x510 net/core/gso.c:124\n skb_gso_segment include/net/gso.h:83 [inline]\n validate_xmit_skb+0x857/0x11b0 net/core/dev.c:3950\n validate_xmit_skb_list+0x84/0x120 net/core/dev.c:4000\n sch_direct_xmit+0xd3/0x4b0 net/sched/sch_generic.c:329\n __dev_xmit_skb net/core/dev.c:4102 [inline]\n __dev_queue_xmit+0x17b6/0x3a70 net/core/dev.c:4679",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38572",
"url": "https://www.suse.com/security/cve/CVE-2025-38572"
},
{
"category": "external",
"summary": "SUSE Bug 1248399 for CVE-2025-38572",
"url": "https://bugzilla.suse.com/1248399"
},
{
"category": "external",
"summary": "SUSE Bug 1248400 for CVE-2025-38572",
"url": "https://bugzilla.suse.com/1248400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38572"
},
{
"cve": "CVE-2025-38573",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38573"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: cs42l43: Property entry should be a null-terminated array\n\nThe software node does not specify a count of property entries, so the\narray must be null-terminated.\n\nWhen unterminated, this can lead to a fault in the downstream cs35l56\namplifier driver, because the node parse walks off the end of the\narray into unknown memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38573",
"url": "https://www.suse.com/security/cve/CVE-2025-38573"
},
{
"category": "external",
"summary": "SUSE Bug 1248396 for CVE-2025-38573",
"url": "https://bugzilla.suse.com/1248396"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38573"
},
{
"cve": "CVE-2025-38574",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38574"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npptp: ensure minimal skb length in pptp_xmit()\n\nCommit aabc6596ffb3 (\"net: ppp: Add bound checking for skb data\non ppp_sync_txmung\") fixed ppp_sync_txmunge()\n\nWe need a similar fix in pptp_xmit(), otherwise we might\nread uninit data as reported by syzbot.\n\nBUG: KMSAN: uninit-value in pptp_xmit+0xc34/0x2720 drivers/net/ppp/pptp.c:193\n pptp_xmit+0xc34/0x2720 drivers/net/ppp/pptp.c:193\n ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2290 [inline]\n ppp_input+0x1d6/0xe60 drivers/net/ppp/ppp_generic.c:2314\n pppoe_rcv_core+0x1e8/0x760 drivers/net/ppp/pppoe.c:379\n sk_backlog_rcv+0x142/0x420 include/net/sock.h:1148\n __release_sock+0x1d3/0x330 net/core/sock.c:3213\n release_sock+0x6b/0x270 net/core/sock.c:3767\n pppoe_sendmsg+0x15d/0xcb0 drivers/net/ppp/pppoe.c:904\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg+0x330/0x3d0 net/socket.c:727\n ____sys_sendmsg+0x893/0xd80 net/socket.c:2566\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2620\n __sys_sendmmsg+0x2d9/0x7c0 net/socket.c:2709",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38574",
"url": "https://www.suse.com/security/cve/CVE-2025-38574"
},
{
"category": "external",
"summary": "SUSE Bug 1248365 for CVE-2025-38574",
"url": "https://bugzilla.suse.com/1248365"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38574"
},
{
"cve": "CVE-2025-38576",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38576"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/eeh: Make EEH driver device hotplug safe\n\nMultiple race conditions existed between the PCIe hotplug driver and the\nEEH driver, leading to a variety of kernel oopses of the same general\nnature:\n\n\u003cpcie device unplug\u003e\n\u003ceeh driver trigger\u003e\n\u003chotplug removal trigger\u003e\n\u003cpcie tree reconfiguration\u003e\n\u003ceeh recovery next step\u003e\n\u003coops in EEH driver bus iteration loop\u003e\n\nA second class of oops is also seen when the underlying bus disappears\nduring device recovery.\n\nRefactor the EEH module to be PCI rescan and remove safe. Also clean\nup a few minor formatting / readability issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38576",
"url": "https://www.suse.com/security/cve/CVE-2025-38576"
},
{
"category": "external",
"summary": "SUSE Bug 1248354 for CVE-2025-38576",
"url": "https://bugzilla.suse.com/1248354"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38576"
},
{
"cve": "CVE-2025-38581",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38581"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: ccp - Fix crash when rebind ccp device for ccp.ko\n\nWhen CONFIG_CRYPTO_DEV_CCP_DEBUGFS is enabled, rebinding\nthe ccp device causes the following crash:\n\n$ echo \u00270000:0a:00.2\u0027 \u003e /sys/bus/pci/drivers/ccp/unbind\n$ echo \u00270000:0a:00.2\u0027 \u003e /sys/bus/pci/drivers/ccp/bind\n\n[ 204.976930] BUG: kernel NULL pointer dereference, address: 0000000000000098\n[ 204.978026] #PF: supervisor write access in kernel mode\n[ 204.979126] #PF: error_code(0x0002) - not-present page\n[ 204.980226] PGD 0 P4D 0\n[ 204.981317] Oops: Oops: 0002 [#1] SMP NOPTI\n...\n[ 204.997852] Call Trace:\n[ 204.999074] \u003cTASK\u003e\n[ 205.000297] start_creating+0x9f/0x1c0\n[ 205.001533] debugfs_create_dir+0x1f/0x170\n[ 205.002769] ? srso_return_thunk+0x5/0x5f\n[ 205.004000] ccp5_debugfs_setup+0x87/0x170 [ccp]\n[ 205.005241] ccp5_init+0x8b2/0x960 [ccp]\n[ 205.006469] ccp_dev_init+0xd4/0x150 [ccp]\n[ 205.007709] sp_init+0x5f/0x80 [ccp]\n[ 205.008942] sp_pci_probe+0x283/0x2e0 [ccp]\n[ 205.010165] ? srso_return_thunk+0x5/0x5f\n[ 205.011376] local_pci_probe+0x4f/0xb0\n[ 205.012584] pci_device_probe+0xdb/0x230\n[ 205.013810] really_probe+0xed/0x380\n[ 205.015024] __driver_probe_device+0x7e/0x160\n[ 205.016240] device_driver_attach+0x2f/0x60\n[ 205.017457] bind_store+0x7c/0xb0\n[ 205.018663] drv_attr_store+0x28/0x40\n[ 205.019868] sysfs_kf_write+0x5f/0x70\n[ 205.021065] kernfs_fop_write_iter+0x145/0x1d0\n[ 205.022267] vfs_write+0x308/0x440\n[ 205.023453] ksys_write+0x6d/0xe0\n[ 205.024616] __x64_sys_write+0x1e/0x30\n[ 205.025778] x64_sys_call+0x16ba/0x2150\n[ 205.026942] do_syscall_64+0x56/0x1e0\n[ 205.028108] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 205.029276] RIP: 0033:0x7fbc36f10104\n[ 205.030420] Code: 89 02 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8d 05 e1 08 2e 00 8b 00 85 c0 75 13 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 54 f3 c3 66 90 41 54 55 49 89 d4 53 48 89 f5\n\nThis patch sets ccp_debugfs_dir to NULL after destroying it in\nccp5_debugfs_destroy, allowing the directory dentry to be\nrecreated when rebinding the ccp device.\n\nTested on AMD Ryzen 7 1700X.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38581",
"url": "https://www.suse.com/security/cve/CVE-2025-38581"
},
{
"category": "external",
"summary": "SUSE Bug 1248345 for CVE-2025-38581",
"url": "https://bugzilla.suse.com/1248345"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38581"
},
{
"cve": "CVE-2025-38582",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38582"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix double destruction of rsv_qp\n\nrsv_qp may be double destroyed in error flow, first in free_mr_init(),\nand then in hns_roce_exit(). Fix it by moving the free_mr_init() call\ninto hns_roce_v2_init().\n\nlist_del corruption, ffff589732eb9b50-\u003enext is LIST_POISON1 (dead000000000100)\nWARNING: CPU: 8 PID: 1047115 at lib/list_debug.c:53 __list_del_entry_valid+0x148/0x240\n...\nCall trace:\n __list_del_entry_valid+0x148/0x240\n hns_roce_qp_remove+0x4c/0x3f0 [hns_roce_hw_v2]\n hns_roce_v2_destroy_qp_common+0x1dc/0x5f4 [hns_roce_hw_v2]\n hns_roce_v2_destroy_qp+0x22c/0x46c [hns_roce_hw_v2]\n free_mr_exit+0x6c/0x120 [hns_roce_hw_v2]\n hns_roce_v2_exit+0x170/0x200 [hns_roce_hw_v2]\n hns_roce_exit+0x118/0x350 [hns_roce_hw_v2]\n __hns_roce_hw_v2_init_instance+0x1c8/0x304 [hns_roce_hw_v2]\n hns_roce_hw_v2_reset_notify_init+0x170/0x21c [hns_roce_hw_v2]\n hns_roce_hw_v2_reset_notify+0x6c/0x190 [hns_roce_hw_v2]\n hclge_notify_roce_client+0x6c/0x160 [hclge]\n hclge_reset_rebuild+0x150/0x5c0 [hclge]\n hclge_reset+0x10c/0x140 [hclge]\n hclge_reset_subtask+0x80/0x104 [hclge]\n hclge_reset_service_task+0x168/0x3ac [hclge]\n hclge_service_task+0x50/0x100 [hclge]\n process_one_work+0x250/0x9a0\n worker_thread+0x324/0x990\n kthread+0x190/0x210\n ret_from_fork+0x10/0x18",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38582",
"url": "https://www.suse.com/security/cve/CVE-2025-38582"
},
{
"category": "external",
"summary": "SUSE Bug 1248349 for CVE-2025-38582",
"url": "https://bugzilla.suse.com/1248349"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38582"
},
{
"cve": "CVE-2025-38583",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38583"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: xilinx: vcu: unregister pll_post only if registered correctly\n\nIf registration of pll_post is failed, it will be set to NULL or ERR,\nunregistering same will fail with following call trace:\n\nUnable to handle kernel NULL pointer dereference at virtual address 008\npc : clk_hw_unregister+0xc/0x20\nlr : clk_hw_unregister_fixed_factor+0x18/0x30\nsp : ffff800011923850\n...\nCall trace:\n clk_hw_unregister+0xc/0x20\n clk_hw_unregister_fixed_factor+0x18/0x30\n xvcu_unregister_clock_provider+0xcc/0xf4 [xlnx_vcu]\n xvcu_probe+0x2bc/0x53c [xlnx_vcu]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38583",
"url": "https://www.suse.com/security/cve/CVE-2025-38583"
},
{
"category": "external",
"summary": "SUSE Bug 1248350 for CVE-2025-38583",
"url": "https://bugzilla.suse.com/1248350"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38583"
},
{
"cve": "CVE-2025-38584",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38584"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npadata: Fix pd UAF once and for all\n\nThere is a race condition/UAF in padata_reorder that goes back\nto the initial commit. A reference count is taken at the start\nof the process in padata_do_parallel, and released at the end in\npadata_serial_worker.\n\nThis reference count is (and only is) required for padata_replace\nto function correctly. If padata_replace is never called then\nthere is no issue.\n\nIn the function padata_reorder which serves as the core of padata,\nas soon as padata is added to queue-\u003eserial.list, and the associated\nspin lock released, that padata may be processed and the reference\ncount on pd would go away.\n\nFix this by getting the next padata before the squeue-\u003eserial lock\nis released.\n\nIn order to make this possible, simplify padata_reorder by only\ncalling it once the next padata arrives.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38584",
"url": "https://www.suse.com/security/cve/CVE-2025-38584"
},
{
"category": "external",
"summary": "SUSE Bug 1248343 for CVE-2025-38584",
"url": "https://bugzilla.suse.com/1248343"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38584"
},
{
"cve": "CVE-2025-38585",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38585"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int()\n\nWhen gmin_get_config_var() calls efi.get_variable() and the EFI variable\nis larger than the expected buffer size, two behaviors combine to create\na stack buffer overflow:\n\n1. gmin_get_config_var() does not return the proper error code when\n efi.get_variable() fails. It returns the stale \u0027ret\u0027 value from\n earlier operations instead of indicating the EFI failure.\n\n2. When efi.get_variable() returns EFI_BUFFER_TOO_SMALL, it updates\n *out_len to the required buffer size but writes no data to the output\n buffer. However, due to bug #1, gmin_get_var_int() believes the call\n succeeded.\n\nThe caller gmin_get_var_int() then performs:\n- Allocates val[CFG_VAR_NAME_MAX + 1] (65 bytes) on stack\n- Calls gmin_get_config_var(dev, is_gmin, var, val, \u0026len) with len=64\n- If EFI variable is \u003e64 bytes, efi.get_variable() sets len=required_size\n- Due to bug #1, thinks call succeeded with len=required_size\n- Executes val[len] = 0, writing past end of 65-byte stack buffer\n\nThis creates a stack buffer overflow when EFI variables are larger than\n64 bytes. Since EFI variables can be controlled by firmware or system\nconfiguration, this could potentially be exploited for code execution.\n\nFix the bug by returning proper error codes from gmin_get_config_var()\nbased on EFI status instead of stale \u0027ret\u0027 value.\n\nThe gmin_get_var_int() function is called during device initialization\nfor camera sensor configuration on Intel Bay Trail and Cherry Trail\nplatforms using the atomisp camera stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38585",
"url": "https://www.suse.com/security/cve/CVE-2025-38585"
},
{
"category": "external",
"summary": "SUSE Bug 1248355 for CVE-2025-38585",
"url": "https://bugzilla.suse.com/1248355"
},
{
"category": "external",
"summary": "SUSE Bug 1248671 for CVE-2025-38585",
"url": "https://bugzilla.suse.com/1248671"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38585"
},
{
"cve": "CVE-2025-38586",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38586"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, arm64: Fix fp initialization for exception boundary\n\nIn the ARM64 BPF JIT when prog-\u003eaux-\u003eexception_boundary is set for a BPF\nprogram, find_used_callee_regs() is not called because for a program\nacting as exception boundary, all callee saved registers are saved.\nfind_used_callee_regs() sets `ctx-\u003efp_used = true;` when it sees FP\nbeing used in any of the instructions.\n\nFor programs acting as exception boundary, ctx-\u003efp_used remains false\neven if frame pointer is used by the program and therefore, FP is not\nset-up for such programs in the prologue. This can cause the kernel to\ncrash due to a pagefault.\n\nFix it by setting ctx-\u003efp_used = true for exception boundary programs as\nfp is always saved in such programs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38586",
"url": "https://www.suse.com/security/cve/CVE-2025-38586"
},
{
"category": "external",
"summary": "SUSE Bug 1248359 for CVE-2025-38586",
"url": "https://bugzilla.suse.com/1248359"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38586"
},
{
"cve": "CVE-2025-38587",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38587"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix possible infinite loop in fib6_info_uses_dev()\n\nfib6_info_uses_dev() seems to rely on RCU without an explicit\nprotection.\n\nLike the prior fix in rt6_nlmsg_size(),\nwe need to make sure fib6_del_route() or fib6_add_rt2node()\nhave not removed the anchor from the list, or we risk an infinite loop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38587",
"url": "https://www.suse.com/security/cve/CVE-2025-38587"
},
{
"category": "external",
"summary": "SUSE Bug 1248361 for CVE-2025-38587",
"url": "https://bugzilla.suse.com/1248361"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38587"
},
{
"cve": "CVE-2025-38588",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38588"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent infinite loop in rt6_nlmsg_size()\n\nWhile testing prior patch, I was able to trigger\nan infinite loop in rt6_nlmsg_size() in the following place:\n\nlist_for_each_entry_rcu(sibling, \u0026f6i-\u003efib6_siblings,\n\t\t\tfib6_siblings) {\n\trt6_nh_nlmsg_size(sibling-\u003efib6_nh, \u0026nexthop_len);\n}\n\nThis is because fib6_del_route() and fib6_add_rt2node()\nuses list_del_rcu(), which can confuse rcu readers,\nbecause they might no longer see the head of the list.\n\nRestart the loop if f6i-\u003efib6_nsiblings is zero.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38588",
"url": "https://www.suse.com/security/cve/CVE-2025-38588"
},
{
"category": "external",
"summary": "SUSE Bug 1248368 for CVE-2025-38588",
"url": "https://bugzilla.suse.com/1248368"
},
{
"category": "external",
"summary": "SUSE Bug 1249241 for CVE-2025-38588",
"url": "https://bugzilla.suse.com/1249241"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38588"
},
{
"cve": "CVE-2025-38591",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38591"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Reject narrower access to pointer ctx fields\n\nThe following BPF program, simplified from a syzkaller repro, causes a\nkernel warning:\n\n r0 = *(u8 *)(r1 + 169);\n exit;\n\nWith pointer field sk being at offset 168 in __sk_buff. This access is\ndetected as a narrower read in bpf_skb_is_valid_access because it\ndoesn\u0027t match offsetof(struct __sk_buff, sk). It is therefore allowed\nand later proceeds to bpf_convert_ctx_access. Note that for the\n\"is_narrower_load\" case in the convert_ctx_accesses(), the insn-\u003eoff\nis aligned, so the cnt may not be 0 because it matches the\noffsetof(struct __sk_buff, sk) in the bpf_convert_ctx_access. However,\nthe target_size stays 0 and the verifier errors with a kernel warning:\n\n verifier bug: error during ctx access conversion(1)\n\nThis patch fixes that to return a proper \"invalid bpf_context access\noff=X size=Y\" error on the load instruction.\n\nThe same issue affects multiple other fields in context structures that\nallow narrow access. Some other non-affected fields (for sk_msg,\nsk_lookup, and sockopt) were also changed to use bpf_ctx_range_ptr for\nconsistency.\n\nNote this syzkaller crash was reported in the \"Closes\" link below, which\nused to be about a different bug, fixed in\ncommit fce7bd8e385a (\"bpf/verifier: Handle BPF_LOAD_ACQ instructions\nin insn_def_regno()\"). Because syzbot somehow confused the two bugs,\nthe new crash and repro didn\u0027t get reported to the mailing list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38591",
"url": "https://www.suse.com/security/cve/CVE-2025-38591"
},
{
"category": "external",
"summary": "SUSE Bug 1248363 for CVE-2025-38591",
"url": "https://bugzilla.suse.com/1248363"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38591"
},
{
"cve": "CVE-2025-38593",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38593"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_sync: fix double free in \u0027hci_discovery_filter_clear()\u0027\n\nFunction \u0027hci_discovery_filter_clear()\u0027 frees \u0027uuids\u0027 array and then\nsets it to NULL. There is a tiny chance of the following race:\n\n\u0027hci_cmd_sync_work()\u0027\n\n \u0027update_passive_scan_sync()\u0027\n\n \u0027hci_update_passive_scan_sync()\u0027\n\n \u0027hci_discovery_filter_clear()\u0027\n kfree(uuids);\n\n \u003c-------------------------preempted--------------------------------\u003e\n \u0027start_service_discovery()\u0027\n\n \u0027hci_discovery_filter_clear()\u0027\n kfree(uuids); // DOUBLE FREE\n\n \u003c-------------------------preempted--------------------------------\u003e\n\n uuids = NULL;\n\nTo fix it let\u0027s add locking around \u0027kfree()\u0027 call and NULL pointer\nassignment. Otherwise the following backtrace fires:\n\n[ ] ------------[ cut here ]------------\n[ ] kernel BUG at mm/slub.c:547!\n[ ] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP\n[ ] CPU: 3 UID: 0 PID: 246 Comm: bluetoothd Tainted: G O 6.12.19-kernel #1\n[ ] Tainted: [O]=OOT_MODULE\n[ ] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ ] pc : __slab_free+0xf8/0x348\n[ ] lr : __slab_free+0x48/0x348\n...\n[ ] Call trace:\n[ ] __slab_free+0xf8/0x348\n[ ] kfree+0x164/0x27c\n[ ] start_service_discovery+0x1d0/0x2c0\n[ ] hci_sock_sendmsg+0x518/0x924\n[ ] __sock_sendmsg+0x54/0x60\n[ ] sock_write_iter+0x98/0xf8\n[ ] do_iter_readv_writev+0xe4/0x1c8\n[ ] vfs_writev+0x128/0x2b0\n[ ] do_writev+0xfc/0x118\n[ ] __arm64_sys_writev+0x20/0x2c\n[ ] invoke_syscall+0x68/0xf0\n[ ] el0_svc_common.constprop.0+0x40/0xe0\n[ ] do_el0_svc+0x1c/0x28\n[ ] el0_svc+0x30/0xd0\n[ ] el0t_64_sync_handler+0x100/0x12c\n[ ] el0t_64_sync+0x194/0x198\n[ ] Code: 8b0002e6 eb17031f 54fffbe1 d503201f (d4210000)\n[ ] ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38593",
"url": "https://www.suse.com/security/cve/CVE-2025-38593"
},
{
"category": "external",
"summary": "SUSE Bug 1248357 for CVE-2025-38593",
"url": "https://bugzilla.suse.com/1248357"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38593"
},
{
"cve": "CVE-2025-38595",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38595"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen: fix UAF in dmabuf_exp_from_pages()\n\n[dma_buf_fd() fixes; no preferences regarding the tree it goes through -\nup to xen folks]\n\nAs soon as we\u0027d inserted a file reference into descriptor table, another\nthread could close it. That\u0027s fine for the case when all we are doing is\nreturning that descriptor to userland (it\u0027s a race, but it\u0027s a userland\nrace and there\u0027s nothing the kernel can do about it). However, if we\nfollow fd_install() with any kind of access to objects that would be\ndestroyed on close (be it the struct file itself or anything destroyed\nby its -\u003erelease()), we have a UAF.\n\ndma_buf_fd() is a combination of reserving a descriptor and fd_install().\ngntdev dmabuf_exp_from_pages() calls it and then proceeds to access the\nobjects destroyed on close - starting with gntdev_dmabuf itself.\n\nFix that by doing reserving descriptor before anything else and do\nfd_install() only when everything had been set up.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38595",
"url": "https://www.suse.com/security/cve/CVE-2025-38595"
},
{
"category": "external",
"summary": "SUSE Bug 1248380 for CVE-2025-38595",
"url": "https://bugzilla.suse.com/1248380"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38595"
},
{
"cve": "CVE-2025-38597",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38597"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port\n\nEach window of a vop2 is usable by a specific set of video ports, so while\nbinding the vop2, we look through the list of available windows trying to\nfind one designated as primary-plane and usable by that specific port.\n\nThe code later wants to use drm_crtc_init_with_planes with that found\nprimary plane, but nothing has checked so far if a primary plane was\nactually found.\n\nFor whatever reason, the rk3576 vp2 does not have a usable primary window\n(if vp0 is also in use) which brought the issue to light and ended in a\nnull-pointer dereference further down.\n\nAs we expect a primary-plane to exist for a video-port, add a check at\nthe end of the window-iteration and fail probing if none was found.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38597",
"url": "https://www.suse.com/security/cve/CVE-2025-38597"
},
{
"category": "external",
"summary": "SUSE Bug 1248378 for CVE-2025-38597",
"url": "https://bugzilla.suse.com/1248378"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38597"
},
{
"cve": "CVE-2025-38601",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38601"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: clear initialized flag for deinit-ed srng lists\n\nIn a number of cases we see kernel panics on resume due\nto ath11k kernel page fault, which happens under the\nfollowing circumstances:\n\n1) First ath11k_hal_dump_srng_stats() call\n\n Last interrupt received for each group:\n ath11k_pci 0000:01:00.0: group_id 0 22511ms before\n ath11k_pci 0000:01:00.0: group_id 1 14440788ms before\n [..]\n ath11k_pci 0000:01:00.0: failed to receive control response completion, polling..\n ath11k_pci 0000:01:00.0: Service connect timeout\n ath11k_pci 0000:01:00.0: failed to connect to HTT: -110\n ath11k_pci 0000:01:00.0: failed to start core: -110\n ath11k_pci 0000:01:00.0: firmware crashed: MHI_CB_EE_RDDM\n ath11k_pci 0000:01:00.0: already resetting count 2\n ath11k_pci 0000:01:00.0: failed to wait wlan mode request (mode 4): -110\n ath11k_pci 0000:01:00.0: qmi failed to send wlan mode off: -110\n ath11k_pci 0000:01:00.0: failed to reconfigure driver on crash recovery\n [..]\n\n2) At this point reconfiguration fails (we have 2 resets) and\n ath11k_core_reconfigure_on_crash() calls ath11k_hal_srng_deinit()\n which destroys srng lists. However, it does not reset per-list\n -\u003einitialized flag.\n\n3) Second ath11k_hal_dump_srng_stats() call sees stale -\u003einitialized\n flag and attempts to dump srng stats:\n\n Last interrupt received for each group:\n ath11k_pci 0000:01:00.0: group_id 0 66785ms before\n ath11k_pci 0000:01:00.0: group_id 1 14485062ms before\n ath11k_pci 0000:01:00.0: group_id 2 14485062ms before\n ath11k_pci 0000:01:00.0: group_id 3 14485062ms before\n ath11k_pci 0000:01:00.0: group_id 4 14780845ms before\n ath11k_pci 0000:01:00.0: group_id 5 14780845ms before\n ath11k_pci 0000:01:00.0: group_id 6 14485062ms before\n ath11k_pci 0000:01:00.0: group_id 7 66814ms before\n ath11k_pci 0000:01:00.0: group_id 8 68997ms before\n ath11k_pci 0000:01:00.0: group_id 9 67588ms before\n ath11k_pci 0000:01:00.0: group_id 10 69511ms before\n BUG: unable to handle page fault for address: ffffa007404eb010\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 100000067 P4D 100000067 PUD 10022d067 PMD 100b01067 PTE 0\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n RIP: 0010:ath11k_hal_dump_srng_stats+0x2b4/0x3b0 [ath11k]\n Call Trace:\n \u003cTASK\u003e\n ? __die_body+0xae/0xb0\n ? page_fault_oops+0x381/0x3e0\n ? exc_page_fault+0x69/0xa0\n ? asm_exc_page_fault+0x22/0x30\n ? ath11k_hal_dump_srng_stats+0x2b4/0x3b0 [ath11k (HASH:6cea 4)]\n ath11k_qmi_driver_event_work+0xbd/0x1050 [ath11k (HASH:6cea 4)]\n worker_thread+0x389/0x930\n kthread+0x149/0x170\n\nClear per-list -\u003einitialized flag in ath11k_hal_srng_deinit().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38601",
"url": "https://www.suse.com/security/cve/CVE-2025-38601"
},
{
"category": "external",
"summary": "SUSE Bug 1248340 for CVE-2025-38601",
"url": "https://bugzilla.suse.com/1248340"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38601"
},
{
"cve": "CVE-2025-38602",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38602"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niwlwifi: Add missing check for alloc_ordered_workqueue\n\nAdd check for the return value of alloc_ordered_workqueue since it may\nreturn NULL pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38602",
"url": "https://www.suse.com/security/cve/CVE-2025-38602"
},
{
"category": "external",
"summary": "SUSE Bug 1248341 for CVE-2025-38602",
"url": "https://bugzilla.suse.com/1248341"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38602"
},
{
"cve": "CVE-2025-38604",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38604"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtl818x: Kill URBs before clearing tx status queue\n\nIn rtl8187_stop() move the call of usb_kill_anchored_urbs() before clearing\nb_tx_status.queue. This change prevents callbacks from using already freed\nskb due to anchor was not killed before freeing such skb.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000080\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0000 [#1] SMP NOPTI\n CPU: 7 UID: 0 PID: 0 Comm: swapper/7 Not tainted 6.15.0 #8 PREEMPT(voluntary)\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 0.0.0 02/06/2015\n RIP: 0010:ieee80211_tx_status_irqsafe+0x21/0xc0 [mac80211]\n Call Trace:\n \u003cIRQ\u003e\n rtl8187_tx_cb+0x116/0x150 [rtl8187]\n __usb_hcd_giveback_urb+0x9d/0x120\n usb_giveback_urb_bh+0xbb/0x140\n process_one_work+0x19b/0x3c0\n bh_worker+0x1a7/0x210\n tasklet_action+0x10/0x30\n handle_softirqs+0xf0/0x340\n __irq_exit_rcu+0xcd/0xf0\n common_interrupt+0x85/0xa0\n \u003c/IRQ\u003e\n\nTested on RTL8187BvE device.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38604",
"url": "https://www.suse.com/security/cve/CVE-2025-38604"
},
{
"category": "external",
"summary": "SUSE Bug 1248333 for CVE-2025-38604",
"url": "https://bugzilla.suse.com/1248333"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38604"
},
{
"cve": "CVE-2025-38605",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38605"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type()\n\nIn ath12k_dp_tx_get_encap_type(), the arvif parameter is only used to\nretrieve the ab pointer. In vdev delete sequence the arvif-\u003ear could\nbecome NULL and that would trigger kernel panic.\nSince the caller ath12k_dp_tx() already has a valid ab pointer, pass it\ndirectly to avoid panic and unnecessary dereferencing.\n\nPC points to \"ath12k_dp_tx+0x228/0x988 [ath12k]\"\nLR points to \"ath12k_dp_tx+0xc8/0x988 [ath12k]\".\nThe Backtrace obtained is as follows:\nath12k_dp_tx+0x228/0x988 [ath12k]\nath12k_mac_tx_check_max_limit+0x608/0x920 [ath12k]\nieee80211_process_measurement_req+0x320/0x348 [mac80211]\nieee80211_tx_dequeue+0x9ac/0x1518 [mac80211]\nieee80211_tx_dequeue+0xb14/0x1518 [mac80211]\nieee80211_tx_prepare_skb+0x224/0x254 [mac80211]\nieee80211_xmit+0xec/0x100 [mac80211]\n__ieee80211_subif_start_xmit+0xc50/0xf40 [mac80211]\nieee80211_subif_start_xmit+0x2e8/0x308 [mac80211]\nnetdev_start_xmit+0x150/0x18c\ndev_hard_start_xmit+0x74/0xc0\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38605",
"url": "https://www.suse.com/security/cve/CVE-2025-38605"
},
{
"category": "external",
"summary": "SUSE Bug 1248334 for CVE-2025-38605",
"url": "https://bugzilla.suse.com/1248334"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38605"
},
{
"cve": "CVE-2025-38608",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38608"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls\n\nWhen sending plaintext data, we initially calculated the corresponding\nciphertext length. However, if we later reduced the plaintext data length\nvia socket policy, we failed to recalculate the ciphertext length.\n\nThis results in transmitting buffers containing uninitialized data during\nciphertext transmission.\n\nThis causes uninitialized bytes to be appended after a complete\n\"Application Data\" packet, leading to errors on the receiving end when\nparsing TLS record.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38608",
"url": "https://www.suse.com/security/cve/CVE-2025-38608"
},
{
"category": "external",
"summary": "SUSE Bug 1248338 for CVE-2025-38608",
"url": "https://bugzilla.suse.com/1248338"
},
{
"category": "external",
"summary": "SUSE Bug 1248670 for CVE-2025-38608",
"url": "https://bugzilla.suse.com/1248670"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38608"
},
{
"cve": "CVE-2025-38609",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38609"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPM / devfreq: Check governor before using governor-\u003ename\n\nCommit 96ffcdf239de (\"PM / devfreq: Remove redundant governor_name from\nstruct devfreq\") removes governor_name and uses governor-\u003ename to replace\nit. But devfreq-\u003egovernor may be NULL and directly using\ndevfreq-\u003egovernor-\u003ename may cause null pointer exception. Move the check of\ngovernor to before using governor-\u003ename.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38609",
"url": "https://www.suse.com/security/cve/CVE-2025-38609"
},
{
"category": "external",
"summary": "SUSE Bug 1248337 for CVE-2025-38609",
"url": "https://bugzilla.suse.com/1248337"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38609"
},
{
"cve": "CVE-2025-38610",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38610"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw()\n\nThe get_pd_power_uw() function can crash with a NULL pointer dereference\nwhen em_cpu_get() returns NULL. This occurs when a CPU becomes impossible\nduring runtime, causing get_cpu_device() to return NULL, which propagates\nthrough em_cpu_get() and leads to a crash when em_span_cpus() dereferences\nthe NULL pointer.\n\nAdd a NULL check after em_cpu_get() and return 0 if unavailable,\nmatching the existing fallback behavior in __dtpm_cpu_setup().\n\n[ rjw: Drop an excess empty code line ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38610",
"url": "https://www.suse.com/security/cve/CVE-2025-38610"
},
{
"category": "external",
"summary": "SUSE Bug 1248395 for CVE-2025-38610",
"url": "https://bugzilla.suse.com/1248395"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38610"
},
{
"cve": "CVE-2025-38612",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38612"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc()\n\nIn the error paths after fb_info structure is successfully allocated,\nthe memory allocated in fb_deferred_io_init() for info-\u003epagerefs is not\nfreed. Fix that by adding the cleanup function on the error path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38612",
"url": "https://www.suse.com/security/cve/CVE-2025-38612"
},
{
"category": "external",
"summary": "SUSE Bug 1248390 for CVE-2025-38612",
"url": "https://bugzilla.suse.com/1248390"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38612"
},
{
"cve": "CVE-2025-38614",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38614"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\neventpoll: Fix semi-unbounded recursion\n\nEnsure that epoll instances can never form a graph deeper than\nEP_MAX_NESTS+1 links.\n\nCurrently, ep_loop_check_proc() ensures that the graph is loop-free and\ndoes some recursion depth checks, but those recursion depth checks don\u0027t\nlimit the depth of the resulting tree for two reasons:\n\n - They don\u0027t look upwards in the tree.\n - If there are multiple downwards paths of different lengths, only one of\n the paths is actually considered for the depth check since commit\n 28d82dc1c4ed (\"epoll: limit paths\").\n\nEssentially, the current recursion depth check in ep_loop_check_proc() just\nserves to prevent it from recursing too deeply while checking for loops.\n\nA more thorough check is done in reverse_path_check() after the new graph\nedge has already been created; this checks, among other things, that no\npaths going upwards from any non-epoll file with a length of more than 5\nedges exist. However, this check does not apply to non-epoll files.\n\nAs a result, it is possible to recurse to a depth of at least roughly 500,\ntested on v6.15. (I am unsure if deeper recursion is possible; and this may\nhave changed with commit 8c44dac8add7 (\"eventpoll: Fix priority inversion\nproblem\").)\n\nTo fix it:\n\n1. In ep_loop_check_proc(), note the subtree depth of each visited node,\nand use subtree depths for the total depth calculation even when a subtree\nhas already been visited.\n2. Add ep_get_upwards_depth_proc() for similarly determining the maximum\ndepth of an upwards walk.\n3. In ep_loop_check(), use these values to limit the total path length\nbetween epoll nodes to EP_MAX_NESTS edges.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38614",
"url": "https://www.suse.com/security/cve/CVE-2025-38614"
},
{
"category": "external",
"summary": "SUSE Bug 1248392 for CVE-2025-38614",
"url": "https://bugzilla.suse.com/1248392"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38614"
},
{
"cve": "CVE-2025-38616",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38616"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: handle data disappearing from under the TLS ULP\n\nTLS expects that it owns the receive queue of the TCP socket.\nThis cannot be guaranteed in case the reader of the TCP socket\nentered before the TLS ULP was installed, or uses some non-standard\nread API (eg. zerocopy ones). Replace the WARN_ON() and a buggy\nearly exit (which leaves anchor pointing to a freed skb) with real\nerror handling. Wipe the parsing state and tell the reader to retry.\n\nWe already reload the anchor every time we (re)acquire the socket lock,\nso the only condition we need to avoid is an out of bounds read\n(not having enough bytes in the socket for previously parsed record len).\n\nIf some data was read from under TLS but there\u0027s enough in the queue\nwe\u0027ll reload and decrypt what is most likely not a valid TLS record.\nLeading to some undefined behavior from TLS perspective (corrupting\na stream? missing an alert? missing an attack?) but no kernel crash\nshould take place.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38616",
"url": "https://www.suse.com/security/cve/CVE-2025-38616"
},
{
"category": "external",
"summary": "SUSE Bug 1248512 for CVE-2025-38616",
"url": "https://bugzilla.suse.com/1248512"
},
{
"category": "external",
"summary": "SUSE Bug 1249537 for CVE-2025-38616",
"url": "https://bugzilla.suse.com/1249537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38616"
},
{
"cve": "CVE-2025-38617",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38617"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/packet: fix a race in packet_set_ring() and packet_notifier()\n\nWhen packet_set_ring() releases po-\u003ebind_lock, another thread can\nrun packet_notifier() and process an NETDEV_UP event.\n\nThis race and the fix are both similar to that of commit 15fe076edea7\n(\"net/packet: fix a race in packet_bind() and packet_notifier()\").\n\nThere too the packet_notifier NETDEV_UP event managed to run while a\npo-\u003ebind_lock critical section had to be temporarily released. And\nthe fix was similarly to temporarily set po-\u003enum to zero to keep\nthe socket unhooked until the lock is retaken.\n\nThe po-\u003ebind_lock in packet_set_ring and packet_notifier precede the\nintroduction of git history.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38617",
"url": "https://www.suse.com/security/cve/CVE-2025-38617"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-38617",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1248621 for CVE-2025-38617",
"url": "https://bugzilla.suse.com/1248621"
},
{
"category": "external",
"summary": "SUSE Bug 1249208 for CVE-2025-38617",
"url": "https://bugzilla.suse.com/1249208"
},
{
"category": "external",
"summary": "SUSE Bug 1253291 for CVE-2025-38617",
"url": "https://bugzilla.suse.com/1253291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38617"
},
{
"cve": "CVE-2025-38618",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38618"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Do not allow binding to VMADDR_PORT_ANY\n\nIt is possible for a vsock to autobind to VMADDR_PORT_ANY. This can\ncause a use-after-free when a connection is made to the bound socket.\nThe socket returned by accept() also has port VMADDR_PORT_ANY but is not\non the list of unbound sockets. Binding it will result in an extra\nrefcount decrement similar to the one fixed in fcdd2242c023 (vsock: Keep\nthe binding until socket destruction).\n\nModify the check in __vsock_bind_connectible() to also prevent binding\nto VMADDR_PORT_ANY.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38618",
"url": "https://www.suse.com/security/cve/CVE-2025-38618"
},
{
"category": "external",
"summary": "SUSE Bug 1248511 for CVE-2025-38618",
"url": "https://bugzilla.suse.com/1248511"
},
{
"category": "external",
"summary": "SUSE Bug 1249207 for CVE-2025-38618",
"url": "https://bugzilla.suse.com/1249207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38618"
},
{
"cve": "CVE-2025-38619",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38619"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: ti: j721e-csi2rx: fix list_del corruption\n\nIf ti_csi2rx_start_dma() fails in ti_csi2rx_dma_callback(), the buffer is\nmarked done with VB2_BUF_STATE_ERROR but is not removed from the DMA queue.\nThis causes the same buffer to be retried in the next iteration, resulting\nin a double list_del() and eventual list corruption.\n\nFix this by removing the buffer from the queue before calling\nvb2_buffer_done() on error.\n\nThis resolves a crash due to list_del corruption:\n[ 37.811243] j721e-csi2rx 30102000.ticsi2rx: Failed to queue the next buffer for DMA\n[ 37.832187] slab kmalloc-2k start ffff00000255b000 pointer offset 1064 size 2048\n[ 37.839761] list_del corruption. next-\u003eprev should be ffff00000255bc28, but was ffff00000255d428. (next=ffff00000255b428)\n[ 37.850799] ------------[ cut here ]------------\n[ 37.855424] kernel BUG at lib/list_debug.c:65!\n[ 37.859876] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP\n[ 37.866061] Modules linked in: i2c_dev usb_f_rndis u_ether libcomposite dwc3 udc_core usb_common aes_ce_blk aes_ce_cipher ghash_ce gf128mul sha1_ce cpufreq_dt dwc3_am62 phy_gmii_sel sa2ul\n[ 37.882830] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.16.0-rc3+ #28 VOLUNTARY\n[ 37.890851] Hardware name: Bosch STLA-GSRV2-B0 (DT)\n[ 37.895737] pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 37.902703] pc : __list_del_entry_valid_or_report+0xdc/0x114\n[ 37.908390] lr : __list_del_entry_valid_or_report+0xdc/0x114\n[ 37.914059] sp : ffff800080003db0\n[ 37.917375] x29: ffff800080003db0 x28: 0000000000000007 x27: ffff800080e50000\n[ 37.924521] x26: 0000000000000000 x25: ffff0000016abb50 x24: dead000000000122\n[ 37.931666] x23: ffff0000016abb78 x22: ffff0000016ab080 x21: ffff800080003de0\n[ 37.938810] x20: ffff00000255bc00 x19: ffff00000255b800 x18: 000000000000000a\n[ 37.945956] x17: 20747562202c3832 x16: 6362353532303030 x15: 0720072007200720\n[ 37.953101] x14: 0720072007200720 x13: 0720072007200720 x12: 00000000ffffffea\n[ 37.960248] x11: ffff800080003b18 x10: 00000000ffffefff x9 : ffff800080f5b568\n[ 37.967396] x8 : ffff800080f5b5c0 x7 : 0000000000017fe8 x6 : c0000000ffffefff\n[ 37.974542] x5 : ffff00000fea6688 x4 : 0000000000000000 x3 : 0000000000000000\n[ 37.981686] x2 : 0000000000000000 x1 : ffff800080ef2b40 x0 : 000000000000006d\n[ 37.988832] Call trace:\n[ 37.991281] __list_del_entry_valid_or_report+0xdc/0x114 (P)\n[ 37.996959] ti_csi2rx_dma_callback+0x84/0x1c4\n[ 38.001419] udma_vchan_complete+0x1e0/0x344\n[ 38.005705] tasklet_action_common+0x118/0x310\n[ 38.010163] tasklet_action+0x30/0x3c\n[ 38.013832] handle_softirqs+0x10c/0x2e0\n[ 38.017761] __do_softirq+0x14/0x20\n[ 38.021256] ____do_softirq+0x10/0x20\n[ 38.024931] call_on_irq_stack+0x24/0x60\n[ 38.028873] do_softirq_own_stack+0x1c/0x40\n[ 38.033064] __irq_exit_rcu+0x130/0x15c\n[ 38.036909] irq_exit_rcu+0x10/0x20\n[ 38.040403] el1_interrupt+0x38/0x60\n[ 38.043987] el1h_64_irq_handler+0x18/0x24\n[ 38.048091] el1h_64_irq+0x6c/0x70\n[ 38.051501] default_idle_call+0x34/0xe0 (P)\n[ 38.055783] do_idle+0x1f8/0x250\n[ 38.059021] cpu_startup_entry+0x34/0x3c\n[ 38.062951] rest_init+0xb4/0xc0\n[ 38.066186] console_on_rootfs+0x0/0x6c\n[ 38.070031] __primary_switched+0x88/0x90\n[ 38.074059] Code: b00037e0 91378000 f9400462 97e9bf49 (d4210000)\n[ 38.080168] ---[ end trace 0000000000000000 ]---\n[ 38.084795] Kernel panic - not syncing: Oops - BUG: Fatal exception in interrupt\n[ 38.092197] SMP: stopping secondary CPUs\n[ 38.096139] Kernel Offset: disabled\n[ 38.099631] CPU features: 0x0000,00002000,02000801,0400420b\n[ 38.105202] Memory Limit: none\n[ 38.108260] ---[ end Kernel panic - not syncing: Oops - BUG: Fatal exception in interrupt ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38619",
"url": "https://www.suse.com/security/cve/CVE-2025-38619"
},
{
"category": "external",
"summary": "SUSE Bug 1248664 for CVE-2025-38619",
"url": "https://bugzilla.suse.com/1248664"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38619"
},
{
"cve": "CVE-2025-38621",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38621"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: make rdev_addable usable for rcu mode\n\nOur testcase trigger panic:\n\nBUG: kernel NULL pointer dereference, address: 00000000000000e0\n...\nOops: Oops: 0000 [#1] SMP NOPTI\nCPU: 2 UID: 0 PID: 85 Comm: kworker/2:1 Not tainted 6.16.0+ #94\nPREEMPT(none)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.16.1-2.fc37 04/01/2014\nWorkqueue: md_misc md_start_sync\nRIP: 0010:rdev_addable+0x4d/0xf0\n...\nCall Trace:\n \u003cTASK\u003e\n md_start_sync+0x329/0x480\n process_one_work+0x226/0x6d0\n worker_thread+0x19e/0x340\n kthread+0x10f/0x250\n ret_from_fork+0x14d/0x180\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\nModules linked in: raid10\nCR2: 00000000000000e0\n---[ end trace 0000000000000000 ]---\nRIP: 0010:rdev_addable+0x4d/0xf0\n\nmd_spares_need_change in md_start_sync will call rdev_addable which\nprotected by rcu_read_lock/rcu_read_unlock. This rcu context will help\nprotect rdev won\u0027t be released, but rdev-\u003emddev will be set to NULL\nbefore we call synchronize_rcu in md_kick_rdev_from_array. Fix this by\nusing READ_ONCE and check does rdev-\u003emddev still alive.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38621",
"url": "https://www.suse.com/security/cve/CVE-2025-38621"
},
{
"category": "external",
"summary": "SUSE Bug 1248609 for CVE-2025-38621",
"url": "https://bugzilla.suse.com/1248609"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38621"
},
{
"cve": "CVE-2025-38622",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38622"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: drop UFO packets in udp_rcv_segment()\n\nWhen sending a packet with virtio_net_hdr to tun device, if the gso_type\nin virtio_net_hdr is SKB_GSO_UDP and the gso_size is less than udphdr\nsize, below crash may happen.\n\n ------------[ cut here ]------------\n kernel BUG at net/core/skbuff.c:4572!\n Oops: invalid opcode: 0000 [#1] SMP NOPTI\n CPU: 0 UID: 0 PID: 62 Comm: mytest Not tainted 6.16.0-rc7 #203 PREEMPT(voluntary)\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n RIP: 0010:skb_pull_rcsum+0x8e/0xa0\n Code: 00 00 5b c3 cc cc cc cc 8b 93 88 00 00 00 f7 da e8 37 44 38 00 f7 d8 89 83 88 00 00 00 48 8b 83 c8 00 00 00 5b c3 cc cc cc cc \u003c0f\u003e 0b 0f 0b 66 66 2e 0f 1f 84 00 000\n RSP: 0018:ffffc900001fba38 EFLAGS: 00000297\n RAX: 0000000000000004 RBX: ffff8880040c1000 RCX: ffffc900001fb948\n RDX: ffff888003e6d700 RSI: 0000000000000008 RDI: ffff88800411a062\n RBP: ffff8880040c1000 R08: 0000000000000000 R09: 0000000000000001\n R10: ffff888003606c00 R11: 0000000000000001 R12: 0000000000000000\n R13: ffff888004060900 R14: ffff888004050000 R15: ffff888004060900\n FS: 000000002406d3c0(0000) GS:ffff888084a19000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000020000040 CR3: 0000000004007000 CR4: 00000000000006f0\n Call Trace:\n \u003cTASK\u003e\n udp_queue_rcv_one_skb+0x176/0x4b0 net/ipv4/udp.c:2445\n udp_queue_rcv_skb+0x155/0x1f0 net/ipv4/udp.c:2475\n udp_unicast_rcv_skb+0x71/0x90 net/ipv4/udp.c:2626\n __udp4_lib_rcv+0x433/0xb00 net/ipv4/udp.c:2690\n ip_protocol_deliver_rcu+0xa6/0x160 net/ipv4/ip_input.c:205\n ip_local_deliver_finish+0x72/0x90 net/ipv4/ip_input.c:233\n ip_sublist_rcv_finish+0x5f/0x70 net/ipv4/ip_input.c:579\n ip_sublist_rcv+0x122/0x1b0 net/ipv4/ip_input.c:636\n ip_list_rcv+0xf7/0x130 net/ipv4/ip_input.c:670\n __netif_receive_skb_list_core+0x21d/0x240 net/core/dev.c:6067\n netif_receive_skb_list_internal+0x186/0x2b0 net/core/dev.c:6210\n napi_complete_done+0x78/0x180 net/core/dev.c:6580\n tun_get_user+0xa63/0x1120 drivers/net/tun.c:1909\n tun_chr_write_iter+0x65/0xb0 drivers/net/tun.c:1984\n vfs_write+0x300/0x420 fs/read_write.c:593\n ksys_write+0x60/0xd0 fs/read_write.c:686\n do_syscall_64+0x50/0x1c0 arch/x86/entry/syscall_64.c:63\n \u003c/TASK\u003e\n\nTo trigger gso segment in udp_queue_rcv_skb(), we should also set option\nUDP_ENCAP_ESPINUDP to enable udp_sk(sk)-\u003eencap_rcv. When the encap_rcv\nhook return 1 in udp_queue_rcv_one_skb(), udp_csum_pull_header() will try\nto pull udphdr, but the skb size has been segmented to gso size, which\nleads to this crash.\n\nPrevious commit cf329aa42b66 (\"udp: cope with UDP GRO packet misdirection\")\nintroduces segmentation in UDP receive path only for GRO, which was never\nintended to be used for UFO, so drop UFO packets in udp_rcv_segment().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38622",
"url": "https://www.suse.com/security/cve/CVE-2025-38622"
},
{
"category": "external",
"summary": "SUSE Bug 1248619 for CVE-2025-38622",
"url": "https://bugzilla.suse.com/1248619"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38622"
},
{
"cve": "CVE-2025-38623",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38623"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: pnv_php: Fix surprise plug detection and recovery\n\nThe existing PowerNV hotplug code did not handle surprise plug events\ncorrectly, leading to a complete failure of the hotplug system after device\nremoval and a required reboot to detect new devices.\n\nThis comes down to two issues:\n\n 1) When a device is surprise removed, often the bridge upstream\n port will cause a PE freeze on the PHB. If this freeze is not\n cleared, the MSI interrupts from the bridge hotplug notification\n logic will not be received by the kernel, stalling all plug events\n on all slots associated with the PE.\n\n 2) When a device is removed from a slot, regardless of surprise or\n programmatic removal, the associated PHB/PE ls left frozen.\n If this freeze is not cleared via a fundamental reset, skiboot\n is unable to clear the freeze and cannot retrain / rescan the\n slot. This also requires a reboot to clear the freeze and redetect\n the device in the slot.\n\nIssue the appropriate unfreeze and rescan commands on hotplug events,\nand don\u0027t oops on hotplug if pci_bus_to_OF_node() returns NULL.\n\n[bhelgaas: tidy comments]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38623",
"url": "https://www.suse.com/security/cve/CVE-2025-38623"
},
{
"category": "external",
"summary": "SUSE Bug 1248610 for CVE-2025-38623",
"url": "https://bugzilla.suse.com/1248610"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "low"
}
],
"title": "CVE-2025-38623"
},
{
"cve": "CVE-2025-38624",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38624"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: pnv_php: Clean up allocated IRQs on unplug\n\nWhen the root of a nested PCIe bridge configuration is unplugged, the\npnv_php driver leaked the allocated IRQ resources for the child bridges\u0027\nhotplug event notifications, resulting in a panic.\n\nFix this by walking all child buses and deallocating all its IRQ resources\nbefore calling pci_hp_remove_devices().\n\nAlso modify the lifetime of the workqueue at struct pnv_php_slot::wq so\nthat it is only destroyed in pnv_php_free_slot(), instead of\npnv_php_disable_irq(). This is required since pnv_php_disable_irq() will\nnow be called by workers triggered by hot unplug interrupts, so the\nworkqueue needs to stay allocated.\n\nThe abridged kernel panic that occurs without this patch is as follows:\n\n WARNING: CPU: 0 PID: 687 at kernel/irq/msi.c:292 msi_device_data_release+0x6c/0x9c\n CPU: 0 UID: 0 PID: 687 Comm: bash Not tainted 6.14.0-rc5+ #2\n Call Trace:\n msi_device_data_release+0x34/0x9c (unreliable)\n release_nodes+0x64/0x13c\n devres_release_all+0xc0/0x140\n device_del+0x2d4/0x46c\n pci_destroy_dev+0x5c/0x194\n pci_hp_remove_devices+0x90/0x128\n pci_hp_remove_devices+0x44/0x128\n pnv_php_disable_slot+0x54/0xd4\n power_write_file+0xf8/0x18c\n pci_slot_attr_store+0x40/0x5c\n sysfs_kf_write+0x64/0x78\n kernfs_fop_write_iter+0x1b0/0x290\n vfs_write+0x3bc/0x50c\n ksys_write+0x84/0x140\n system_call_exception+0x124/0x230\n system_call_vectored_common+0x15c/0x2ec\n\n[bhelgaas: tidy comments]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38624",
"url": "https://www.suse.com/security/cve/CVE-2025-38624"
},
{
"category": "external",
"summary": "SUSE Bug 1248617 for CVE-2025-38624",
"url": "https://bugzilla.suse.com/1248617"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38624"
},
{
"cve": "CVE-2025-38628",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38628"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa/mlx5: Fix release of uninitialized resources on error path\n\nThe commit in the fixes tag made sure that mlx5_vdpa_free()\nis the single entrypoint for removing the vdpa device resources\nadded in mlx5_vdpa_dev_add(), even in the cleanup path of\nmlx5_vdpa_dev_add().\n\nThis means that all functions from mlx5_vdpa_free() should be able to\nhandle uninitialized resources. This was not the case though:\nmlx5_vdpa_destroy_mr_resources() and mlx5_cmd_cleanup_async_ctx()\nwere not able to do so. This caused the splat below when adding\na vdpa device without a MAC address.\n\nThis patch fixes these remaining issues:\n\n- Makes mlx5_vdpa_destroy_mr_resources() return early if called on\n uninitialized resources.\n\n- Moves mlx5_cmd_init_async_ctx() early on during device addition\n because it can\u0027t fail. This means that mlx5_cmd_cleanup_async_ctx()\n also can\u0027t fail. To mirror this, move the call site of\n mlx5_cmd_cleanup_async_ctx() in mlx5_vdpa_free().\n\nAn additional comment was added in mlx5_vdpa_free() to document\nthe expectations of functions called from this context.\n\nSplat:\n\n mlx5_core 0000:b5:03.2: mlx5_vdpa_dev_add:3950:(pid 2306) warning: No mac address provisioned?\n ------------[ cut here ]------------\n WARNING: CPU: 13 PID: 2306 at kernel/workqueue.c:4207 __flush_work+0x9a/0xb0\n [...]\n Call Trace:\n \u003cTASK\u003e\n ? __try_to_del_timer_sync+0x61/0x90\n ? __timer_delete_sync+0x2b/0x40\n mlx5_vdpa_destroy_mr_resources+0x1c/0x40 [mlx5_vdpa]\n mlx5_vdpa_free+0x45/0x160 [mlx5_vdpa]\n vdpa_release_dev+0x1e/0x50 [vdpa]\n device_release+0x31/0x90\n kobject_cleanup+0x37/0x130\n mlx5_vdpa_dev_add+0x327/0x890 [mlx5_vdpa]\n vdpa_nl_cmd_dev_add_set_doit+0x2c1/0x4d0 [vdpa]\n genl_family_rcv_msg_doit+0xd8/0x130\n genl_family_rcv_msg+0x14b/0x220\n ? __pfx_vdpa_nl_cmd_dev_add_set_doit+0x10/0x10 [vdpa]\n genl_rcv_msg+0x47/0xa0\n ? __pfx_genl_rcv_msg+0x10/0x10\n netlink_rcv_skb+0x53/0x100\n genl_rcv+0x24/0x40\n netlink_unicast+0x27b/0x3b0\n netlink_sendmsg+0x1f7/0x430\n __sys_sendto+0x1fa/0x210\n ? ___pte_offset_map+0x17/0x160\n ? next_uptodate_folio+0x85/0x2b0\n ? percpu_counter_add_batch+0x51/0x90\n ? filemap_map_pages+0x515/0x660\n __x64_sys_sendto+0x20/0x30\n do_syscall_64+0x7b/0x2c0\n ? do_read_fault+0x108/0x220\n ? do_pte_missing+0x14a/0x3e0\n ? __handle_mm_fault+0x321/0x730\n ? count_memcg_events+0x13f/0x180\n ? handle_mm_fault+0x1fb/0x2d0\n ? do_user_addr_fault+0x20c/0x700\n ? syscall_exit_work+0x104/0x140\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n RIP: 0033:0x7f0c25b0feca\n [...]\n ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38628",
"url": "https://www.suse.com/security/cve/CVE-2025-38628"
},
{
"category": "external",
"summary": "SUSE Bug 1248616 for CVE-2025-38628",
"url": "https://bugzilla.suse.com/1248616"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38628"
},
{
"cve": "CVE-2025-38630",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38630"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref\n\nfb_add_videomode() can fail with -ENOMEM when its internal kmalloc() cannot\nallocate a struct fb_modelist. If that happens, the modelist stays empty but\nthe driver continues to register. Add a check for its return value to prevent\npoteintial null-ptr-deref, which is similar to the commit 17186f1f90d3 (\"fbdev:\nFix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38630",
"url": "https://www.suse.com/security/cve/CVE-2025-38630"
},
{
"category": "external",
"summary": "SUSE Bug 1248575 for CVE-2025-38630",
"url": "https://bugzilla.suse.com/1248575"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38630"
},
{
"cve": "CVE-2025-38631",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38631"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: imx95-blk-ctl: Fix synchronous abort\n\nWhen enabling runtime PM for clock suppliers that also belong to a power\ndomain, the following crash is thrown:\nerror: synchronous external abort: 0000000096000010 [#1] PREEMPT SMP\nWorkqueue: events_unbound deferred_probe_work_func\npstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : clk_mux_get_parent+0x60/0x90\nlr : clk_core_reparent_orphans_nolock+0x58/0xd8\n Call trace:\n clk_mux_get_parent+0x60/0x90\n clk_core_reparent_orphans_nolock+0x58/0xd8\n of_clk_add_hw_provider.part.0+0x90/0x100\n of_clk_add_hw_provider+0x1c/0x38\n imx95_bc_probe+0x2e0/0x3f0\n platform_probe+0x70/0xd8\n\nEnabling runtime PM without explicitly resuming the device caused\nthe power domain cut off after clk_register() is called. As a result,\na crash happens when the clock hardware provider is added and attempts\nto access the BLK_CTL register.\n\nFix this by using devm_pm_runtime_enable() instead of pm_runtime_enable()\nand getting rid of the pm_runtime_disable() in the cleanup path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38631",
"url": "https://www.suse.com/security/cve/CVE-2025-38631"
},
{
"category": "external",
"summary": "SUSE Bug 1248662 for CVE-2025-38631",
"url": "https://bugzilla.suse.com/1248662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38631"
},
{
"cve": "CVE-2025-38632",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38632"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npinmux: fix race causing mux_owner NULL with active mux_usecount\n\ncommit 5a3e85c3c397 (\"pinmux: Use sequential access to access\ndesc-\u003epinmux data\") tried to address the issue when two client of the\nsame gpio calls pinctrl_select_state() for the same functionality, was\nresulting in NULL pointer issue while accessing desc-\u003emux_owner.\nHowever, issue was not completely fixed due to the way it was handled\nand it can still result in the same NULL pointer.\n\nThe issue occurs due to the following interleaving:\n\n cpu0 (process A) cpu1 (process B)\n\n pin_request() { pin_free() {\n\n mutex_lock()\n desc-\u003emux_usecount--; //becomes 0\n ..\n mutex_unlock()\n\n mutex_lock(desc-\u003emux)\n desc-\u003emux_usecount++; // becomes 1\n desc-\u003emux_owner = owner;\n mutex_unlock(desc-\u003emux)\n\n mutex_lock(desc-\u003emux)\n desc-\u003emux_owner = NULL;\n mutex_unlock(desc-\u003emux)\n\nThis sequence leads to a state where the pin appears to be in use\n(`mux_usecount == 1`) but has no owner (`mux_owner == NULL`), which can\ncause NULL pointer on next pin_request on the same pin.\n\nEnsure that updates to mux_usecount and mux_owner are performed\natomically under the same lock. Only clear mux_owner when mux_usecount\nreaches zero and no new owner has been assigned.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38632",
"url": "https://www.suse.com/security/cve/CVE-2025-38632"
},
{
"category": "external",
"summary": "SUSE Bug 1248669 for CVE-2025-38632",
"url": "https://bugzilla.suse.com/1248669"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38632"
},
{
"cve": "CVE-2025-38634",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38634"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npower: supply: cpcap-charger: Fix null check for power_supply_get_by_name\n\nIn the cpcap_usb_detect() function, the power_supply_get_by_name()\nfunction may return `NULL` instead of an error pointer.\nTo prevent potential null pointer dereferences, Added a null check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38634",
"url": "https://www.suse.com/security/cve/CVE-2025-38634"
},
{
"category": "external",
"summary": "SUSE Bug 1248666 for CVE-2025-38634",
"url": "https://bugzilla.suse.com/1248666"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38634"
},
{
"cve": "CVE-2025-38635",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38635"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: davinci: Add NULL check in davinci_lpsc_clk_register()\n\ndevm_kasprintf() returns NULL when memory allocation fails. Currently,\ndavinci_lpsc_clk_register() does not check for this case, which results\nin a NULL pointer dereference.\n\nAdd NULL check after devm_kasprintf() to prevent this issue and ensuring\nno resources are left allocated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38635",
"url": "https://www.suse.com/security/cve/CVE-2025-38635"
},
{
"category": "external",
"summary": "SUSE Bug 1248573 for CVE-2025-38635",
"url": "https://bugzilla.suse.com/1248573"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38635"
},
{
"cve": "CVE-2025-38639",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38639"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: xt_nfacct: don\u0027t assume acct name is null-terminated\n\nBUG: KASAN: slab-out-of-bounds in .. lib/vsprintf.c:721\nRead of size 1 at addr ffff88801eac95c8 by task syz-executor183/5851\n[..]\n string+0x231/0x2b0 lib/vsprintf.c:721\n vsnprintf+0x739/0xf00 lib/vsprintf.c:2874\n [..]\n nfacct_mt_checkentry+0xd2/0xe0 net/netfilter/xt_nfacct.c:41\n xt_check_match+0x3d1/0xab0 net/netfilter/x_tables.c:523\n\nnfnl_acct_find_get() handles non-null input, but the error\nprintk relied on its presence.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38639",
"url": "https://www.suse.com/security/cve/CVE-2025-38639"
},
{
"category": "external",
"summary": "SUSE Bug 1248674 for CVE-2025-38639",
"url": "https://bugzilla.suse.com/1248674"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38639"
},
{
"cve": "CVE-2025-38640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38640"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Disable migration in nf_hook_run_bpf().\n\nsyzbot reported that the netfilter bpf prog can be called without\nmigration disabled in xmit path.\n\nThen the assertion in __bpf_prog_run() fails, triggering the splat\nbelow. [0]\n\nLet\u0027s use bpf_prog_run_pin_on_cpu() in nf_hook_run_bpf().\n\n[0]:\nBUG: assuming non migratable context at ./include/linux/filter.h:703\nin_atomic(): 0, irqs_disabled(): 0, migration_disabled() 0 pid: 5829, name: sshd-session\n3 locks held by sshd-session/5829:\n #0: ffff88807b4e4218 (sk_lock-AF_INET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1667 [inline]\n #0: ffff88807b4e4218 (sk_lock-AF_INET){+.+.}-{0:0}, at: tcp_sendmsg+0x20/0x50 net/ipv4/tcp.c:1395\n #1: ffffffff8e5c4e00 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]\n #1: ffffffff8e5c4e00 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]\n #1: ffffffff8e5c4e00 (rcu_read_lock){....}-{1:3}, at: __ip_queue_xmit+0x69/0x26c0 net/ipv4/ip_output.c:470\n #2: ffffffff8e5c4e00 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]\n #2: ffffffff8e5c4e00 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]\n #2: ffffffff8e5c4e00 (rcu_read_lock){....}-{1:3}, at: nf_hook+0xb2/0x680 include/linux/netfilter.h:241\nCPU: 0 UID: 0 PID: 5829 Comm: sshd-session Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120\n __cant_migrate kernel/sched/core.c:8860 [inline]\n __cant_migrate+0x1c7/0x250 kernel/sched/core.c:8834\n __bpf_prog_run include/linux/filter.h:703 [inline]\n bpf_prog_run include/linux/filter.h:725 [inline]\n nf_hook_run_bpf+0x83/0x1e0 net/netfilter/nf_bpf_link.c:20\n nf_hook_entry_hookfn include/linux/netfilter.h:157 [inline]\n nf_hook_slow+0xbb/0x200 net/netfilter/core.c:623\n nf_hook+0x370/0x680 include/linux/netfilter.h:272\n NF_HOOK_COND include/linux/netfilter.h:305 [inline]\n ip_output+0x1bc/0x2a0 net/ipv4/ip_output.c:433\n dst_output include/net/dst.h:459 [inline]\n ip_local_out net/ipv4/ip_output.c:129 [inline]\n __ip_queue_xmit+0x1d7d/0x26c0 net/ipv4/ip_output.c:527\n __tcp_transmit_skb+0x2686/0x3e90 net/ipv4/tcp_output.c:1479\n tcp_transmit_skb net/ipv4/tcp_output.c:1497 [inline]\n tcp_write_xmit+0x1274/0x84e0 net/ipv4/tcp_output.c:2838\n __tcp_push_pending_frames+0xaf/0x390 net/ipv4/tcp_output.c:3021\n tcp_push+0x225/0x700 net/ipv4/tcp.c:759\n tcp_sendmsg_locked+0x1870/0x42b0 net/ipv4/tcp.c:1359\n tcp_sendmsg+0x2e/0x50 net/ipv4/tcp.c:1396\n inet_sendmsg+0xb9/0x140 net/ipv4/af_inet.c:851\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg net/socket.c:727 [inline]\n sock_write_iter+0x4aa/0x5b0 net/socket.c:1131\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x6c7/0x1150 fs/read_write.c:686\n ksys_write+0x1f8/0x250 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fe7d365d407\nCode: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 \u003c5b\u003e c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff\nRSP:",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38640",
"url": "https://www.suse.com/security/cve/CVE-2025-38640"
},
{
"category": "external",
"summary": "SUSE Bug 1248622 for CVE-2025-38640",
"url": "https://bugzilla.suse.com/1248622"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38640"
},
{
"cve": "CVE-2025-38643",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38643"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac()\n\nCallers of wdev_chandef() must hold the wiphy mutex.\n\nBut the worker cfg80211_propagate_cac_done_wk() never takes the lock.\nWhich triggers the warning below with the mesh_peer_connected_dfs\ntest from hostapd and not (yet) released mac80211 code changes:\n\nWARNING: CPU: 0 PID: 495 at net/wireless/chan.c:1552 wdev_chandef+0x60/0x165\nModules linked in:\nCPU: 0 UID: 0 PID: 495 Comm: kworker/u4:2 Not tainted 6.14.0-rc5-wt-g03960e6f9d47 #33 13c287eeabfe1efea01c0bcc863723ab082e17cf\nWorkqueue: cfg80211 cfg80211_propagate_cac_done_wk\nStack:\n 00000000 00000001 ffffff00 6093267c\n 00000000 6002ec30 6d577c50 60037608\n 00000000 67e8d108 6063717b 00000000\nCall Trace:\n [\u003c6002ec30\u003e] ? _printk+0x0/0x98\n [\u003c6003c2b3\u003e] show_stack+0x10e/0x11a\n [\u003c6002ec30\u003e] ? _printk+0x0/0x98\n [\u003c60037608\u003e] dump_stack_lvl+0x71/0xb8\n [\u003c6063717b\u003e] ? wdev_chandef+0x60/0x165\n [\u003c6003766d\u003e] dump_stack+0x1e/0x20\n [\u003c6005d1b7\u003e] __warn+0x101/0x20f\n [\u003c6005d3a8\u003e] warn_slowpath_fmt+0xe3/0x15d\n [\u003c600b0c5c\u003e] ? mark_lock.part.0+0x0/0x4ec\n [\u003c60751191\u003e] ? __this_cpu_preempt_check+0x0/0x16\n [\u003c600b11a2\u003e] ? mark_held_locks+0x5a/0x6e\n [\u003c6005d2c5\u003e] ? warn_slowpath_fmt+0x0/0x15d\n [\u003c60052e53\u003e] ? unblock_signals+0x3a/0xe7\n [\u003c60052f2d\u003e] ? um_set_signals+0x2d/0x43\n [\u003c60751191\u003e] ? __this_cpu_preempt_check+0x0/0x16\n [\u003c607508b2\u003e] ? lock_is_held_type+0x207/0x21f\n [\u003c6063717b\u003e] wdev_chandef+0x60/0x165\n [\u003c605f89b4\u003e] regulatory_propagate_dfs_state+0x247/0x43f\n [\u003c60052f00\u003e] ? um_set_signals+0x0/0x43\n [\u003c605e6bfd\u003e] cfg80211_propagate_cac_done_wk+0x3a/0x4a\n [\u003c6007e460\u003e] process_scheduled_works+0x3bc/0x60e\n [\u003c6007d0ec\u003e] ? move_linked_works+0x4d/0x81\n [\u003c6007d120\u003e] ? assign_work+0x0/0xaa\n [\u003c6007f81f\u003e] worker_thread+0x220/0x2dc\n [\u003c600786ef\u003e] ? set_pf_worker+0x0/0x57\n [\u003c60087c96\u003e] ? to_kthread+0x0/0x43\n [\u003c6008ab3c\u003e] kthread+0x2d3/0x2e2\n [\u003c6007f5ff\u003e] ? worker_thread+0x0/0x2dc\n [\u003c6006c05b\u003e] ? calculate_sigpending+0x0/0x56\n [\u003c6003b37d\u003e] new_thread_handler+0x4a/0x64\nirq event stamp: 614611\nhardirqs last enabled at (614621): [\u003c00000000600bc96b\u003e] __up_console_sem+0x82/0xaf\nhardirqs last disabled at (614630): [\u003c00000000600bc92c\u003e] __up_console_sem+0x43/0xaf\nsoftirqs last enabled at (614268): [\u003c00000000606c55c6\u003e] __ieee80211_wake_queue+0x933/0x985\nsoftirqs last disabled at (614266): [\u003c00000000606c52d6\u003e] __ieee80211_wake_queue+0x643/0x985",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38643",
"url": "https://www.suse.com/security/cve/CVE-2025-38643"
},
{
"category": "external",
"summary": "SUSE Bug 1248681 for CVE-2025-38643",
"url": "https://bugzilla.suse.com/1248681"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38643"
},
{
"cve": "CVE-2025-38644",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38644"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: reject TDLS operations when station is not associated\n\nsyzbot triggered a WARN in ieee80211_tdls_oper() by sending\nNL80211_TDLS_ENABLE_LINK immediately after NL80211_CMD_CONNECT,\nbefore association completed and without prior TDLS setup.\n\nThis left internal state like sdata-\u003eu.mgd.tdls_peer uninitialized,\nleading to a WARN_ON() in code paths that assumed it was valid.\n\nReject the operation early if not in station mode or not associated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38644",
"url": "https://www.suse.com/security/cve/CVE-2025-38644"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-38644",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1248748 for CVE-2025-38644",
"url": "https://bugzilla.suse.com/1248748"
},
{
"category": "external",
"summary": "SUSE Bug 1248749 for CVE-2025-38644",
"url": "https://bugzilla.suse.com/1248749"
},
{
"category": "external",
"summary": "SUSE Bug 1253291 for CVE-2025-38644",
"url": "https://bugzilla.suse.com/1253291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38644"
},
{
"cve": "CVE-2025-38646",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38646"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band\n\nWith a quite rare chance, RX report might be problematic to make SW think\na packet is received on 6 GHz band even if the chip does not support 6 GHz\nband actually. Since SW won\u0027t initialize stuffs for unsupported bands, NULL\ndereference will happen then in the sequence, rtw89_vif_rx_stats_iter() -\u003e\nrtw89_core_cancel_6ghz_probe_tx(). So, add a check to avoid it.\n\nThe following is a crash log for this case.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000032\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 1 PID: 1907 Comm: irq/131-rtw89_p Tainted: G U 6.6.56-05896-g89f5fb0eb30b #1 (HASH:1400 4)\n Hardware name: Google Telith/Telith, BIOS Google_Telith.15217.747.0 11/12/2024\n RIP: 0010:rtw89_vif_rx_stats_iter+0xd2/0x310 [rtw89_core]\n Code: 4c 89 7d c8 48 89 55 c0 49 8d 44 24 02 48 89 45 b8 45 31 ff eb 11\n 41 c6 45 3a 01 41 b7 01 4d 8b 6d 00 4d 39 f5 74 42 8b 43 10 \u003c41\u003e 33 45\n 32 0f b7 4b 14 66 41 33 4d 36 0f b7 c9 09 c1 74 d8 4d 85\n RSP: 0018:ffff9f3080138ca0 EFLAGS: 00010246\n RAX: 00000000b8bf5770 RBX: ffff91b5e8c639c0 RCX: 0000000000000011\n RDX: ffff91b582de1be8 RSI: 0000000000000000 RDI: ffff91b5e8c639e6\n RBP: ffff9f3080138d00 R08: 0000000000000000 R09: 0000000000000000\n R10: ffff91b59de70000 R11: ffffffffc069be50 R12: ffff91b5e8c639e4\n R13: 0000000000000000 R14: ffff91b5828020b8 R15: 0000000000000000\n FS: 0000000000000000(0000) GS:ffff91b8efa40000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000032 CR3: 00000002bf838000 CR4: 0000000000750ee0\n PKRU: 55555554\n Call Trace:\n \u003cIRQ\u003e\n ? __die_body+0x68/0xb0\n ? page_fault_oops+0x379/0x3e0\n ? exc_page_fault+0x4f/0xa0\n ? asm_exc_page_fault+0x22/0x30\n ? __pfx_rtw89_vif_rx_stats_iter+0x10/0x10 [rtw89_core (HASH:1400 5)]\n ? rtw89_vif_rx_stats_iter+0xd2/0x310 [rtw89_core (HASH:1400 5)]\n __iterate_interfaces+0x59/0x110 [mac80211 (HASH:1400 6)]\n ? __pfx_rtw89_vif_rx_stats_iter+0x10/0x10 [rtw89_core (HASH:1400 5)]\n ? __pfx_rtw89_vif_rx_stats_iter+0x10/0x10 [rtw89_core (HASH:1400 5)]\n ieee80211_iterate_active_interfaces_atomic+0x36/0x50 [mac80211 (HASH:1400 6)]\n rtw89_core_rx_to_mac80211+0xfd/0x1b0 [rtw89_core (HASH:1400 5)]\n rtw89_core_rx+0x43a/0x980 [rtw89_core (HASH:1400 5)]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38646",
"url": "https://www.suse.com/security/cve/CVE-2025-38646"
},
{
"category": "external",
"summary": "SUSE Bug 1248577 for CVE-2025-38646",
"url": "https://bugzilla.suse.com/1248577"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38646"
},
{
"cve": "CVE-2025-38648",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38648"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: stm32: Check for cfg availability in stm32_spi_probe\n\nThe stm32_spi_probe function now includes a check to ensure that the\npointer returned by of_device_get_match_data is not NULL before\naccessing its members. This resolves a warning where a potential NULL\npointer dereference could occur when accessing cfg-\u003ehas_device_mode.\n\nBefore accessing the \u0027has_device_mode\u0027 member, we verify that \u0027cfg\u0027 is\nnot NULL. If \u0027cfg\u0027 is NULL, an error message is logged.\n\nThis change ensures that the driver does not attempt to access\nconfiguration data if it is not available, thus preventing a potential\nsystem crash due to a NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38648",
"url": "https://www.suse.com/security/cve/CVE-2025-38648"
},
{
"category": "external",
"summary": "SUSE Bug 1248624 for CVE-2025-38648",
"url": "https://bugzilla.suse.com/1248624"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38648"
},
{
"cve": "CVE-2025-38656",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38656"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start()\n\nPreserve the error code if iwl_setup_deferred_work() fails. The current\ncode returns ERR_PTR(0) (which is NULL) on this path. I believe the\nmissing error code potentially leads to a use after free involving\ndebugfs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38656",
"url": "https://www.suse.com/security/cve/CVE-2025-38656"
},
{
"category": "external",
"summary": "SUSE Bug 1248643 for CVE-2025-38656",
"url": "https://bugzilla.suse.com/1248643"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38656"
},
{
"cve": "CVE-2025-38658",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38658"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: pci-epf: Do not complete commands twice if nvmet_req_init() fails\n\nHave nvmet_req_init() and req-\u003eexecute() complete failed commands.\n\nDescription of the problem:\nnvmet_req_init() calls __nvmet_req_complete() internally upon failure,\ne.g., unsupported opcode, which calls the \"queue_response\" callback,\nthis results in nvmet_pci_epf_queue_response() being called, which will\ncall nvmet_pci_epf_complete_iod() if data_len is 0 or if dma_dir is\ndifferent from DMA_TO_DEVICE. This results in a double completion as\nnvmet_pci_epf_exec_iod_work() also calls nvmet_pci_epf_complete_iod()\nwhen nvmet_req_init() fails.\n\nSteps to reproduce:\nOn the host send a command with an unsupported opcode with nvme-cli,\nFor example the admin command \"security receive\"\n$ sudo nvme security-recv /dev/nvme0n1 -n1 -x4096\n\nThis triggers a double completion as nvmet_req_init() fails and\nnvmet_pci_epf_queue_response() is called, here iod-\u003edma_dir is still\nin the default state of \"DMA_NONE\" as set by default in\nnvmet_pci_epf_alloc_iod(), so nvmet_pci_epf_complete_iod() is called.\nBecause nvmet_req_init() failed nvmet_pci_epf_complete_iod() is also\ncalled in nvmet_pci_epf_exec_iod_work() leading to a double completion.\nThis not only sends two completions to the host but also corrupts the\nstate of the PCI NVMe target leading to kernel oops.\n\nThis patch lets nvmet_req_init() and req-\u003eexecute() complete all failed\ncommands, and removes the double completion case in\nnvmet_pci_epf_exec_iod_work() therefore fixing the edge cases where\ndouble completions occurred.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38658",
"url": "https://www.suse.com/security/cve/CVE-2025-38658"
},
{
"category": "external",
"summary": "SUSE Bug 1248627 for CVE-2025-38658",
"url": "https://bugzilla.suse.com/1248627"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38658"
},
{
"cve": "CVE-2025-38659",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38659"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: No more self recovery\n\nWhen a node withdraws and it turns out that it is the only node that has\nthe filesystem mounted, gfs2 currently tries to replay the local journal\nto bring the filesystem back into a consistent state. Not only is that\na very bad idea, it has also never worked because gfs2_recover_func()\nwill refuse to do anything during a withdraw.\n\nHowever, before even getting to this point, gfs2_recover_func()\ndereferences sdp-\u003esd_jdesc-\u003ejd_inode. This was a use-after-free before\ncommit 04133b607a78 (\"gfs2: Prevent double iput for journal on error\")\nand is a NULL pointer dereference since then.\n\nSimply get rid of self recovery to fix that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38659",
"url": "https://www.suse.com/security/cve/CVE-2025-38659"
},
{
"category": "external",
"summary": "SUSE Bug 1248639 for CVE-2025-38659",
"url": "https://bugzilla.suse.com/1248639"
},
{
"category": "external",
"summary": "SUSE Bug 1248759 for CVE-2025-38659",
"url": "https://bugzilla.suse.com/1248759"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38659"
},
{
"cve": "CVE-2025-38660",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38660"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\n[ceph] parse_longname(): strrchr() expects NUL-terminated string\n\n... and parse_longname() is not guaranteed that. That\u0027s the reason\nwhy it uses kmemdup_nul() to build the argument for kstrtou64();\nthe problem is, kstrtou64() is not the only thing that need it.\n\nJust get a NUL-terminated copy of the entire thing and be done\nwith that...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38660",
"url": "https://www.suse.com/security/cve/CVE-2025-38660"
},
{
"category": "external",
"summary": "SUSE Bug 1248634 for CVE-2025-38660",
"url": "https://bugzilla.suse.com/1248634"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38660"
},
{
"cve": "CVE-2025-38662",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38662"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mediatek: mt8365-dai-i2s: pass correct size to mt8365_dai_set_priv\n\nGiven mt8365_dai_set_priv allocate priv_size space to copy priv_data which\nmeans we should pass mt8365_i2s_priv[i] or \"struct mtk_afe_i2s_priv\"\ninstead of afe_priv which has the size of \"struct mt8365_afe_private\".\n\nOtherwise the KASAN complains about.\n\n[ 59.389765] BUG: KASAN: global-out-of-bounds in mt8365_dai_set_priv+0xc8/0x168 [snd_soc_mt8365_pcm]\n...\n[ 59.394789] Call trace:\n[ 59.395167] dump_backtrace+0xa0/0x128\n[ 59.395733] show_stack+0x20/0x38\n[ 59.396238] dump_stack_lvl+0xe8/0x148\n[ 59.396806] print_report+0x37c/0x5e0\n[ 59.397358] kasan_report+0xac/0xf8\n[ 59.397885] kasan_check_range+0xe8/0x190\n[ 59.398485] asan_memcpy+0x3c/0x98\n[ 59.399022] mt8365_dai_set_priv+0xc8/0x168 [snd_soc_mt8365_pcm]\n[ 59.399928] mt8365_dai_i2s_register+0x1e8/0x2b0 [snd_soc_mt8365_pcm]\n[ 59.400893] mt8365_afe_pcm_dev_probe+0x4d0/0xdf0 [snd_soc_mt8365_pcm]\n[ 59.401873] platform_probe+0xcc/0x228\n[ 59.402442] really_probe+0x340/0x9e8\n[ 59.402992] driver_probe_device+0x16c/0x3f8\n[ 59.403638] driver_probe_device+0x64/0x1d8\n[ 59.404256] driver_attach+0x1dc/0x4c8\n[ 59.404840] bus_for_each_dev+0x100/0x190\n[ 59.405442] driver_attach+0x44/0x68\n[ 59.405980] bus_add_driver+0x23c/0x500\n[ 59.406550] driver_register+0xf8/0x3d0\n[ 59.407122] platform_driver_register+0x68/0x98\n[ 59.407810] mt8365_afe_pcm_driver_init+0x2c/0xff8 [snd_soc_mt8365_pcm]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38662",
"url": "https://www.suse.com/security/cve/CVE-2025-38662"
},
{
"category": "external",
"summary": "SUSE Bug 1248635 for CVE-2025-38662",
"url": "https://bugzilla.suse.com/1248635"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38662"
},
{
"cve": "CVE-2025-38664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38664"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix a null pointer dereference in ice_copy_and_init_pkg()\n\nAdd check for the return value of devm_kmemdup()\nto prevent potential null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38664",
"url": "https://www.suse.com/security/cve/CVE-2025-38664"
},
{
"category": "external",
"summary": "SUSE Bug 1248628 for CVE-2025-38664",
"url": "https://bugzilla.suse.com/1248628"
},
{
"category": "external",
"summary": "SUSE Bug 1248631 for CVE-2025-38664",
"url": "https://bugzilla.suse.com/1248631"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38664"
},
{
"cve": "CVE-2025-38665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38665"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode\n\nAndrei Lalaev reported a NULL pointer deref when a CAN device is\nrestarted from Bus Off and the driver does not implement the struct\ncan_priv::do_set_mode callback.\n\nThere are 2 code path that call struct can_priv::do_set_mode:\n- directly by a manual restart from the user space, via\n can_changelink()\n- delayed automatic restart after bus off (deactivated by default)\n\nTo prevent the NULL pointer deference, refuse a manual restart or\nconfigure the automatic restart delay in can_changelink() and report\nthe error via extack to user space.\n\nAs an additional safety measure let can_restart() return an error if\ncan_priv::do_set_mode is not set instead of dereferencing it\nunchecked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38665",
"url": "https://www.suse.com/security/cve/CVE-2025-38665"
},
{
"category": "external",
"summary": "SUSE Bug 1248648 for CVE-2025-38665",
"url": "https://bugzilla.suse.com/1248648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38665"
},
{
"cve": "CVE-2025-38668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38668"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: core: fix NULL dereference on unbind due to stale coupling data\n\nFailing to reset coupling_desc.n_coupled after freeing coupled_rdevs can\nlead to NULL pointer dereference when regulators are accessed post-unbind.\n\nThis can happen during runtime PM or other regulator operations that rely\non coupling metadata.\n\nFor example, on ridesx4, unbinding the \u0027reg-dummy\u0027 platform device triggers\na panic in regulator_lock_recursive() due to stale coupling state.\n\nEnsure n_coupled is set to 0 to prevent access to invalid pointers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38668",
"url": "https://www.suse.com/security/cve/CVE-2025-38668"
},
{
"category": "external",
"summary": "SUSE Bug 1248647 for CVE-2025-38668",
"url": "https://bugzilla.suse.com/1248647"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38668"
},
{
"cve": "CVE-2025-38670",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38670"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack()\n\n`cpu_switch_to()` and `call_on_irq_stack()` manipulate SP to change\nto different stacks along with the Shadow Call Stack if it is enabled.\nThose two stack changes cannot be done atomically and both functions\ncan be interrupted by SErrors or Debug Exceptions which, though unlikely,\nis very much broken : if interrupted, we can end up with mismatched stacks\nand Shadow Call Stack leading to clobbered stacks.\n\nIn `cpu_switch_to()`, it can happen when SP_EL0 points to the new task,\nbut x18 stills points to the old task\u0027s SCS. When the interrupt handler\ntries to save the task\u0027s SCS pointer, it will save the old task\nSCS pointer (x18) into the new task struct (pointed to by SP_EL0),\nclobbering it.\n\nIn `call_on_irq_stack()`, it can happen when switching from the task stack\nto the IRQ stack and when switching back. In both cases, we can be\ninterrupted when the SCS pointer points to the IRQ SCS, but SP points to\nthe task stack. The nested interrupt handler pushes its return addresses\non the IRQ SCS. It then detects that SP points to the task stack,\ncalls `call_on_irq_stack()` and clobbers the task SCS pointer with\nthe IRQ SCS pointer, which it will also use !\n\nThis leads to tasks returning to addresses on the wrong SCS,\nor even on the IRQ SCS, triggering kernel panics via CONFIG_VMAP_STACK\nor FPAC if enabled.\n\nThis is possible on a default config, but unlikely.\nHowever, when enabling CONFIG_ARM64_PSEUDO_NMI, DAIF is unmasked and\ninstead the GIC is responsible for filtering what interrupts the CPU\nshould receive based on priority.\nGiven the goal of emulating NMIs, pseudo-NMIs can be received by the CPU\neven in `cpu_switch_to()` and `call_on_irq_stack()`, possibly *very*\nfrequently depending on the system configuration and workload, leading\nto unpredictable kernel panics.\n\nCompletely mask DAIF in `cpu_switch_to()` and restore it when returning.\nDo the same in `call_on_irq_stack()`, but restore and mask around\nthe branch.\nMask DAIF even if CONFIG_SHADOW_CALL_STACK is not enabled for consistency\nof behaviour between all configurations.\n\nIntroduce and use an assembly macro for saving and masking DAIF,\nas the existing one saves but only masks IF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38670",
"url": "https://www.suse.com/security/cve/CVE-2025-38670"
},
{
"category": "external",
"summary": "SUSE Bug 1248655 for CVE-2025-38670",
"url": "https://bugzilla.suse.com/1248655"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38670"
},
{
"cve": "CVE-2025-38671",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38671"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: qup: jump out of the loop in case of timeout\n\nOriginal logic only sets the return value but doesn\u0027t jump out of the\nloop if the bus is kept active by a client. This is not expected. A\nmalicious or buggy i2c client can hang the kernel in this case and\nshould be avoided. This is observed during a long time test with a\nPCA953x GPIO extender.\n\nFix it by changing the logic to not only sets the return value, but also\njumps out of the loop and return to the caller with -ETIMEDOUT.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38671",
"url": "https://www.suse.com/security/cve/CVE-2025-38671"
},
{
"category": "external",
"summary": "SUSE Bug 1248652 for CVE-2025-38671",
"url": "https://bugzilla.suse.com/1248652"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38671"
},
{
"cve": "CVE-2025-38676",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38676"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/amd: Avoid stack buffer overflow from kernel cmdline\n\nWhile the kernel command line is considered trusted in most environments,\navoid writing 1 byte past the end of \"acpiid\" if the \"str\" argument is\nmaximum length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38676",
"url": "https://www.suse.com/security/cve/CVE-2025-38676"
},
{
"category": "external",
"summary": "SUSE Bug 1248775 for CVE-2025-38676",
"url": "https://bugzilla.suse.com/1248775"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38676"
},
{
"cve": "CVE-2025-38678",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38678"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: reject duplicate device on updates\n\nA chain/flowtable update with duplicated devices in the same batch is\npossible. Unfortunately, netdev event path only removes the first\ndevice that is found, leaving unregistered the hook of the duplicated\ndevice.\n\nCheck if a duplicated device exists in the transaction batch, bail out\nwith EEXIST in such case.\n\nWARNING is hit when unregistering the hook:\n\n [49042.221275] WARNING: CPU: 4 PID: 8425 at net/netfilter/core.c:340 nf_hook_entry_head+0xaa/0x150\n [49042.221375] CPU: 4 UID: 0 PID: 8425 Comm: nft Tainted: G S 6.16.0+ #170 PREEMPT(full)\n [...]\n [49042.221382] RIP: 0010:nf_hook_entry_head+0xaa/0x150",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38678",
"url": "https://www.suse.com/security/cve/CVE-2025-38678"
},
{
"category": "external",
"summary": "SUSE Bug 1249126 for CVE-2025-38678",
"url": "https://bugzilla.suse.com/1249126"
},
{
"category": "external",
"summary": "SUSE Bug 1249534 for CVE-2025-38678",
"url": "https://bugzilla.suse.com/1249534"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38678"
},
{
"cve": "CVE-2025-38679",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38679"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: Fix OOB read due to missing payload bound check\n\nCurrently, The event_seq_changed() handler processes a variable number\nof properties sent by the firmware. The number of properties is indicated\nby the firmware and used to iterate over the payload. However, the\npayload size is not being validated against the actual message length.\n\nThis can lead to out-of-bounds memory access if the firmware provides a\nproperty count that exceeds the data available in the payload. Such a\ncondition can result in kernel crashes or potential information leaks if\nmemory beyond the buffer is accessed.\n\nFix this by properly validating the remaining size of the payload before\neach property access and updating bounds accordingly as properties are\nparsed.\n\nThis ensures that property parsing is safely bounded within the received\nmessage buffer and protects against malformed or malicious firmware\nbehavior.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38679",
"url": "https://www.suse.com/security/cve/CVE-2025-38679"
},
{
"category": "external",
"summary": "SUSE Bug 1249202 for CVE-2025-38679",
"url": "https://bugzilla.suse.com/1249202"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38679"
},
{
"cve": "CVE-2025-38680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38680"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format()\n\nThe buffer length check before calling uvc_parse_format() only ensured\nthat the buffer has at least 3 bytes (buflen \u003e 2), buf the function\naccesses buffer[3], requiring at least 4 bytes.\n\nThis can lead to an out-of-bounds read if the buffer has exactly 3 bytes.\n\nFix it by checking that the buffer has at least 4 bytes in\nuvc_parse_format().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38680",
"url": "https://www.suse.com/security/cve/CVE-2025-38680"
},
{
"category": "external",
"summary": "SUSE Bug 1249203 for CVE-2025-38680",
"url": "https://bugzilla.suse.com/1249203"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38680"
},
{
"cve": "CVE-2025-38681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38681"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd()\n\nMemory hot remove unmaps and tears down various kernel page table regions\nas required. The ptdump code can race with concurrent modifications of\nthe kernel page tables. When leaf entries are modified concurrently, the\ndump code may log stale or inconsistent information for a VA range, but\nthis is otherwise not harmful.\n\nBut when intermediate levels of kernel page table are freed, the dump code\nwill continue to use memory that has been freed and potentially\nreallocated for another purpose. In such cases, the ptdump code may\ndereference bogus addresses, leading to a number of potential problems.\n\nTo avoid the above mentioned race condition, platforms such as arm64,\nriscv and s390 take memory hotplug lock, while dumping kernel page table\nvia the sysfs interface /sys/kernel/debug/kernel_page_tables.\n\nSimilar race condition exists while checking for pages that might have\nbeen marked W+X via /sys/kernel/debug/kernel_page_tables/check_wx_pages\nwhich in turn calls ptdump_check_wx(). Instead of solving this race\ncondition again, let\u0027s just move the memory hotplug lock inside generic\nptdump_check_wx() which will benefit both the scenarios.\n\nDrop get_online_mems() and put_online_mems() combination from all existing\nplatform ptdump code paths.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38681",
"url": "https://www.suse.com/security/cve/CVE-2025-38681"
},
{
"category": "external",
"summary": "SUSE Bug 1249204 for CVE-2025-38681",
"url": "https://bugzilla.suse.com/1249204"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38681"
},
{
"cve": "CVE-2025-38683",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38683"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhv_netvsc: Fix panic during namespace deletion with VF\n\nThe existing code move the VF NIC to new namespace when NETDEV_REGISTER is\nreceived on netvsc NIC. During deletion of the namespace,\ndefault_device_exit_batch() \u003e\u003e default_device_exit_net() is called. When\nnetvsc NIC is moved back and registered to the default namespace, it\nautomatically brings VF NIC back to the default namespace. This will cause\nthe default_device_exit_net() \u003e\u003e for_each_netdev_safe loop unable to detect\nthe list end, and hit NULL ptr:\n\n[ 231.449420] mana 7870:00:00.0 enP30832s1: Moved VF to namespace with: eth0\n[ 231.449656] BUG: kernel NULL pointer dereference, address: 0000000000000010\n[ 231.450246] #PF: supervisor read access in kernel mode\n[ 231.450579] #PF: error_code(0x0000) - not-present page\n[ 231.450916] PGD 17b8a8067 P4D 0\n[ 231.451163] Oops: Oops: 0000 [#1] SMP NOPTI\n[ 231.451450] CPU: 82 UID: 0 PID: 1394 Comm: kworker/u768:1 Not tainted 6.16.0-rc4+ #3 VOLUNTARY\n[ 231.452042] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 11/21/2024\n[ 231.452692] Workqueue: netns cleanup_net\n[ 231.452947] RIP: 0010:default_device_exit_batch+0x16c/0x3f0\n[ 231.453326] Code: c0 0c f5 b3 e8 d5 db fe ff 48 85 c0 74 15 48 c7 c2 f8 fd ca b2 be 10 00 00 00 48 8d 7d c0 e8 7b 77 25 00 49 8b 86 28 01 00 00 \u003c48\u003e 8b 50 10 4c 8b 2a 4c 8d 62 f0 49 83 ed 10 4c 39 e0 0f 84 d6 00\n[ 231.454294] RSP: 0018:ff75fc7c9bf9fd00 EFLAGS: 00010246\n[ 231.454610] RAX: 0000000000000000 RBX: 0000000000000002 RCX: 61c8864680b583eb\n[ 231.455094] RDX: ff1fa9f71462d800 RSI: ff75fc7c9bf9fd38 RDI: 0000000030766564\n[ 231.455686] RBP: ff75fc7c9bf9fd78 R08: 0000000000000000 R09: 0000000000000000\n[ 231.456126] R10: 0000000000000001 R11: 0000000000000004 R12: ff1fa9f70088e340\n[ 231.456621] R13: ff1fa9f70088e340 R14: ffffffffb3f50c20 R15: ff1fa9f7103e6340\n[ 231.457161] FS: 0000000000000000(0000) GS:ff1faa6783a08000(0000) knlGS:0000000000000000\n[ 231.457707] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 231.458031] CR2: 0000000000000010 CR3: 0000000179ab2006 CR4: 0000000000b73ef0\n[ 231.458434] Call Trace:\n[ 231.458600] \u003cTASK\u003e\n[ 231.458777] ops_undo_list+0x100/0x220\n[ 231.459015] cleanup_net+0x1b8/0x300\n[ 231.459285] process_one_work+0x184/0x340\n\nTo fix it, move the ns change to a workqueue, and take rtnl_lock to avoid\nchanging the netdev list when default_device_exit_net() is using it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38683",
"url": "https://www.suse.com/security/cve/CVE-2025-38683"
},
{
"category": "external",
"summary": "SUSE Bug 1249159 for CVE-2025-38683",
"url": "https://bugzilla.suse.com/1249159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38683"
},
{
"cve": "CVE-2025-38684",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38684"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: ets: use old \u0027nbands\u0027 while purging unused classes\n\nShuang reported sch_ets test-case [1] crashing in ets_class_qlen_notify()\nafter recent changes from Lion [2]. The problem is: in ets_qdisc_change()\nwe purge unused DWRR queues; the value of \u0027q-\u003enbands\u0027 is the new one, and\nthe cleanup should be done with the old one. The problem is here since my\nfirst attempts to fix ets_qdisc_change(), but it surfaced again after the\nrecent qdisc len accounting fixes. Fix it purging idle DWRR queues before\nassigning a new value of \u0027q-\u003enbands\u0027, so that all purge operations find a\nconsistent configuration:\n\n - old \u0027q-\u003enbands\u0027 because it\u0027s needed by ets_class_find()\n - old \u0027q-\u003enstrict\u0027 because it\u0027s needed by ets_class_is_strict()\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0000 [#1] SMP NOPTI\n CPU: 62 UID: 0 PID: 39457 Comm: tc Kdump: loaded Not tainted 6.12.0-116.el10.x86_64 #1 PREEMPT(voluntary)\n Hardware name: Dell Inc. PowerEdge R640/06DKY5, BIOS 2.12.2 07/09/2021\n RIP: 0010:__list_del_entry_valid_or_report+0x4/0x80\n Code: ff 4c 39 c7 0f 84 39 19 8e ff b8 01 00 00 00 c3 cc cc cc cc 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa \u003c48\u003e 8b 17 48 8b 4f 08 48 85 d2 0f 84 56 19 8e ff 48 85 c9 0f 84 ab\n RSP: 0018:ffffba186009f400 EFLAGS: 00010202\n RAX: 00000000000000d6 RBX: 0000000000000000 RCX: 0000000000000004\n RDX: ffff9f0fa29b69c0 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffffffffc12c2400 R08: 0000000000000008 R09: 0000000000000004\n R10: ffffffffffffffff R11: 0000000000000004 R12: 0000000000000000\n R13: ffff9f0f8cfe0000 R14: 0000000000100005 R15: 0000000000000000\n FS: 00007f2154f37480(0000) GS:ffff9f269c1c0000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 00000001530be001 CR4: 00000000007726f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ets_class_qlen_notify+0x65/0x90 [sch_ets]\n qdisc_tree_reduce_backlog+0x74/0x110\n ets_qdisc_change+0x630/0xa40 [sch_ets]\n __tc_modify_qdisc.constprop.0+0x216/0x7f0\n tc_modify_qdisc+0x7c/0x120\n rtnetlink_rcv_msg+0x145/0x3f0\n netlink_rcv_skb+0x53/0x100\n netlink_unicast+0x245/0x390\n netlink_sendmsg+0x21b/0x470\n ____sys_sendmsg+0x39d/0x3d0\n ___sys_sendmsg+0x9a/0xe0\n __sys_sendmsg+0x7a/0xd0\n do_syscall_64+0x7d/0x160\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n RIP: 0033:0x7f2155114084\n Code: 89 02 b8 ff ff ff ff eb bb 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 80 3d 25 f0 0c 00 00 74 13 b8 2e 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 54 c3 0f 1f 00 48 83 ec 28 89 54 24 1c 48 89\n RSP: 002b:00007fff1fd7a988 EFLAGS: 00000202 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 0000560ec063e5e0 RCX: 00007f2155114084\n RDX: 0000000000000000 RSI: 00007fff1fd7a9f0 RDI: 0000000000000003\n RBP: 00007fff1fd7aa60 R08: 0000000000000010 R09: 000000000000003f\n R10: 0000560ee9b3a010 R11: 0000000000000202 R12: 00007fff1fd7aae0\n R13: 000000006891ccde R14: 0000560ec063e5e0 R15: 00007fff1fd7aad0\n \u003c/TASK\u003e\n\n [1] https://lore.kernel.org/netdev/e08c7f4a6882f260011909a868311c6e9b54f3e4.1639153474.git.dcaratti@redhat.com/\n [2] https://lore.kernel.org/netdev/d912cbd7-193b-4269-9857-525bee8bbb6a@gmail.com/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38684",
"url": "https://www.suse.com/security/cve/CVE-2025-38684"
},
{
"category": "external",
"summary": "SUSE Bug 1249156 for CVE-2025-38684",
"url": "https://bugzilla.suse.com/1249156"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38684"
},
{
"cve": "CVE-2025-38685",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38685"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: Fix vmalloc out-of-bounds write in fast_imageblit\n\nThis issue triggers when a userspace program does an ioctl\nFBIOPUT_CON2FBMAP by passing console number and frame buffer number.\nIdeally this maps console to frame buffer and updates the screen if\nconsole is visible.\n\nAs part of mapping it has to do resize of console according to frame\nbuffer info. if this resize fails and returns from vc_do_resize() and\ncontinues further. At this point console and new frame buffer are mapped\nand sets display vars. Despite failure still it continue to proceed\nupdating the screen at later stages where vc_data is related to previous\nframe buffer and frame buffer info and display vars are mapped to new\nframe buffer and eventully leading to out-of-bounds write in\nfast_imageblit(). This bheviour is excepted only when fg_console is\nequal to requested console which is a visible console and updates screen\nwith invalid struct references in fbcon_putcs().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38685",
"url": "https://www.suse.com/security/cve/CVE-2025-38685"
},
{
"category": "external",
"summary": "SUSE Bug 1249220 for CVE-2025-38685",
"url": "https://bugzilla.suse.com/1249220"
},
{
"category": "external",
"summary": "SUSE Bug 1249240 for CVE-2025-38685",
"url": "https://bugzilla.suse.com/1249240"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38685"
},
{
"cve": "CVE-2025-38686",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38686"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nuserfaultfd: fix a crash in UFFDIO_MOVE when PMD is a migration entry\n\nWhen UFFDIO_MOVE encounters a migration PMD entry, it proceeds with\nobtaining a folio and accessing it even though the entry is swp_entry_t. \nAdd the missing check and let split_huge_pmd() handle migration entries. \nWhile at it also remove unnecessary folio check.\n\n[surenb@google.com: remove extra folio check, per David]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38686",
"url": "https://www.suse.com/security/cve/CVE-2025-38686"
},
{
"category": "external",
"summary": "SUSE Bug 1249160 for CVE-2025-38686",
"url": "https://bugzilla.suse.com/1249160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38686"
},
{
"cve": "CVE-2025-38687",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38687"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: fix race between polling and detaching\n\nsyzbot reports a use-after-free in comedi in the below link, which is\ndue to comedi gladly removing the allocated async area even though poll\nrequests are still active on the wait_queue_head inside of it. This can\ncause a use-after-free when the poll entries are later triggered or\nremoved, as the memory for the wait_queue_head has been freed. We need\nto check there are no tasks queued on any of the subdevices\u0027 wait queues\nbefore allowing the device to be detached by the `COMEDI_DEVCONFIG`\nioctl.\n\nTasks will read-lock `dev-\u003eattach_lock` before adding themselves to the\nsubdevice wait queue, so fix the problem in the `COMEDI_DEVCONFIG` ioctl\nhandler by write-locking `dev-\u003eattach_lock` before checking that all of\nthe subdevices are safe to be deleted. This includes testing for any\nsleepers on the subdevices\u0027 wait queues. It remains locked until the\ndevice has been detached. This requires the `comedi_device_detach()`\nfunction to be refactored slightly, moving the bulk of it into new\nfunction `comedi_device_detach_locked()`.\n\nNote that the refactor of `comedi_device_detach()` results in\n`comedi_device_cancel_all()` now being called while `dev-\u003eattach_lock`\nis write-locked, which wasn\u0027t the case previously, but that does not\nmatter.\n\nThanks to Jens Axboe for diagnosing the problem and co-developing this\npatch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38687",
"url": "https://www.suse.com/security/cve/CVE-2025-38687"
},
{
"category": "external",
"summary": "SUSE Bug 1249177 for CVE-2025-38687",
"url": "https://bugzilla.suse.com/1249177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38687"
},
{
"cve": "CVE-2025-38691",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38691"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npNFS: Fix uninited ptr deref in block/scsi layout\n\nThe error occurs on the third attempt to encode extents. When function\next_tree_prepare_commit() reallocates a larger buffer to retry encoding\nextents, the \"layoutupdate_pages\" page array is initialized only after the\nretry loop. But ext_tree_free_commitdata() is called on every iteration\nand tries to put pages in the array, thus dereferencing uninitialized\npointers.\n\nAn additional problem is that there is no limit on the maximum possible\nbuffer_size. When there are too many extents, the client may create a\nlayoutcommit that is larger than the maximum possible RPC size accepted\nby the server.\n\nDuring testing, we observed two typical scenarios. First, one memory page\nfor extents is enough when we work with small files, append data to the\nend of the file, or preallocate extents before writing. But when we fill\na new large file without preallocating, the number of extents can be huge,\nand counting the number of written extents in ext_tree_encode_commit()\ndoes not help much. Since this number increases even more between\nunlocking and locking of ext_tree, the reallocated buffer may not be\nlarge enough again and again.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38691",
"url": "https://www.suse.com/security/cve/CVE-2025-38691"
},
{
"category": "external",
"summary": "SUSE Bug 1249215 for CVE-2025-38691",
"url": "https://bugzilla.suse.com/1249215"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38691"
},
{
"cve": "CVE-2025-38692",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38692"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: add cluster chain loop check for dir\n\nAn infinite loop may occur if the following conditions occur due to\nfile system corruption.\n\n(1) Condition for exfat_count_dir_entries() to loop infinitely.\n - The cluster chain includes a loop.\n - There is no UNUSED entry in the cluster chain.\n\n(2) Condition for exfat_create_upcase_table() to loop infinitely.\n - The cluster chain of the root directory includes a loop.\n - There are no UNUSED entry and up-case table entry in the cluster\n chain of the root directory.\n\n(3) Condition for exfat_load_bitmap() to loop infinitely.\n - The cluster chain of the root directory includes a loop.\n - There are no UNUSED entry and bitmap entry in the cluster chain\n of the root directory.\n\n(4) Condition for exfat_find_dir_entry() to loop infinitely.\n - The cluster chain includes a loop.\n - The unused directory entries were exhausted by some operation.\n\n(5) Condition for exfat_check_dir_empty() to loop infinitely.\n - The cluster chain includes a loop.\n - The unused directory entries were exhausted by some operation.\n - All files and sub-directories under the directory are deleted.\n\nThis commit adds checks to break the above infinite loop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38692",
"url": "https://www.suse.com/security/cve/CVE-2025-38692"
},
{
"category": "external",
"summary": "SUSE Bug 1249221 for CVE-2025-38692",
"url": "https://bugzilla.suse.com/1249221"
},
{
"category": "external",
"summary": "SUSE Bug 1249239 for CVE-2025-38692",
"url": "https://bugzilla.suse.com/1249239"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38692"
},
{
"cve": "CVE-2025-38693",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38693"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar\n\nIn w7090p_tuner_write_serpar, msg is controlled by user. When msg[0].buf is null and msg[0].len is zero, former checks on msg[0].buf would be passed. If accessing msg[0].buf[2] without sanity check, null pointer deref would happen. We add\ncheck on msg[0].len to prevent crash.\n\nSimilar commit: commit 0ed554fd769a (\"media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()\")",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38693",
"url": "https://www.suse.com/security/cve/CVE-2025-38693"
},
{
"category": "external",
"summary": "SUSE Bug 1249190 for CVE-2025-38693",
"url": "https://bugzilla.suse.com/1249190"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38693"
},
{
"cve": "CVE-2025-38694",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38694"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb()\n\nIn dib7090p_rw_on_apb, msg is controlled by user. When msg[0].buf is null and\nmsg[0].len is zero, former checks on msg[0].buf would be passed. If accessing\nmsg[0].buf[2] without sanity check, null pointer deref would happen. We add\ncheck on msg[0].len to prevent crash. Similar issue occurs when access\nmsg[1].buf[0] and msg[1].buf[1].\n\nSimilar commit: commit 0ed554fd769a (\"media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()\")",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38694",
"url": "https://www.suse.com/security/cve/CVE-2025-38694"
},
{
"category": "external",
"summary": "SUSE Bug 1249272 for CVE-2025-38694",
"url": "https://bugzilla.suse.com/1249272"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38694"
},
{
"cve": "CVE-2025-38695",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38695"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure\n\nIf a call to lpfc_sli4_read_rev() from lpfc_sli4_hba_setup() fails, the\nresultant cleanup routine lpfc_sli4_vport_delete_fcp_xri_aborted() may\noccur before sli4_hba.hdwqs are allocated. This may result in a null\npointer dereference when attempting to take the abts_io_buf_list_lock for\nthe first hardware queue. Fix by adding a null ptr check on\nphba-\u003esli4_hba.hdwq and early return because this situation means there\nmust have been an error during port initialization.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38695",
"url": "https://www.suse.com/security/cve/CVE-2025-38695"
},
{
"category": "external",
"summary": "SUSE Bug 1249285 for CVE-2025-38695",
"url": "https://bugzilla.suse.com/1249285"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38695"
},
{
"cve": "CVE-2025-38700",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38700"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: libiscsi: Initialize iscsi_conn-\u003edd_data only if memory is allocated\n\nIn case of an ib_fast_reg_mr allocation failure during iSER setup, the\nmachine hits a panic because iscsi_conn-\u003edd_data is initialized\nunconditionally, even when no memory is allocated (dd_size == 0). This\nleads invalid pointer dereference during connection teardown.\n\nFix by setting iscsi_conn-\u003edd_data only if memory is actually allocated.\n\nPanic trace:\n------------\n iser: iser_create_fastreg_desc: Failed to allocate ib_fast_reg_mr err=-12\n iser: iser_alloc_rx_descriptors: failed allocating rx descriptors / data buffers\n BUG: unable to handle page fault for address: fffffffffffffff8\n RIP: 0010:swake_up_locked.part.5+0xa/0x40\n Call Trace:\n complete+0x31/0x40\n iscsi_iser_conn_stop+0x88/0xb0 [ib_iser]\n iscsi_stop_conn+0x66/0xc0 [scsi_transport_iscsi]\n iscsi_if_stop_conn+0x14a/0x150 [scsi_transport_iscsi]\n iscsi_if_rx+0x1135/0x1834 [scsi_transport_iscsi]\n ? netlink_lookup+0x12f/0x1b0\n ? netlink_deliver_tap+0x2c/0x200\n netlink_unicast+0x1ab/0x280\n netlink_sendmsg+0x257/0x4f0\n ? _copy_from_user+0x29/0x60\n sock_sendmsg+0x5f/0x70",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38700",
"url": "https://www.suse.com/security/cve/CVE-2025-38700"
},
{
"category": "external",
"summary": "SUSE Bug 1249182 for CVE-2025-38700",
"url": "https://bugzilla.suse.com/1249182"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38700"
},
{
"cve": "CVE-2025-38701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38701"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: do not BUG when INLINE_DATA_FL lacks system.data xattr\n\nA syzbot fuzzed image triggered a BUG_ON in ext4_update_inline_data()\nwhen an inode had the INLINE_DATA_FL flag set but was missing the\nsystem.data extended attribute.\n\nSince this can happen due to a maiciouly fuzzed file system, we\nshouldn\u0027t BUG, but rather, report it as a corrupted file system.\n\nAdd similar replacements of BUG_ON with EXT4_ERROR_INODE() ii\next4_create_inline_data() and ext4_inline_data_truncate().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38701",
"url": "https://www.suse.com/security/cve/CVE-2025-38701"
},
{
"category": "external",
"summary": "SUSE Bug 1249258 for CVE-2025-38701",
"url": "https://bugzilla.suse.com/1249258"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38701"
},
{
"cve": "CVE-2025-38702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38702"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: fix potential buffer overflow in do_register_framebuffer()\n\nThe current implementation may lead to buffer overflow when:\n1. Unregistration creates NULL gaps in registered_fb[]\n2. All array slots become occupied despite num_registered_fb \u003c FB_MAX\n3. The registration loop exceeds array bounds\n\nAdd boundary check to prevent registered_fb[FB_MAX] access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38702",
"url": "https://www.suse.com/security/cve/CVE-2025-38702"
},
{
"category": "external",
"summary": "SUSE Bug 1249254 for CVE-2025-38702",
"url": "https://bugzilla.suse.com/1249254"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38702"
},
{
"cve": "CVE-2025-38703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38703"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Make dma-fences compliant with the safe access rules\n\nXe can free some of the data pointed to by the dma-fences it exports. Most\nnotably the timeline name can get freed if userspace closes the associated\nsubmit queue. At the same time the fence could have been exported to a\nthird party (for example a sync_fence fd) which will then cause an use-\nafter-free on subsequent access.\n\nTo make this safe we need to make the driver compliant with the newly\ndocumented dma-fence rules. Driver has to ensure a RCU grace period\nbetween signalling a fence and freeing any data pointed to by said fence.\n\nFor the timeline name we simply make the queue be freed via kfree_rcu and\nfor the shared lock associated with multiple queues we add a RCU grace\nperiod before freeing the per GT structure holding the lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38703",
"url": "https://www.suse.com/security/cve/CVE-2025-38703"
},
{
"category": "external",
"summary": "SUSE Bug 1249193 for CVE-2025-38703",
"url": "https://bugzilla.suse.com/1249193"
},
{
"category": "external",
"summary": "SUSE Bug 1249763 for CVE-2025-38703",
"url": "https://bugzilla.suse.com/1249763"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38703"
},
{
"cve": "CVE-2025-38705",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38705"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: fix null pointer access\n\nWriting a string without delimiters (\u0027 \u0027, \u0027\\n\u0027, \u0027\\0\u0027) to the under\ngpu_od/fan_ctrl sysfs or pp_power_profile_mode for the CUSTOM profile\nwill result in a null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38705",
"url": "https://www.suse.com/security/cve/CVE-2025-38705"
},
{
"category": "external",
"summary": "SUSE Bug 1249334 for CVE-2025-38705",
"url": "https://bugzilla.suse.com/1249334"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38705"
},
{
"cve": "CVE-2025-38706",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38706"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime()\n\nsnd_soc_remove_pcm_runtime() might be called with rtd == NULL which will\nleads to null pointer dereference.\nThis was reproduced with topology loading and marking a link as ignore\ndue to missing hardware component on the system.\nOn module removal the soc_tplg_remove_link() would call\nsnd_soc_remove_pcm_runtime() with rtd == NULL since the link was ignored,\nno runtime was created.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38706",
"url": "https://www.suse.com/security/cve/CVE-2025-38706"
},
{
"category": "external",
"summary": "SUSE Bug 1249195 for CVE-2025-38706",
"url": "https://bugzilla.suse.com/1249195"
},
{
"category": "external",
"summary": "SUSE Bug 1250193 for CVE-2025-38706",
"url": "https://bugzilla.suse.com/1250193"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38706"
},
{
"cve": "CVE-2025-38709",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38709"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nloop: Avoid updating block size under exclusive owner\n\nSyzbot came up with a reproducer where a loop device block size is\nchanged underneath a mounted filesystem. This causes a mismatch between\nthe block device block size and the block size stored in the superblock\ncausing confusion in various places such as fs/buffer.c. The particular\nissue triggered by syzbot was a warning in __getblk_slow() due to\nrequested buffer size not matching block device block size.\n\nFix the problem by getting exclusive hold of the loop device to change\nits block size. This fails if somebody (such as filesystem) has already\nan exclusive ownership of the block device and thus prevents modifying\nthe loop device under some exclusive owner which doesn\u0027t expect it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38709",
"url": "https://www.suse.com/security/cve/CVE-2025-38709"
},
{
"category": "external",
"summary": "SUSE Bug 1249199 for CVE-2025-38709",
"url": "https://bugzilla.suse.com/1249199"
},
{
"category": "external",
"summary": "SUSE Bug 1249535 for CVE-2025-38709",
"url": "https://bugzilla.suse.com/1249535"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38709"
},
{
"cve": "CVE-2025-38710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38710"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Validate i_depth for exhash directories\n\nA fuzzer test introduced corruption that ends up with a depth of 0 in\ndir_e_read(), causing an undefined shift by 32 at:\n\n index = hash \u003e\u003e (32 - dip-\u003ei_depth);\n\nAs calculated in an open-coded way in dir_make_exhash(), the minimum\ndepth for an exhash directory is ilog2(sdp-\u003esd_hash_ptrs) and 0 is\ninvalid as sdp-\u003esd_hash_ptrs is fixed as sdp-\u003ebsize / 16 at mount time.\n\nSo we can avoid the undefined behaviour by checking for depth values\nlower than the minimum in gfs2_dinode_in(). Values greater than the\nmaximum are already being checked for there.\n\nAlso switch the calculation in dir_make_exhash() to use ilog2() to\nclarify how the depth is calculated.\n\nTested with the syzkaller repro.c and xfstests \u0027-g quick\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38710",
"url": "https://www.suse.com/security/cve/CVE-2025-38710"
},
{
"category": "external",
"summary": "SUSE Bug 1249201 for CVE-2025-38710",
"url": "https://bugzilla.suse.com/1249201"
},
{
"category": "external",
"summary": "SUSE Bug 1249536 for CVE-2025-38710",
"url": "https://bugzilla.suse.com/1249536"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-38710"
},
{
"cve": "CVE-2025-38717",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38717"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: kcm: Fix race condition in kcm_unattach()\n\nsyzbot found a race condition when kcm_unattach(psock)\nand kcm_release(kcm) are executed at the same time.\n\nkcm_unattach() is missing a check of the flag\nkcm-\u003etx_stopped before calling queue_work().\n\nIf the kcm has a reserved psock, kcm_unattach() might get executed\nbetween cancel_work_sync() and unreserve_psock() in kcm_release(),\nrequeuing kcm-\u003etx_work right before kcm gets freed in kcm_done().\n\nRemove kcm-\u003etx_stopped and replace it by the less\nerror-prone disable_work_sync().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38717",
"url": "https://www.suse.com/security/cve/CVE-2025-38717"
},
{
"category": "external",
"summary": "SUSE Bug 1249167 for CVE-2025-38717",
"url": "https://bugzilla.suse.com/1249167"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38717"
},
{
"cve": "CVE-2025-38721",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38721"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ctnetlink: fix refcount leak on table dump\n\nThere is a reference count leak in ctnetlink_dump_table():\n if (res \u003c 0) {\n nf_conntrack_get(\u0026ct-\u003ect_general); // HERE\n cb-\u003eargs[1] = (unsigned long)ct;\n ...\n\nWhile its very unlikely, its possible that ct == last.\nIf this happens, then the refcount of ct was already incremented.\nThis 2nd increment is never undone.\n\nThis prevents the conntrack object from being released, which in turn\nkeeps prevents cnet-\u003ecount from dropping back to 0.\n\nThis will then block the netns dismantle (or conntrack rmmod) as\nnf_conntrack_cleanup_net_list() will wait forever.\n\nThis can be reproduced by running conntrack_resize.sh selftest in a loop.\nIt takes ~20 minutes for me on a preemptible kernel on average before\nI see a runaway kworker spinning in nf_conntrack_cleanup_net_list.\n\nOne fix would to change this to:\n if (res \u003c 0) {\n\t\tif (ct != last)\n\t nf_conntrack_get(\u0026ct-\u003ect_general);\n\nBut this reference counting isn\u0027t needed in the first place.\nWe can just store a cookie value instead.\n\nA followup patch will do the same for ctnetlink_exp_dump_table,\nit looks to me as if this has the same problem and like\nctnetlink_dump_table, we only need a \u0027skip hint\u0027, not the actual\nobject so we can apply the same cookie strategy there as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38721",
"url": "https://www.suse.com/security/cve/CVE-2025-38721"
},
{
"category": "external",
"summary": "SUSE Bug 1249176 for CVE-2025-38721",
"url": "https://bugzilla.suse.com/1249176"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38721"
},
{
"cve": "CVE-2025-38722",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38722"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhabanalabs: fix UAF in export_dmabuf()\n\nAs soon as we\u0027d inserted a file reference into descriptor table, another\nthread could close it. That\u0027s fine for the case when all we are doing is\nreturning that descriptor to userland (it\u0027s a race, but it\u0027s a userland\nrace and there\u0027s nothing the kernel can do about it). However, if we\nfollow fd_install() with any kind of access to objects that would be\ndestroyed on close (be it the struct file itself or anything destroyed\nby its -\u003erelease()), we have a UAF.\n\ndma_buf_fd() is a combination of reserving a descriptor and fd_install().\nhabanalabs export_dmabuf() calls it and then proceeds to access the\nobjects destroyed on close. In particular, it grabs an extra reference to\nanother struct file that will be dropped as part of -\u003erelease() for ours;\nthat \"will be\" is actually \"might have already been\".\n\nFix that by reserving descriptor before anything else and do fd_install()\nonly when everything had been set up. As a side benefit, we no longer\nhave the failure exit with file already created, but reference to\nunderlying file (as well as -\u003edmabuf_export_cnt, etc.) not grabbed yet;\nunlike dma_buf_fd(), fd_install() can\u0027t fail.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38722",
"url": "https://www.suse.com/security/cve/CVE-2025-38722"
},
{
"category": "external",
"summary": "SUSE Bug 1249163 for CVE-2025-38722",
"url": "https://bugzilla.suse.com/1249163"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38722"
},
{
"cve": "CVE-2025-38724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38724"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()\n\nLei Lu recently reported that nfsd4_setclientid_confirm() did not check\nthe return value from get_client_locked(). a SETCLIENTID_CONFIRM could\nrace with a confirmed client expiring and fail to get a reference. That\ncould later lead to a UAF.\n\nFix this by getting a reference early in the case where there is an\nextant confirmed client. If that fails then treat it as if there were no\nconfirmed client found at all.\n\nIn the case where the unconfirmed client is expiring, just fail and\nreturn the result from get_client_locked().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38724",
"url": "https://www.suse.com/security/cve/CVE-2025-38724"
},
{
"category": "external",
"summary": "SUSE Bug 1249169 for CVE-2025-38724",
"url": "https://bugzilla.suse.com/1249169"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38724"
},
{
"cve": "CVE-2025-38725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38725"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: asix_devices: add phy_mask for ax88772 mdio bus\n\nWithout setting phy_mask for ax88772 mdio bus, current driver may create\nat most 32 mdio phy devices with phy address range from 0x00 ~ 0x1f.\nDLink DUB-E100 H/W Ver B1 is such a device. However, only one main phy\ndevice will bind to net phy driver. This is creating issue during system\nsuspend/resume since phy_polling_mode() in phy_state_machine() will\ndirectly deference member of phydev-\u003edrv for non-main phy devices. Then\nNULL pointer dereference issue will occur. Due to only external phy or\ninternal phy is necessary, add phy_mask for ax88772 mdio bus to workarnoud\nthe issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38725",
"url": "https://www.suse.com/security/cve/CVE-2025-38725"
},
{
"category": "external",
"summary": "SUSE Bug 1249170 for CVE-2025-38725",
"url": "https://bugzilla.suse.com/1249170"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38725"
},
{
"cve": "CVE-2025-38727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38727"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: avoid infinite retry looping in netlink_unicast()\n\nnetlink_attachskb() checks for the socket\u0027s read memory allocation\nconstraints. Firstly, it has:\n\n rmem \u003c READ_ONCE(sk-\u003esk_rcvbuf)\n\nto check if the just increased rmem value fits into the socket\u0027s receive\nbuffer. If not, it proceeds and tries to wait for the memory under:\n\n rmem + skb-\u003etruesize \u003e READ_ONCE(sk-\u003esk_rcvbuf)\n\nThe checks don\u0027t cover the case when skb-\u003etruesize + sk-\u003esk_rmem_alloc is\nequal to sk-\u003esk_rcvbuf. Thus the function neither successfully accepts\nthese conditions, nor manages to reschedule the task - and is called in\nretry loop for indefinite time which is caught as:\n\n rcu: INFO: rcu_sched self-detected stall on CPU\n rcu: 0-....: (25999 ticks this GP) idle=ef2/1/0x4000000000000000 softirq=262269/262269 fqs=6212\n (t=26000 jiffies g=230833 q=259957)\n NMI backtrace for cpu 0\n CPU: 0 PID: 22 Comm: kauditd Not tainted 5.10.240 #68\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-4.fc42 04/01/2014\n Call Trace:\n \u003cIRQ\u003e\n dump_stack lib/dump_stack.c:120\n nmi_cpu_backtrace.cold lib/nmi_backtrace.c:105\n nmi_trigger_cpumask_backtrace lib/nmi_backtrace.c:62\n rcu_dump_cpu_stacks kernel/rcu/tree_stall.h:335\n rcu_sched_clock_irq.cold kernel/rcu/tree.c:2590\n update_process_times kernel/time/timer.c:1953\n tick_sched_handle kernel/time/tick-sched.c:227\n tick_sched_timer kernel/time/tick-sched.c:1399\n __hrtimer_run_queues kernel/time/hrtimer.c:1652\n hrtimer_interrupt kernel/time/hrtimer.c:1717\n __sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1113\n asm_call_irq_on_stack arch/x86/entry/entry_64.S:808\n \u003c/IRQ\u003e\n\n netlink_attachskb net/netlink/af_netlink.c:1234\n netlink_unicast net/netlink/af_netlink.c:1349\n kauditd_send_queue kernel/audit.c:776\n kauditd_thread kernel/audit.c:897\n kthread kernel/kthread.c:328\n ret_from_fork arch/x86/entry/entry_64.S:304\n\nRestore the original behavior of the check which commit in Fixes\naccidentally missed when restructuring the code.\n\nFound by Linux Verification Center (linuxtesting.org).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38727",
"url": "https://www.suse.com/security/cve/CVE-2025-38727"
},
{
"category": "external",
"summary": "SUSE Bug 1249166 for CVE-2025-38727",
"url": "https://bugzilla.suse.com/1249166"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38727"
},
{
"cve": "CVE-2025-38729",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38729"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Validate UAC3 power domain descriptors, too\n\nUAC3 power domain descriptors need to be verified with its variable\nbLength for avoiding the unexpected OOB accesses by malicious\nfirmware, too.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38729",
"url": "https://www.suse.com/security/cve/CVE-2025-38729"
},
{
"category": "external",
"summary": "SUSE Bug 1249164 for CVE-2025-38729",
"url": "https://bugzilla.suse.com/1249164"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38729"
},
{
"cve": "CVE-2025-38730",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38730"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/net: commit partial buffers on retry\n\nRing provided buffers are potentially only valid within the single\nexecution context in which they were acquired. io_uring deals with this\nand invalidates them on retry. But on the networking side, if\nMSG_WAITALL is set, or if the socket is of the streaming type and too\nlittle was processed, then it will hang on to the buffer rather than\nrecycle or commit it. This is problematic for two reasons:\n\n1) If someone unregisters the provided buffer ring before a later retry,\n then the req-\u003ebuf_list will no longer be valid.\n\n2) If multiple sockers are using the same buffer group, then multiple\n receives can consume the same memory. This can cause data corruption\n in the application, as either receive could land in the same\n userspace buffer.\n\nFix this by disallowing partial retries from pinning a provided buffer\nacross multiple executions, if ring provided buffers are used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38730",
"url": "https://www.suse.com/security/cve/CVE-2025-38730"
},
{
"category": "external",
"summary": "SUSE Bug 1249172 for CVE-2025-38730",
"url": "https://bugzilla.suse.com/1249172"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38730"
},
{
"cve": "CVE-2025-38732",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38732"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_reject: don\u0027t leak dst refcount for loopback packets\n\nrecent patches to add a WARN() when replacing skb dst entry found an\nold bug:\n\nWARNING: include/linux/skbuff.h:1165 skb_dst_check_unset include/linux/skbuff.h:1164 [inline]\nWARNING: include/linux/skbuff.h:1165 skb_dst_set include/linux/skbuff.h:1210 [inline]\nWARNING: include/linux/skbuff.h:1165 nf_reject_fill_skb_dst+0x2a4/0x330 net/ipv4/netfilter/nf_reject_ipv4.c:234\n[..]\nCall Trace:\n nf_send_unreach+0x17b/0x6e0 net/ipv4/netfilter/nf_reject_ipv4.c:325\n nft_reject_inet_eval+0x4bc/0x690 net/netfilter/nft_reject_inet.c:27\n expr_call_ops_eval net/netfilter/nf_tables_core.c:237 [inline]\n ..\n\nThis is because blamed commit forgot about loopback packets.\nSuch packets already have a dst_entry attached, even at PRE_ROUTING stage.\n\nInstead of checking hook just check if the skb already has a route\nattached to it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38732",
"url": "https://www.suse.com/security/cve/CVE-2025-38732"
},
{
"category": "external",
"summary": "SUSE Bug 1249262 for CVE-2025-38732",
"url": "https://bugzilla.suse.com/1249262"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38732"
},
{
"cve": "CVE-2025-38733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38733"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/mm: Do not map lowcore with identity mapping\n\nSince the identity mapping is pinned to address zero the lowcore is always\nalso mapped to address zero, this happens regardless of the relocate_lowcore\ncommand line option. If the option is specified the lowcore is mapped\ntwice, instead of only once.\n\nThis means that NULL pointer accesses will succeed instead of causing an\nexception (low address protection still applies, but covers only parts).\nTo fix this never map the first two pages of physical memory with the\nidentity mapping.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38733",
"url": "https://www.suse.com/security/cve/CVE-2025-38733"
},
{
"category": "external",
"summary": "SUSE Bug 1249313 for CVE-2025-38733",
"url": "https://bugzilla.suse.com/1249313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38733"
},
{
"cve": "CVE-2025-38734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38734"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix UAF on smcsk after smc_listen_out()\n\nBPF CI testing report a UAF issue:\n\n [ 16.446633] BUG: kernel NULL pointer dereference, address: 000000000000003 0\n [ 16.447134] #PF: supervisor read access in kernel mod e\n [ 16.447516] #PF: error_code(0x0000) - not-present pag e\n [ 16.447878] PGD 0 P4D 0\n [ 16.448063] Oops: Oops: 0000 [#1] PREEMPT SMP NOPT I\n [ 16.448409] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:1 Tainted: G OE 6.13.0-rc3-g89e8a75fda73-dirty #4 2\n [ 16.449124] Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODUL E\n [ 16.449502] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/201 4\n [ 16.450201] Workqueue: smc_hs_wq smc_listen_wor k\n [ 16.450531] RIP: 0010:smc_listen_work+0xc02/0x159 0\n [ 16.452158] RSP: 0018:ffffb5ab40053d98 EFLAGS: 0001024 6\n [ 16.452526] RAX: 0000000000000001 RBX: 0000000000000002 RCX: 000000000000030 0\n [ 16.452994] RDX: 0000000000000280 RSI: 00003513840053f0 RDI: 000000000000000 0\n [ 16.453492] RBP: ffffa097808e3800 R08: ffffa09782dba1e0 R09: 000000000000000 5\n [ 16.453987] R10: 0000000000000000 R11: 0000000000000000 R12: ffffa0978274640 0\n [ 16.454497] R13: 0000000000000000 R14: 0000000000000000 R15: ffffa09782d4092 0\n [ 16.454996] FS: 0000000000000000(0000) GS:ffffa097bbc00000(0000) knlGS:000000000000000 0\n [ 16.455557] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003 3\n [ 16.455961] CR2: 0000000000000030 CR3: 0000000102788004 CR4: 0000000000770ef 0\n [ 16.456459] PKRU: 5555555 4\n [ 16.456654] Call Trace :\n [ 16.456832] \u003cTASK \u003e\n [ 16.456989] ? __die+0x23/0x7 0\n [ 16.457215] ? page_fault_oops+0x180/0x4c 0\n [ 16.457508] ? __lock_acquire+0x3e6/0x249 0\n [ 16.457801] ? exc_page_fault+0x68/0x20 0\n [ 16.458080] ? asm_exc_page_fault+0x26/0x3 0\n [ 16.458389] ? smc_listen_work+0xc02/0x159 0\n [ 16.458689] ? smc_listen_work+0xc02/0x159 0\n [ 16.458987] ? lock_is_held_type+0x8f/0x10 0\n [ 16.459284] process_one_work+0x1ea/0x6d 0\n [ 16.459570] worker_thread+0x1c3/0x38 0\n [ 16.459839] ? __pfx_worker_thread+0x10/0x1 0\n [ 16.460144] kthread+0xe0/0x11 0\n [ 16.460372] ? __pfx_kthread+0x10/0x1 0\n [ 16.460640] ret_from_fork+0x31/0x5 0\n [ 16.460896] ? __pfx_kthread+0x10/0x1 0\n [ 16.461166] ret_from_fork_asm+0x1a/0x3 0\n [ 16.461453] \u003c/TASK \u003e\n [ 16.461616] Modules linked in: bpf_testmod(OE) [last unloaded: bpf_testmod(OE) ]\n [ 16.462134] CR2: 000000000000003 0\n [ 16.462380] ---[ end trace 0000000000000000 ]---\n [ 16.462710] RIP: 0010:smc_listen_work+0xc02/0x1590\n\nThe direct cause of this issue is that after smc_listen_out_connected(),\nnewclcsock-\u003esk may be NULL since it will releases the smcsk. Therefore,\nif the application closes the socket immediately after accept,\nnewclcsock-\u003esk can be NULL. A possible execution order could be as\nfollows:\n\nsmc_listen_work | userspace\n-----------------------------------------------------------------\nlock_sock(sk) |\nsmc_listen_out_connected() |\n| \\- smc_listen_out |\n| | \\- release_sock |\n | |- sk-\u003esk_data_ready() |\n | fd = accept();\n | close(fd);\n | \\- socket-\u003esk = NULL;\n/* newclcsock-\u003esk is NULL now */\nSMC_STAT_SERV_SUCC_INC(sock_net(newclcsock-\u003esk))\n\nSince smc_listen_out_connected() will not fail, simply swapping the order\nof the code can easily fix this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38734",
"url": "https://www.suse.com/security/cve/CVE-2025-38734"
},
{
"category": "external",
"summary": "SUSE Bug 1249324 for CVE-2025-38734",
"url": "https://bugzilla.suse.com/1249324"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38734"
},
{
"cve": "CVE-2025-38735",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38735"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngve: prevent ethtool ops after shutdown\n\nA crash can occur if an ethtool operation is invoked\nafter shutdown() is called.\n\nshutdown() is invoked during system shutdown to stop DMA operations\nwithout performing expensive deallocations. It is discouraged to\nunregister the netdev in this path, so the device may still be visible\nto userspace and kernel helpers.\n\nIn gve, shutdown() tears down most internal data structures. If an\nethtool operation is dispatched after shutdown(), it will dereference\nfreed or NULL pointers, leading to a kernel panic. While graceful\nshutdown normally quiesces userspace before invoking the reboot\nsyscall, forced shutdowns (as observed on GCP VMs) can still trigger\nthis path.\n\nFix by calling netif_device_detach() in shutdown().\nThis marks the device as detached so the ethtool ioctl handler\nwill skip dispatching operations to the driver.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38735",
"url": "https://www.suse.com/security/cve/CVE-2025-38735"
},
{
"category": "external",
"summary": "SUSE Bug 1249288 for CVE-2025-38735",
"url": "https://bugzilla.suse.com/1249288"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38735"
},
{
"cve": "CVE-2025-38736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38736"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: asix_devices: Fix PHY address mask in MDIO bus initialization\n\nSyzbot reported shift-out-of-bounds exception on MDIO bus initialization.\n\nThe PHY address should be masked to 5 bits (0-31). Without this\nmask, invalid PHY addresses could be used, potentially causing issues\nwith MDIO bus operations.\n\nFix this by masking the PHY address with 0x1f (31 decimal) to ensure\nit stays within the valid range.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38736",
"url": "https://www.suse.com/security/cve/CVE-2025-38736"
},
{
"category": "external",
"summary": "SUSE Bug 1249318 for CVE-2025-38736",
"url": "https://bugzilla.suse.com/1249318"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-38736"
},
{
"cve": "CVE-2025-39673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39673"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nppp: fix race conditions in ppp_fill_forward_path\n\nppp_fill_forward_path() has two race conditions:\n\n1. The ppp-\u003echannels list can change between list_empty() and\n list_first_entry(), as ppp_lock() is not held. If the only channel\n is deleted in ppp_disconnect_channel(), list_first_entry() may\n access an empty head or a freed entry, and trigger a panic.\n\n2. pch-\u003echan can be NULL. When ppp_unregister_channel() is called,\n pch-\u003echan is set to NULL before pch is removed from ppp-\u003echannels.\n\nFix these by using a lockless RCU approach:\n- Use list_first_or_null_rcu() to safely test and access the first list\n entry.\n- Convert list modifications on ppp-\u003echannels to their RCU variants and\n add synchronize_net() after removal.\n- Check for a NULL pch-\u003echan before dereferencing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39673",
"url": "https://www.suse.com/security/cve/CVE-2025-39673"
},
{
"category": "external",
"summary": "SUSE Bug 1249320 for CVE-2025-39673",
"url": "https://bugzilla.suse.com/1249320"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39673"
},
{
"cve": "CVE-2025-39675",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39675"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session()\n\nThe function mod_hdcp_hdcp1_create_session() calls the function\nget_first_active_display(), but does not check its return value.\nThe return value is a null pointer if the display list is empty.\nThis will lead to a null pointer dereference.\n\nAdd a null pointer check for get_first_active_display() and return\nMOD_HDCP_STATUS_DISPLAY_NOT_FOUND if the function return null.\n\nThis is similar to the commit c3e9826a2202\n(\"drm/amd/display: Add null pointer check for get_first_active_display()\").\n\n(cherry picked from commit 5e43eb3cd731649c4f8b9134f857be62a416c893)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39675",
"url": "https://www.suse.com/security/cve/CVE-2025-39675"
},
{
"category": "external",
"summary": "SUSE Bug 1249263 for CVE-2025-39675",
"url": "https://bugzilla.suse.com/1249263"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39675"
},
{
"cve": "CVE-2025-39677",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39677"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Fix backlog accounting in qdisc_dequeue_internal\n\nThis issue applies for the following qdiscs: hhf, fq, fq_codel, and\nfq_pie, and occurs in their change handlers when adjusting to the new\nlimit. The problem is the following in the values passed to the\nsubsequent qdisc_tree_reduce_backlog call given a tbf parent:\n\n When the tbf parent runs out of tokens, skbs of these qdiscs will\n be placed in gso_skb. Their peek handlers are qdisc_peek_dequeued,\n which accounts for both qlen and backlog. However, in the case of\n qdisc_dequeue_internal, ONLY qlen is accounted for when pulling\n from gso_skb. This means that these qdiscs are missing a\n qdisc_qstats_backlog_dec when dropping packets to satisfy the\n new limit in their change handlers.\n\n One can observe this issue with the following (with tc patched to\n support a limit of 0):\n\n export TARGET=fq\n tc qdisc del dev lo root\n tc qdisc add dev lo root handle 1: tbf rate 8bit burst 100b latency 1ms\n tc qdisc replace dev lo handle 3: parent 1:1 $TARGET limit 1000\n echo \u0027\u0027; echo \u0027add child\u0027; tc -s -d qdisc show dev lo\n ping -I lo -f -c2 -s32 -W0.001 127.0.0.1 2\u003e\u00261 \u003e/dev/null\n echo \u0027\u0027; echo \u0027after ping\u0027; tc -s -d qdisc show dev lo\n tc qdisc change dev lo handle 3: parent 1:1 $TARGET limit 0\n echo \u0027\u0027; echo \u0027after limit drop\u0027; tc -s -d qdisc show dev lo\n tc qdisc replace dev lo handle 2: parent 1:1 sfq\n echo \u0027\u0027; echo \u0027post graft\u0027; tc -s -d qdisc show dev lo\n\n The second to last show command shows 0 packets but a positive\n number (74) of backlog bytes. The problem becomes clearer in the\n last show command, where qdisc_purge_queue triggers\n qdisc_tree_reduce_backlog with the positive backlog and causes an\n underflow in the tbf parent\u0027s backlog (4096 Mb instead of 0).\n\nTo fix this issue, the codepath for all clients of qdisc_dequeue_internal\nhas been simplified: codel, pie, hhf, fq, fq_pie, and fq_codel.\nqdisc_dequeue_internal handles the backlog adjustments for all cases that\ndo not directly use the dequeue handler.\n\nThe old fq_codel_change limit adjustment loop accumulated the arguments to\nthe subsequent qdisc_tree_reduce_backlog call through the cstats field.\nHowever, this is confusing and error prone as fq_codel_dequeue could also\npotentially mutate this field (which qdisc_dequeue_internal calls in the\nnon gso_skb case), so we have unified the code here with other qdiscs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39677",
"url": "https://www.suse.com/security/cve/CVE-2025-39677"
},
{
"category": "external",
"summary": "SUSE Bug 1249300 for CVE-2025-39677",
"url": "https://bugzilla.suse.com/1249300"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39677"
},
{
"cve": "CVE-2025-39678",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39678"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86/amd/hsmp: Ensure sock-\u003emetric_tbl_addr is non-NULL\n\nIf metric table address is not allocated, accessing metrics_bin will\nresult in a NULL pointer dereference, so add a check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39678",
"url": "https://www.suse.com/security/cve/CVE-2025-39678"
},
{
"category": "external",
"summary": "SUSE Bug 1249290 for CVE-2025-39678",
"url": "https://bugzilla.suse.com/1249290"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39678"
},
{
"cve": "CVE-2025-39679",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39679"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor().\n\nWhen the nvif_vmm_type is invalid, we will return error directly\nwithout freeing the args in nvif_vmm_ctor(), which leading a memory\nleak. Fix it by setting the ret -EINVAL and goto done.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39679",
"url": "https://www.suse.com/security/cve/CVE-2025-39679"
},
{
"category": "external",
"summary": "SUSE Bug 1249338 for CVE-2025-39679",
"url": "https://bugzilla.suse.com/1249338"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39679"
},
{
"cve": "CVE-2025-39681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39681"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper\n\nSince\n\n 923f3a2b48bd (\"x86/resctrl: Query LLC monitoring properties once during boot\")\n\nresctrl_cpu_detect() has been moved from common CPU initialization code to\nthe vendor-specific BSP init helper, while Hygon didn\u0027t put that call in their\ncode.\n\nThis triggers a division by zero fault during early booting stage on our\nmachines with X86_FEATURE_CQM* supported, where get_rdt_mon_resources() tries\nto calculate mon_l3_config with uninitialized boot_cpu_data.x86_cache_occ_scale.\n\nAdd the missing resctrl_cpu_detect() in the Hygon BSP init helper.\n\n [ bp: Massage commit message. ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39681",
"url": "https://www.suse.com/security/cve/CVE-2025-39681"
},
{
"category": "external",
"summary": "SUSE Bug 1249303 for CVE-2025-39681",
"url": "https://bugzilla.suse.com/1249303"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39681"
},
{
"cve": "CVE-2025-39682",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39682"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: fix handling of zero-length records on the rx_list\n\nEach recvmsg() call must process either\n - only contiguous DATA records (any number of them)\n - one non-DATA record\n\nIf the next record has different type than what has already been\nprocessed we break out of the main processing loop. If the record\nhas already been decrypted (which may be the case for TLS 1.3 where\nwe don\u0027t know type until decryption) we queue the pending record\nto the rx_list. Next recvmsg() will pick it up from there.\n\nQueuing the skb to rx_list after zero-copy decrypt is not possible,\nsince in that case we decrypted directly to the user space buffer,\nand we don\u0027t have an skb to queue (darg.skb points to the ciphertext\nskb for access to metadata like length).\n\nOnly data records are allowed zero-copy, and we break the processing\nloop after each non-data record. So we should never zero-copy and\nthen find out that the record type has changed. The corner case\nwe missed is when the initial record comes from rx_list, and it\u0027s\nzero length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39682",
"url": "https://www.suse.com/security/cve/CVE-2025-39682"
},
{
"category": "external",
"summary": "SUSE Bug 1249284 for CVE-2025-39682",
"url": "https://bugzilla.suse.com/1249284"
},
{
"category": "external",
"summary": "SUSE Bug 1250192 for CVE-2025-39682",
"url": "https://bugzilla.suse.com/1250192"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-39682"
},
{
"cve": "CVE-2025-39683",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39683"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Limit access to parser-\u003ebuffer when trace_get_user failed\n\nWhen the length of the string written to set_ftrace_filter exceeds\nFTRACE_BUFF_MAX, the following KASAN alarm will be triggered:\n\nBUG: KASAN: slab-out-of-bounds in strsep+0x18c/0x1b0\nRead of size 1 at addr ffff0000d00bd5ba by task ash/165\n\nCPU: 1 UID: 0 PID: 165 Comm: ash Not tainted 6.16.0-g6bcdbd62bd56-dirty\nHardware name: linux,dummy-virt (DT)\nCall trace:\n show_stack+0x34/0x50 (C)\n dump_stack_lvl+0xa0/0x158\n print_address_description.constprop.0+0x88/0x398\n print_report+0xb0/0x280\n kasan_report+0xa4/0xf0\n __asan_report_load1_noabort+0x20/0x30\n strsep+0x18c/0x1b0\n ftrace_process_regex.isra.0+0x100/0x2d8\n ftrace_regex_release+0x484/0x618\n __fput+0x364/0xa58\n ____fput+0x28/0x40\n task_work_run+0x154/0x278\n do_notify_resume+0x1f0/0x220\n el0_svc+0xec/0xf0\n el0t_64_sync_handler+0xa0/0xe8\n el0t_64_sync+0x1ac/0x1b0\n\nThe reason is that trace_get_user will fail when processing a string\nlonger than FTRACE_BUFF_MAX, but not set the end of parser-\u003ebuffer to 0.\nThen an OOB access will be triggered in ftrace_regex_release-\u003e\nftrace_process_regex-\u003estrsep-\u003estrpbrk. We can solve this problem by\nlimiting access to parser-\u003ebuffer when trace_get_user failed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39683",
"url": "https://www.suse.com/security/cve/CVE-2025-39683"
},
{
"category": "external",
"summary": "SUSE Bug 1249286 for CVE-2025-39683",
"url": "https://bugzilla.suse.com/1249286"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39683"
},
{
"cve": "CVE-2025-39684",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39684"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl()\n\nsyzbot reports a KMSAN kernel-infoleak in `do_insn_ioctl()`. A kernel\nbuffer is allocated to hold `insn-\u003en` samples (each of which is an\n`unsigned int`). For some instruction types, `insn-\u003en` samples are\ncopied back to user-space, unless an error code is being returned. The\nproblem is that not all the instruction handlers that need to return\ndata to userspace fill in the whole `insn-\u003en` samples, so that there is\nan information leak. There is a similar syzbot report for\n`do_insnlist_ioctl()`, although it does not have a reproducer for it at\nthe time of writing.\n\nOne culprit is `insn_rw_emulate_bits()` which is used as the handler for\n`INSN_READ` or `INSN_WRITE` instructions for subdevices that do not have\na specific handler for that instruction, but do have an `INSN_BITS`\nhandler. For `INSN_READ` it only fills in at most 1 sample, so if\n`insn-\u003en` is greater than 1, the remaining `insn-\u003en - 1` samples copied\nto userspace will be uninitialized kernel data.\n\nAnother culprit is `vm80xx_ai_insn_read()` in the \"vm80xx\" driver. It\nnever returns an error, even if it fails to fill the buffer.\n\nFix it in `do_insn_ioctl()` and `do_insnlist_ioctl()` by making sure\nthat uninitialized parts of the allocated buffer are zeroed before\nhandling each instruction.\n\nThanks to Arnaud Lecomte for their fix to `do_insn_ioctl()`. That fix\nreplaced the call to `kmalloc_array()` with `kcalloc()`, but it is not\nalways necessary to clear the whole buffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39684",
"url": "https://www.suse.com/security/cve/CVE-2025-39684"
},
{
"category": "external",
"summary": "SUSE Bug 1249281 for CVE-2025-39684",
"url": "https://bugzilla.suse.com/1249281"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39684"
},
{
"cve": "CVE-2025-39685",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39685"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: pcl726: Prevent invalid irq number\n\nThe reproducer passed in an irq number(0x80008000) that was too large,\nwhich triggered the oob.\n\nAdded an interrupt number check to prevent users from passing in an irq\nnumber that was too large.\n\nIf `it-\u003eoptions[1]` is 31, then `1 \u003c\u003c it-\u003eoptions[1]` is still invalid\nbecause it shifts a 1-bit into the sign bit (which is UB in C).\nPossible solutions include reducing the upper bound on the\n`it-\u003eoptions[1]` value to 30 or lower, or using `1U \u003c\u003c it-\u003eoptions[1]`.\n\nThe old code would just not attempt to request the IRQ if the\n`options[1]` value were invalid. And it would still configure the\ndevice without interrupts even if the call to `request_irq` returned an\nerror. So it would be better to combine this test with the test below.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39685",
"url": "https://www.suse.com/security/cve/CVE-2025-39685"
},
{
"category": "external",
"summary": "SUSE Bug 1249282 for CVE-2025-39685",
"url": "https://bugzilla.suse.com/1249282"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39685"
},
{
"cve": "CVE-2025-39686",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39686"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: Make insn_rw_emulate_bits() do insn-\u003en samples\n\nThe `insn_rw_emulate_bits()` function is used as a default handler for\n`INSN_READ` instructions for subdevices that have a handler for\n`INSN_BITS` but not for `INSN_READ`. Similarly, it is used as a default\nhandler for `INSN_WRITE` instructions for subdevices that have a handler\nfor `INSN_BITS` but not for `INSN_WRITE`. It works by emulating the\n`INSN_READ` or `INSN_WRITE` instruction handling with a constructed\n`INSN_BITS` instruction. However, `INSN_READ` and `INSN_WRITE`\ninstructions are supposed to be able read or write multiple samples,\nindicated by the `insn-\u003en` value, but `insn_rw_emulate_bits()` currently\nonly handles a single sample. For `INSN_READ`, the comedi core will\ncopy `insn-\u003en` samples back to user-space. (That triggered KASAN\nkernel-infoleak errors when `insn-\u003en` was greater than 1, but that is\nbeing fixed more generally elsewhere in the comedi core.)\n\nMake `insn_rw_emulate_bits()` either handle `insn-\u003en` samples, or return\nan error, to conform to the general expectation for `INSN_READ` and\n`INSN_WRITE` handlers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39686",
"url": "https://www.suse.com/security/cve/CVE-2025-39686"
},
{
"category": "external",
"summary": "SUSE Bug 1249312 for CVE-2025-39686",
"url": "https://bugzilla.suse.com/1249312"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39686"
},
{
"cve": "CVE-2025-39687",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39687"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: light: as73211: Ensure buffer holes are zeroed\n\nGiven that the buffer is copied to a kfifo that ultimately user space\ncan read, ensure we zero it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39687",
"url": "https://www.suse.com/security/cve/CVE-2025-39687"
},
{
"category": "external",
"summary": "SUSE Bug 1249316 for CVE-2025-39687",
"url": "https://bugzilla.suse.com/1249316"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39687"
},
{
"cve": "CVE-2025-39691",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39691"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/buffer: fix use-after-free when call bh_read() helper\n\nThere\u0027s issue as follows:\nBUG: KASAN: stack-out-of-bounds in end_buffer_read_sync+0xe3/0x110\nRead of size 8 at addr ffffc9000168f7f8 by task swapper/3/0\nCPU: 3 UID: 0 PID: 0 Comm: swapper/3 Not tainted 6.16.0-862.14.0.6.x86_64\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996)\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x55/0x70\n print_address_description.constprop.0+0x2c/0x390\n print_report+0xb4/0x270\n kasan_report+0xb8/0xf0\n end_buffer_read_sync+0xe3/0x110\n end_bio_bh_io_sync+0x56/0x80\n blk_update_request+0x30a/0x720\n scsi_end_request+0x51/0x2b0\n scsi_io_completion+0xe3/0x480\n ? scsi_device_unbusy+0x11e/0x160\n blk_complete_reqs+0x7b/0x90\n handle_softirqs+0xef/0x370\n irq_exit_rcu+0xa5/0xd0\n sysvec_apic_timer_interrupt+0x6e/0x90\n \u003c/IRQ\u003e\n\n Above issue happens when do ntfs3 filesystem mount, issue may happens\n as follows:\n mount IRQ\nntfs_fill_super\n read_cache_page\n do_read_cache_folio\n filemap_read_folio\n mpage_read_folio\n\t do_mpage_readpage\n\t ntfs_get_block_vbo\n\t bh_read\n\t submit_bh\n\t wait_on_buffer(bh);\n\t blk_complete_reqs\n\t\t\t\t scsi_io_completion\n\t\t\t\t scsi_end_request\n\t\t\t\t blk_update_request\n\t\t\t\t end_bio_bh_io_sync\n\t\t\t\t\t end_buffer_read_sync\n\t\t\t\t\t __end_buffer_read_notouch\n\t\t\t\t\t unlock_buffer\n\n wait_on_buffer(bh);--\u003e return will return to caller\n\n\t\t\t\t\t put_bh\n\t\t\t\t\t --\u003e trigger stack-out-of-bounds\nIn the mpage_read_folio() function, the stack variable \u0027map_bh\u0027 is\npassed to ntfs_get_block_vbo(). Once unlock_buffer() unlocks and\nwait_on_buffer() returns to continue processing, the stack variable\nis likely to be reclaimed. Consequently, during the end_buffer_read_sync()\nprocess, calling put_bh() may result in stack overrun.\n\nIf the bh is not allocated on the stack, it belongs to a folio. Freeing\na buffer head which belongs to a folio is done by drop_buffers() which\nwill fail to free buffers which are still locked. So it is safe to call\nput_bh() before __end_buffer_read_notouch().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39691",
"url": "https://www.suse.com/security/cve/CVE-2025-39691"
},
{
"category": "external",
"summary": "SUSE Bug 1249374 for CVE-2025-39691",
"url": "https://bugzilla.suse.com/1249374"
},
{
"category": "external",
"summary": "SUSE Bug 1249392 for CVE-2025-39691",
"url": "https://bugzilla.suse.com/1249392"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39691"
},
{
"cve": "CVE-2025-39693",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39693"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid a NULL pointer dereference\n\n[WHY]\nAlthough unlikely drm_atomic_get_new_connector_state() or\ndrm_atomic_get_old_connector_state() can return NULL.\n\n[HOW]\nCheck returns before dereference.\n\n(cherry picked from commit 1e5e8d672fec9f2ab352be121be971877bff2af9)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39693",
"url": "https://www.suse.com/security/cve/CVE-2025-39693"
},
{
"category": "external",
"summary": "SUSE Bug 1249279 for CVE-2025-39693",
"url": "https://bugzilla.suse.com/1249279"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39693"
},
{
"cve": "CVE-2025-39694",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39694"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/sclp: Fix SCCB present check\n\nTracing code called by the SCLP interrupt handler contains early exits\nif the SCCB address associated with an interrupt is NULL. This check is\nperformed after physical to virtual address translation.\n\nIf the kernel identity mapping does not start at address zero, the\nresulting virtual address is never zero, so that the NULL checks won\u0027t\nwork. Subsequently this may result in incorrect accesses to the first\npage of the identity mapping.\n\nFix this by introducing a function that handles the NULL case before\naddress translation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39694",
"url": "https://www.suse.com/security/cve/CVE-2025-39694"
},
{
"category": "external",
"summary": "SUSE Bug 1249299 for CVE-2025-39694",
"url": "https://bugzilla.suse.com/1249299"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39694"
},
{
"cve": "CVE-2025-39695",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39695"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Flush delayed SKBs while releasing RXE resources\n\nWhen skb packets are sent out, these skb packets still depends on\nthe rxe resources, for example, QP, sk, when these packets are\ndestroyed.\n\nIf these rxe resources are released when the skb packets are destroyed,\nthe call traces will appear.\n\nTo avoid skb packets hang too long time in some network devices,\na timestamp is added when these skb packets are created. If these\nskb packets hang too long time in network devices, these network\ndevices can free these skb packets to release rxe resources.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39695",
"url": "https://www.suse.com/security/cve/CVE-2025-39695"
},
{
"category": "external",
"summary": "SUSE Bug 1249306 for CVE-2025-39695",
"url": "https://bugzilla.suse.com/1249306"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39695"
},
{
"cve": "CVE-2025-39697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Fix a race when updating an existing write\n\nAfter nfs_lock_and_join_requests() tests for whether the request is\nstill attached to the mapping, nothing prevents a call to\nnfs_inode_remove_request() from succeeding until we actually lock the\npage group.\nThe reason is that whoever called nfs_inode_remove_request() doesn\u0027t\nnecessarily have a lock on the page group head.\n\nSo in order to avoid races, let\u0027s take the page group lock earlier in\nnfs_lock_and_join_requests(), and hold it across the removal of the\nrequest in nfs_inode_remove_request().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39697",
"url": "https://www.suse.com/security/cve/CVE-2025-39697"
},
{
"category": "external",
"summary": "SUSE Bug 1249319 for CVE-2025-39697",
"url": "https://bugzilla.suse.com/1249319"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39697"
},
{
"cve": "CVE-2025-39698",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39698"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/futex: ensure io_futex_wait() cleans up properly on failure\n\nThe io_futex_data is allocated upfront and assigned to the io_kiocb\nasync_data field, but the request isn\u0027t marked with REQ_F_ASYNC_DATA\nat that point. Those two should always go together, as the flag tells\nio_uring whether the field is valid or not.\n\nAdditionally, on failure cleanup, the futex handler frees the data but\ndoes not clear -\u003easync_data. Clear the data and the flag in the error\npath as well.\n\nThanks to Trend Micro Zero Day Initiative and particularly ReDress for\nreporting this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39698",
"url": "https://www.suse.com/security/cve/CVE-2025-39698"
},
{
"category": "external",
"summary": "SUSE Bug 1249322 for CVE-2025-39698",
"url": "https://bugzilla.suse.com/1249322"
},
{
"category": "external",
"summary": "SUSE Bug 1250190 for CVE-2025-39698",
"url": "https://bugzilla.suse.com/1250190"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-39698"
},
{
"cve": "CVE-2025-39700",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39700"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/ops-common: ignore migration request to invalid nodes\n\ndamon_migrate_pages() tries migration even if the target node is invalid. \nIf users mistakenly make such invalid requests via\nDAMOS_MIGRATE_{HOT,COLD} action, the below kernel BUG can happen.\n\n [ 7831.883495] BUG: unable to handle page fault for address: 0000000000001f48\n [ 7831.884160] #PF: supervisor read access in kernel mode\n [ 7831.884681] #PF: error_code(0x0000) - not-present page\n [ 7831.885203] PGD 0 P4D 0\n [ 7831.885468] Oops: Oops: 0000 [#1] SMP PTI\n [ 7831.885852] CPU: 31 UID: 0 PID: 94202 Comm: kdamond.0 Not tainted 6.16.0-rc5-mm-new-damon+ #93 PREEMPT(voluntary)\n [ 7831.886913] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-4.el9 04/01/2014\n [ 7831.887777] RIP: 0010:__alloc_frozen_pages_noprof (include/linux/mmzone.h:1724 include/linux/mmzone.h:1750 mm/page_alloc.c:4936 mm/page_alloc.c:5137)\n [...]\n [ 7831.895953] Call Trace:\n [ 7831.896195] \u003cTASK\u003e\n [ 7831.896397] __folio_alloc_noprof (mm/page_alloc.c:5183 mm/page_alloc.c:5192)\n [ 7831.896787] migrate_pages_batch (mm/migrate.c:1189 mm/migrate.c:1851)\n [ 7831.897228] ? __pfx_alloc_migration_target (mm/migrate.c:2137)\n [ 7831.897735] migrate_pages (mm/migrate.c:2078)\n [ 7831.898141] ? __pfx_alloc_migration_target (mm/migrate.c:2137)\n [ 7831.898664] damon_migrate_folio_list (mm/damon/ops-common.c:321 mm/damon/ops-common.c:354)\n [ 7831.899140] damon_migrate_pages (mm/damon/ops-common.c:405)\n [...]\n\nAdd a target node validity check in damon_migrate_pages(). The validity\ncheck is stolen from that of do_pages_move(), which is being used for the\nmove_pages() system call.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39700",
"url": "https://www.suse.com/security/cve/CVE-2025-39700"
},
{
"category": "external",
"summary": "SUSE Bug 1249309 for CVE-2025-39700",
"url": "https://bugzilla.suse.com/1249309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39700"
},
{
"cve": "CVE-2025-39701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39701"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: pfr_update: Fix the driver update version check\n\nThe security-version-number check should be used rather\nthan the runtime version check for driver updates.\n\nOtherwise, the firmware update would fail when the update binary had\na lower runtime version number than the current one.\n\n[ rjw: Changelog edits ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39701",
"url": "https://www.suse.com/security/cve/CVE-2025-39701"
},
{
"category": "external",
"summary": "SUSE Bug 1249308 for CVE-2025-39701",
"url": "https://bugzilla.suse.com/1249308"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39701"
},
{
"cve": "CVE-2025-39703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39703"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet, hsr: reject HSR frame if skb can\u0027t hold tag\n\nReceiving HSR frame with insufficient space to hold HSR tag in the skb\ncan result in a crash (kernel BUG):\n\n[ 45.390915] skbuff: skb_under_panic: text:ffffffff86f32cac len:26 put:14 head:ffff888042418000 data:ffff888042417ff4 tail:0xe end:0x180 dev:bridge_slave_1\n[ 45.392559] ------------[ cut here ]------------\n[ 45.392912] kernel BUG at net/core/skbuff.c:211!\n[ 45.393276] Oops: invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN NOPTI\n[ 45.393809] CPU: 1 UID: 0 PID: 2496 Comm: reproducer Not tainted 6.15.0 #12 PREEMPT(undef)\n[ 45.394433] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\n[ 45.395273] RIP: 0010:skb_panic+0x15b/0x1d0\n\n\u003csnip registers, remove unreliable trace\u003e\n\n[ 45.402911] Call Trace:\n[ 45.403105] \u003cIRQ\u003e\n[ 45.404470] skb_push+0xcd/0xf0\n[ 45.404726] br_dev_queue_push_xmit+0x7c/0x6c0\n[ 45.406513] br_forward_finish+0x128/0x260\n[ 45.408483] __br_forward+0x42d/0x590\n[ 45.409464] maybe_deliver+0x2eb/0x420\n[ 45.409763] br_flood+0x174/0x4a0\n[ 45.410030] br_handle_frame_finish+0xc7c/0x1bc0\n[ 45.411618] br_handle_frame+0xac3/0x1230\n[ 45.413674] __netif_receive_skb_core.constprop.0+0x808/0x3df0\n[ 45.422966] __netif_receive_skb_one_core+0xb4/0x1f0\n[ 45.424478] __netif_receive_skb+0x22/0x170\n[ 45.424806] process_backlog+0x242/0x6d0\n[ 45.425116] __napi_poll+0xbb/0x630\n[ 45.425394] net_rx_action+0x4d1/0xcc0\n[ 45.427613] handle_softirqs+0x1a4/0x580\n[ 45.427926] do_softirq+0x74/0x90\n[ 45.428196] \u003c/IRQ\u003e\n\nThis issue was found by syzkaller.\n\nThe panic happens in br_dev_queue_push_xmit() once it receives a\ncorrupted skb with ETH header already pushed in linear data. When it\nattempts the skb_push() call, there\u0027s not enough headroom and\nskb_push() panics.\n\nThe corrupted skb is put on the queue by HSR layer, which makes a\nsequence of unintended transformations when it receives a specific\ncorrupted HSR frame (with incomplete TAG).\n\nFix it by dropping and consuming frames that are not long enough to\ncontain both ethernet and hsr headers.\n\nAlternative fix would be to check for enough headroom before skb_push()\nin br_dev_queue_push_xmit().\n\nIn the reproducer, this is injected via AF_PACKET, but I don\u0027t easily\nsee why it couldn\u0027t be sent over the wire from adjacent network.\n\nFurther Details:\n\nIn the reproducer, the following network interface chain is set up:\n\n \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\n| veth0_to_hsr \u251c\u2500\u2500\u2500\u2524 hsr_slave0 \u253c\u2500\u2500\u2500\u2510\n \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 |\n | \u2500\u2500\u2500\u2500\u2500\u2500\u2510\n \u251c\u2500\u2524 hsr0 \u251c\u2500\u2500\u2500\u2510\n | \u2500\u2500\u2500\u2500\u2500\u2500\u2518 |\n \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | | \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\n| veth1_to_hsr \u253c\u2500\u2500\u2500\u2524 hsr_slave1 \u251c\u2500\u2500\u2500\u2518 \u2524 |\n \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u253c bridge |\n || |\n | \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n |\n \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 |\n | ... \u251c\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n\nTo trigger the events leading up to crash, reproducer sends a corrupted\nHSR fr\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39703",
"url": "https://www.suse.com/security/cve/CVE-2025-39703"
},
{
"category": "external",
"summary": "SUSE Bug 1249315 for CVE-2025-39703",
"url": "https://bugzilla.suse.com/1249315"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39703"
},
{
"cve": "CVE-2025-39705",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39705"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix a Null pointer dereference vulnerability\n\n[Why]\nA null pointer dereference vulnerability exists in the AMD display driver\u0027s\n(DC module) cleanup function dc_destruct().\nWhen display control context (dc-\u003ectx) construction fails\n(due to memory allocation failure), this pointer remains NULL.\nDuring subsequent error handling when dc_destruct() is called,\nthere\u0027s no NULL check before dereferencing the perf_trace member\n(dc-\u003ectx-\u003eperf_trace), causing a kernel null pointer dereference crash.\n\n[How]\nCheck if dc-\u003ectx is non-NULL before dereferencing.\n\n(Updated commit text and removed unnecessary error message)\n(cherry picked from commit 9dd8e2ba268c636c240a918e0a31e6feaee19404)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39705",
"url": "https://www.suse.com/security/cve/CVE-2025-39705"
},
{
"category": "external",
"summary": "SUSE Bug 1249295 for CVE-2025-39705",
"url": "https://bugzilla.suse.com/1249295"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39705"
},
{
"cve": "CVE-2025-39706",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39706"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Destroy KFD debugfs after destroy KFD wq\n\nSince KFD proc content was moved to kernel debugfs, we can\u0027t destroy KFD\ndebugfs before kfd_process_destroy_wq. Move kfd_process_destroy_wq prior\nto kfd_debugfs_fini to fix a kernel NULL pointer problem. It happens\nwhen /sys/kernel/debug/kfd was already destroyed in kfd_debugfs_fini but\nkfd_process_destroy_wq calls kfd_debugfs_remove_process. This line\n debugfs_remove_recursive(entry-\u003eproc_dentry);\ntries to remove /sys/kernel/debug/kfd/proc/\u003cpid\u003e while\n/sys/kernel/debug/kfd is already gone. It hangs the kernel by kernel\nNULL pointer.\n\n(cherry picked from commit 0333052d90683d88531558dcfdbf2525cc37c233)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39706",
"url": "https://www.suse.com/security/cve/CVE-2025-39706"
},
{
"category": "external",
"summary": "SUSE Bug 1249413 for CVE-2025-39706",
"url": "https://bugzilla.suse.com/1249413"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39706"
},
{
"cve": "CVE-2025-39707",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39707"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities\n\nHUBBUB structure is not initialized on DCE hardware, so check if it is NULL\nto avoid null dereference while accessing amdgpu_dm_capabilities file in\ndebugfs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39707",
"url": "https://www.suse.com/security/cve/CVE-2025-39707"
},
{
"category": "external",
"summary": "SUSE Bug 1249333 for CVE-2025-39707",
"url": "https://bugzilla.suse.com/1249333"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39707"
},
{
"cve": "CVE-2025-39709",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39709"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: protect against spurious interrupts during probe\n\nMake sure the interrupt handler is initialized before the interrupt is\nregistered.\n\nIf the IRQ is registered before hfi_create(), it\u0027s possible that an\ninterrupt fires before the handler setup is complete, leading to a NULL\ndereference.\n\nThis error condition has been observed during system boot on Rb3Gen2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39709",
"url": "https://www.suse.com/security/cve/CVE-2025-39709"
},
{
"category": "external",
"summary": "SUSE Bug 1249278 for CVE-2025-39709",
"url": "https://bugzilla.suse.com/1249278"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39709"
},
{
"cve": "CVE-2025-39710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39710"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: Add a check for packet size after reading from shared memory\n\nAdd a check to ensure that the packet size does not exceed the number of\navailable words after reading the packet header from shared memory. This\nensures that the size provided by the firmware is safe to process and\nprevent potential out-of-bounds memory access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39710",
"url": "https://www.suse.com/security/cve/CVE-2025-39710"
},
{
"category": "external",
"summary": "SUSE Bug 1249304 for CVE-2025-39710",
"url": "https://bugzilla.suse.com/1249304"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39710"
},
{
"cve": "CVE-2025-39711",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39711"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls\n\nBoth the ACE and CSI driver are missing a mei_cldev_disable() call in\ntheir remove() function.\n\nThis causes the mei_cl client to stay part of the mei_device-\u003efile_list\nlist even though its memory is freed by mei_cl_bus_dev_release() calling\nkfree(cldev-\u003ecl).\n\nThis leads to a use-after-free when mei_vsc_remove() runs mei_stop()\nwhich first removes all mei bus devices calling mei_ace_remove() and\nmei_csi_remove() followed by mei_cl_bus_dev_release() and then calls\nmei_cl_all_disconnect() which walks over mei_device-\u003efile_list dereferecing\nthe just freed cldev-\u003ecl.\n\nAnd mei_vsc_remove() it self is run at shutdown because of the\nplatform_device_unregister(tp-\u003epdev) in vsc_tp_shutdown()\n\nWhen building a kernel with KASAN this leads to the following KASAN report:\n\n[ 106.634504] ==================================================================\n[ 106.634623] BUG: KASAN: slab-use-after-free in mei_cl_set_disconnected (drivers/misc/mei/client.c:783) mei\n[ 106.634683] Read of size 4 at addr ffff88819cb62018 by task systemd-shutdow/1\n[ 106.634729]\n[ 106.634767] Tainted: [E]=UNSIGNED_MODULE\n[ 106.634770] Hardware name: Dell Inc. XPS 16 9640/09CK4V, BIOS 1.12.0 02/10/2025\n[ 106.634773] Call Trace:\n[ 106.634777] \u003cTASK\u003e\n...\n[ 106.634871] kasan_report (mm/kasan/report.c:221 mm/kasan/report.c:636)\n[ 106.634901] mei_cl_set_disconnected (drivers/misc/mei/client.c:783) mei\n[ 106.634921] mei_cl_all_disconnect (drivers/misc/mei/client.c:2165 (discriminator 4)) mei\n[ 106.634941] mei_reset (drivers/misc/mei/init.c:163) mei\n...\n[ 106.635042] mei_stop (drivers/misc/mei/init.c:348) mei\n[ 106.635062] mei_vsc_remove (drivers/misc/mei/mei_dev.h:784 drivers/misc/mei/platform-vsc.c:393) mei_vsc\n[ 106.635066] platform_remove (drivers/base/platform.c:1424)\n\nAdd the missing mei_cldev_disable() calls so that the mei_cl gets removed\nfrom mei_device-\u003efile_list before it is freed to fix this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39711",
"url": "https://www.suse.com/security/cve/CVE-2025-39711"
},
{
"category": "external",
"summary": "SUSE Bug 1249274 for CVE-2025-39711",
"url": "https://bugzilla.suse.com/1249274"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39711"
},
{
"cve": "CVE-2025-39712",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39712"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mt9m114: Fix deadlock in get_frame_interval/set_frame_interval\n\nGetting / Setting the frame interval using the V4L2 subdev pad ops\nget_frame_interval/set_frame_interval causes a deadlock, as the\nsubdev state is locked in the [1] but also in the driver itself.\n\nIn [2] it\u0027s described that the caller is responsible to acquire and\nrelease the lock in this case. Therefore, acquiring the lock in the\ndriver is wrong.\n\nRemove the lock acquisitions/releases from mt9m114_ifp_get_frame_interval()\nand mt9m114_ifp_set_frame_interval().\n\n[1] drivers/media/v4l2-core/v4l2-subdev.c - line 1129\n[2] Documentation/driver-api/media/v4l2-subdev.rst",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39712",
"url": "https://www.suse.com/security/cve/CVE-2025-39712"
},
{
"category": "external",
"summary": "SUSE Bug 1249269 for CVE-2025-39712",
"url": "https://bugzilla.suse.com/1249269"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39712"
},
{
"cve": "CVE-2025-39713",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39713"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: rainshadow-cec: fix TOCTOU race condition in rain_interrupt()\n\nIn the interrupt handler rain_interrupt(), the buffer full check on\nrain-\u003ebuf_len is performed before acquiring rain-\u003ebuf_lock. This\ncreates a Time-of-Check to Time-of-Use (TOCTOU) race condition, as\nrain-\u003ebuf_len is concurrently accessed and modified in the work\nhandler rain_irq_work_handler() under the same lock.\n\nMultiple interrupt invocations can race, with each reading buf_len\nbefore it becomes full and then proceeding. This can lead to both\ninterrupts attempting to write to the buffer, incrementing buf_len\nbeyond its capacity (DATA_SIZE) and causing a buffer overflow.\n\nFix this bug by moving the spin_lock() to before the buffer full\ncheck. This ensures that the check and the subsequent buffer modification\nare performed atomically, preventing the race condition. An corresponding\nspin_unlock() is added to the overflow path to correctly release the\nlock.\n\nThis possible bug was found by an experimental static analysis tool\ndeveloped by our team.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39713",
"url": "https://www.suse.com/security/cve/CVE-2025-39713"
},
{
"category": "external",
"summary": "SUSE Bug 1249321 for CVE-2025-39713",
"url": "https://bugzilla.suse.com/1249321"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39713"
},
{
"cve": "CVE-2025-39714",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39714"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: usbtv: Lock resolution while streaming\n\nWhen an program is streaming (ffplay) and another program (qv4l2)\nchanges the TV standard from NTSC to PAL, the kernel crashes due to trying\nto copy to unmapped memory.\n\nChanging from NTSC to PAL increases the resolution in the usbtv struct,\nbut the video plane buffer isn\u0027t adjusted, so it overflows.\n\n[hverkuil: call vb2_is_busy instead of vb2_is_streaming]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39714",
"url": "https://www.suse.com/security/cve/CVE-2025-39714"
},
{
"category": "external",
"summary": "SUSE Bug 1249273 for CVE-2025-39714",
"url": "https://bugzilla.suse.com/1249273"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39714"
},
{
"cve": "CVE-2025-39718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/virtio: Validate length in packet header before skb_put()\n\nWhen receiving a vsock packet in the guest, only the virtqueue buffer\nsize is validated prior to virtio_vsock_skb_rx_put(). Unfortunately,\nvirtio_vsock_skb_rx_put() uses the length from the packet header as the\nlength argument to skb_put(), potentially resulting in SKB overflow if\nthe host has gone wonky.\n\nValidate the length as advertised by the packet header before calling\nvirtio_vsock_skb_rx_put().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39718",
"url": "https://www.suse.com/security/cve/CVE-2025-39718"
},
{
"category": "external",
"summary": "SUSE Bug 1249305 for CVE-2025-39718",
"url": "https://bugzilla.suse.com/1249305"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39718"
},
{
"cve": "CVE-2025-39719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39719"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: imu: bno055: fix OOB access of hw_xlate array\n\nFix a potential out-of-bounds array access of the hw_xlate array in\nbno055.c.\n\nIn bno055_get_regmask(), hw_xlate was iterated over the length of the\nvals array instead of the length of the hw_xlate array. In the case of\nbno055_gyr_scale, the vals array is larger than the hw_xlate array,\nso this could result in an out-of-bounds access. In practice, this\nshouldn\u0027t happen though because a match should always be found which\nbreaks out of the for loop before it iterates beyond the end of the\nhw_xlate array.\n\nBy adding a new hw_xlate_len field to the bno055_sysfs_attr, we can be\nsure we are iterating over the correct length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39719",
"url": "https://www.suse.com/security/cve/CVE-2025-39719"
},
{
"category": "external",
"summary": "SUSE Bug 1249271 for CVE-2025-39719",
"url": "https://bugzilla.suse.com/1249271"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39719"
},
{
"cve": "CVE-2025-39721",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39721"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat - flush misc workqueue during device shutdown\n\nRepeated loading and unloading of a device specific QAT driver, for\nexample qat_4xxx, in a tight loop can lead to a crash due to a\nuse-after-free scenario. This occurs when a power management (PM)\ninterrupt triggers just before the device-specific driver (e.g.,\nqat_4xxx.ko) is unloaded, while the core driver (intel_qat.ko) remains\nloaded.\n\nSince the driver uses a shared workqueue (`qat_misc_wq`) across all\ndevices and owned by intel_qat.ko, a deferred routine from the\ndevice-specific driver may still be pending in the queue. If this\nroutine executes after the driver is unloaded, it can dereference freed\nmemory, resulting in a page fault and kernel crash like the following:\n\n BUG: unable to handle page fault for address: ffa000002e50a01c\n #PF: supervisor read access in kernel mode\n RIP: 0010:pm_bh_handler+0x1d2/0x250 [intel_qat]\n Call Trace:\n pm_bh_handler+0x1d2/0x250 [intel_qat]\n process_one_work+0x171/0x340\n worker_thread+0x277/0x3a0\n kthread+0xf0/0x120\n ret_from_fork+0x2d/0x50\n\nTo prevent this, flush the misc workqueue during device shutdown to\nensure that all pending work items are completed before the driver is\nunloaded.\n\nNote: This approach may slightly increase shutdown latency if the\nworkqueue contains jobs from other devices, but it ensures correctness\nand stability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39721",
"url": "https://www.suse.com/security/cve/CVE-2025-39721"
},
{
"category": "external",
"summary": "SUSE Bug 1249323 for CVE-2025-39721",
"url": "https://bugzilla.suse.com/1249323"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39721"
},
{
"cve": "CVE-2025-39722",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39722"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: caam - Prevent crash on suspend with iMX8QM / iMX8ULP\n\nSince the CAAM on these SoCs is managed by another ARM core, called the\nSECO (Security Controller) on iMX8QM and Secure Enclave on iMX8ULP, which\nalso reserves access to register page 0 suspend operations cannot touch\nthis page.\n\nThis is similar to when running OPTEE, where OPTEE will reserve page 0.\n\nTrack this situation using a new state variable no_page0, reflecting if\npage 0 is reserved elsewhere, either by other management cores in SoC or\nby OPTEE.\n\nReplace the optee_en check in suspend/resume with the new check.\n\noptee_en cannot go away as it\u0027s needed elsewhere to gate OPTEE specific\nsituations.\n\nFixes the following splat at suspend:\n\n Internal error: synchronous external abort: 0000000096000010 [#1] SMP\n Hardware name: Freescale i.MX8QXP ACU6C (DT)\n pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : readl+0x0/0x18\n lr : rd_reg32+0x18/0x3c\n sp : ffffffc08192ba20\n x29: ffffffc08192ba20 x28: ffffff8025190000 x27: 0000000000000000\n x26: ffffffc0808ae808 x25: ffffffc080922338 x24: ffffff8020e89090\n x23: 0000000000000000 x22: ffffffc080922000 x21: ffffff8020e89010\n x20: ffffffc080387ef8 x19: ffffff8020e89010 x18: 000000005d8000d5\n x17: 0000000030f35963 x16: 000000008f785f3f x15: 000000003b8ef57c\n x14: 00000000c418aef8 x13: 00000000f5fea526 x12: 0000000000000001\n x11: 0000000000000002 x10: 0000000000000001 x9 : 0000000000000000\n x8 : ffffff8025190870 x7 : ffffff8021726880 x6 : 0000000000000002\n x5 : ffffff80217268f0 x4 : ffffff8021726880 x3 : ffffffc081200000\n x2 : 0000000000000001 x1 : ffffff8020e89010 x0 : ffffffc081200004\n Call trace:\n readl+0x0/0x18\n caam_ctrl_suspend+0x30/0xdc\n dpm_run_callback.constprop.0+0x24/0x5c\n device_suspend+0x170/0x2e8\n dpm_suspend+0xa0/0x104\n dpm_suspend_start+0x48/0x50\n suspend_devices_and_enter+0x7c/0x45c\n pm_suspend+0x148/0x160\n state_store+0xb4/0xf8\n kobj_attr_store+0x14/0x24\n sysfs_kf_write+0x38/0x48\n kernfs_fop_write_iter+0xb4/0x178\n vfs_write+0x118/0x178\n ksys_write+0x6c/0xd0\n __arm64_sys_write+0x14/0x1c\n invoke_syscall.constprop.0+0x64/0xb0\n do_el0_svc+0x90/0xb0\n el0_svc+0x18/0x44\n el0t_64_sync_handler+0x88/0x124\n el0t_64_sync+0x150/0x154\n Code: 88dffc21 88dffc21 5ac00800 d65f03c0 (b9400000)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39722",
"url": "https://www.suse.com/security/cve/CVE-2025-39722"
},
{
"category": "external",
"summary": "SUSE Bug 1249301 for CVE-2025-39722",
"url": "https://bugzilla.suse.com/1249301"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39722"
},
{
"cve": "CVE-2025-39723",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39723"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Fix unbuffered write error handling\n\nIf all the subrequests in an unbuffered write stream fail, the subrequest\ncollector doesn\u0027t update the stream-\u003etransferred value and it retains its\ninitial LONG_MAX value. Unfortunately, if all active streams fail, then we\ntake the smallest value of { LONG_MAX, LONG_MAX, ... } as the value to set\nin wreq-\u003etransferred - which is then returned from -\u003ewrite_iter().\n\nLONG_MAX was chosen as the initial value so that all the streams can be\nquickly assessed by taking the smallest value of all stream-\u003etransferred -\nbut this only works if we\u0027ve set any of them.\n\nFix this by adding a flag to indicate whether the value in\nstream-\u003etransferred is valid and checking that when we integrate the\nvalues. stream-\u003etransferred can then be initialised to zero.\n\nThis was found by running the generic/750 xfstest against cifs with\ncache=none. It splices data to the target file. Once (if) it has used up\nall the available scratch space, the writes start failing with ENOSPC.\nThis causes -\u003ewrite_iter() to fail. However, it was returning\nwreq-\u003etransferred, i.e. LONG_MAX, rather than an error (because it thought\nthe amount transferred was non-zero) and iter_file_splice_write() would\nthen try to clean up that amount of pipe bufferage - leading to an oops\nwhen it overran. The kernel log showed:\n\n CIFS: VFS: Send error in write = -28\n\nfollowed by:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000008\n\nwith:\n\n RIP: 0010:iter_file_splice_write+0x3a4/0x520\n do_splice+0x197/0x4e0\n\nor:\n\n RIP: 0010:pipe_buf_release (include/linux/pipe_fs_i.h:282)\n iter_file_splice_write (fs/splice.c:755)\n\nAlso put a warning check into splice to announce if -\u003ewrite_iter() returned\nthat it had written more than it was asked to.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39723",
"url": "https://www.suse.com/security/cve/CVE-2025-39723"
},
{
"category": "external",
"summary": "SUSE Bug 1249314 for CVE-2025-39723",
"url": "https://bugzilla.suse.com/1249314"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39723"
},
{
"cve": "CVE-2025-39724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39724"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: 8250: fix panic due to PSLVERR\n\nWhen the PSLVERR_RESP_EN parameter is set to 1, the device generates\nan error response if an attempt is made to read an empty RBR (Receive\nBuffer Register) while the FIFO is enabled.\n\nIn serial8250_do_startup(), calling serial_port_out(port, UART_LCR,\nUART_LCR_WLEN8) triggers dw8250_check_lcr(), which invokes\ndw8250_force_idle() and serial8250_clear_and_reinit_fifos(). The latter\nfunction enables the FIFO via serial_out(p, UART_FCR, p-\u003efcr).\nExecution proceeds to the serial_port_in(port, UART_RX).\nThis satisfies the PSLVERR trigger condition.\n\nWhen another CPU (e.g., using printk()) is accessing the UART (UART\nis busy), the current CPU fails the check (value \u0026 ~UART_LCR_SPAR) ==\n(lcr \u0026 ~UART_LCR_SPAR) in dw8250_check_lcr(), causing it to enter\ndw8250_force_idle().\n\nPut serial_port_out(port, UART_LCR, UART_LCR_WLEN8) under the port-\u003elock\nto fix this issue.\n\nPanic backtrace:\n[ 0.442336] Oops - unknown exception [#1]\n[ 0.442343] epc : dw8250_serial_in32+0x1e/0x4a\n[ 0.442351] ra : serial8250_do_startup+0x2c8/0x88e\n...\n[ 0.442416] console_on_rootfs+0x26/0x70",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39724",
"url": "https://www.suse.com/security/cve/CVE-2025-39724"
},
{
"category": "external",
"summary": "SUSE Bug 1249265 for CVE-2025-39724",
"url": "https://bugzilla.suse.com/1249265"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39724"
},
{
"cve": "CVE-2025-39726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39726"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/ism: fix concurrency management in ism_cmd()\n\nThe s390x ISM device data sheet clearly states that only one\nrequest-response sequence is allowable per ISM function at any point in\ntime. Unfortunately as of today the s390/ism driver in Linux does not\nhonor that requirement. This patch aims to rectify that.\n\nThis problem was discovered based on Aliaksei\u0027s bug report which states\nthat for certain workloads the ISM functions end up entering error state\n(with PEC 2 as seen from the logs) after a while and as a consequence\nconnections handled by the respective function break, and for future\nconnection requests the ISM device is not considered -- given it is in a\ndysfunctional state. During further debugging PEC 3A was observed as\nwell.\n\nA kernel message like\n[ 1211.244319] zpci: 061a:00:00.0: Event 0x2 reports an error for PCI function 0x61a\nis a reliable indicator of the stated function entering error state\nwith PEC 2. Let me also point out that a kernel message like\n[ 1211.244325] zpci: 061a:00:00.0: The ism driver bound to the device does not support error recovery\nis a reliable indicator that the ISM function won\u0027t be auto-recovered\nbecause the ISM driver currently lacks support for it.\n\nOn a technical level, without this synchronization, commands (inputs to\nthe FW) may be partially or fully overwritten (corrupted) by another CPU\ntrying to issue commands on the same function. There is hard evidence that\nthis can lead to DMB token values being used as DMB IOVAs, leading to\nPEC 2 PCI events indicating invalid DMA. But this is only one of the\nfailure modes imaginable. In theory even completely losing one command\nand executing another one twice and then trying to interpret the outputs\nas if the command we intended to execute was actually executed and not\nthe other one is also possible. Frankly, I don\u0027t feel confident about\nproviding an exhaustive list of possible consequences.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39726",
"url": "https://www.suse.com/security/cve/CVE-2025-39726"
},
{
"category": "external",
"summary": "SUSE Bug 1249266 for CVE-2025-39726",
"url": "https://bugzilla.suse.com/1249266"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39726"
},
{
"cve": "CVE-2025-39727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39727"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: swap: fix potential buffer overflow in setup_clusters()\n\nIn setup_swap_map(), we only ensure badpages are in range (0, last_page]. \nAs maxpages might be \u003c last_page, setup_clusters() will encounter a buffer\noverflow when a badpage is \u003e= maxpages.\n\nOnly call inc_cluster_info_page() for badpage which is \u003c maxpages to fix\nthe issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39727",
"url": "https://www.suse.com/security/cve/CVE-2025-39727"
},
{
"category": "external",
"summary": "SUSE Bug 1249297 for CVE-2025-39727",
"url": "https://bugzilla.suse.com/1249297"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39727"
},
{
"cve": "CVE-2025-39730",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39730"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Fix filehandle bounds checking in nfs_fh_to_dentry()\n\nThe function needs to check the minimal filehandle length before it can\naccess the embedded filehandle.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39730",
"url": "https://www.suse.com/security/cve/CVE-2025-39730"
},
{
"category": "external",
"summary": "SUSE Bug 1249296 for CVE-2025-39730",
"url": "https://bugzilla.suse.com/1249296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39730"
},
{
"cve": "CVE-2025-39732",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39732"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask()\n\nath11k_mac_disable_peer_fixed_rate() is passed as the iterator to\nieee80211_iterate_stations_atomic(). Note in this case the iterator is\nrequired to be atomic, however ath11k_mac_disable_peer_fixed_rate() does\nnot follow it as it might sleep. Consequently below warning is seen:\n\nBUG: sleeping function called from invalid context at wmi.c:304\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl\n __might_resched.cold\n ath11k_wmi_cmd_send\n ath11k_wmi_set_peer_param\n ath11k_mac_disable_peer_fixed_rate\n ieee80211_iterate_stations_atomic\n ath11k_mac_op_set_bitrate_mask.cold\n\nChange to ieee80211_iterate_stations_mtx() to fix this issue.\n\nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39732",
"url": "https://www.suse.com/security/cve/CVE-2025-39732"
},
{
"category": "external",
"summary": "SUSE Bug 1249292 for CVE-2025-39732",
"url": "https://bugzilla.suse.com/1249292"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39732"
},
{
"cve": "CVE-2025-39738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39738"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not allow relocation of partially dropped subvolumes\n\n[BUG]\nThere is an internal report that balance triggered transaction abort,\nwith the following call trace:\n\n item 85 key (594509824 169 0) itemoff 12599 itemsize 33\n extent refs 1 gen 197740 flags 2\n ref#0: tree block backref root 7\n item 86 key (594558976 169 0) itemoff 12566 itemsize 33\n extent refs 1 gen 197522 flags 2\n ref#0: tree block backref root 7\n ...\n BTRFS error (device loop0): extent item not found for insert, bytenr 594526208 num_bytes 16384 parent 449921024 root_objectid 934 owner 1 offset 0\n BTRFS error (device loop0): failed to run delayed ref for logical 594526208 num_bytes 16384 type 182 action 1 ref_mod 1: -117\n ------------[ cut here ]------------\n BTRFS: Transaction aborted (error -117)\n WARNING: CPU: 1 PID: 6963 at ../fs/btrfs/extent-tree.c:2168 btrfs_run_delayed_refs+0xfa/0x110 [btrfs]\n\nAnd btrfs check doesn\u0027t report anything wrong related to the extent\ntree.\n\n[CAUSE]\nThe cause is a little complex, firstly the extent tree indeed doesn\u0027t\nhave the backref for 594526208.\n\nThe extent tree only have the following two backrefs around that bytenr\non-disk:\n\n item 65 key (594509824 METADATA_ITEM 0) itemoff 13880 itemsize 33\n refs 1 gen 197740 flags TREE_BLOCK\n tree block skinny level 0\n (176 0x7) tree block backref root CSUM_TREE\n item 66 key (594558976 METADATA_ITEM 0) itemoff 13847 itemsize 33\n refs 1 gen 197522 flags TREE_BLOCK\n tree block skinny level 0\n (176 0x7) tree block backref root CSUM_TREE\n\nBut the such missing backref item is not an corruption on disk, as the\noffending delayed ref belongs to subvolume 934, and that subvolume is\nbeing dropped:\n\n item 0 key (934 ROOT_ITEM 198229) itemoff 15844 itemsize 439\n generation 198229 root_dirid 256 bytenr 10741039104 byte_limit 0 bytes_used 345571328\n last_snapshot 198229 flags 0x1000000000001(RDONLY) refs 0\n drop_progress key (206324 EXTENT_DATA 2711650304) drop_level 2\n level 2 generation_v2 198229\n\nAnd that offending tree block 594526208 is inside the dropped range of\nthat subvolume. That explains why there is no backref item for that\nbytenr and why btrfs check is not reporting anything wrong.\n\nBut this also shows another problem, as btrfs will do all the orphan\nsubvolume cleanup at a read-write mount.\n\nSo half-dropped subvolume should not exist after an RW mount, and\nbalance itself is also exclusive to subvolume cleanup, meaning we\nshouldn\u0027t hit a subvolume half-dropped during relocation.\n\nThe root cause is, there is no orphan item for this subvolume.\nIn fact there are 5 subvolumes from around 2021 that have the same\nproblem.\n\nIt looks like the original report has some older kernels running, and\ncaused those zombie subvolumes.\n\nThankfully upstream commit 8d488a8c7ba2 (\"btrfs: fix subvolume/snapshot\ndeletion not triggered on mount\") has long fixed the bug.\n\n[ENHANCEMENT]\nFor repairing such old fs, btrfs-progs will be enhanced.\n\nConsidering how delayed the problem will show up (at run delayed ref\ntime) and at that time we have to abort transaction already, it is too\nlate.\n\nInstead here we reject any half-dropped subvolume for reloc tree at the\nearliest time, preventing confusion and extra time wasted on debugging\nsimilar bugs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39738",
"url": "https://www.suse.com/security/cve/CVE-2025-39738"
},
{
"category": "external",
"summary": "SUSE Bug 1249540 for CVE-2025-39738",
"url": "https://bugzilla.suse.com/1249540"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39738"
},
{
"cve": "CVE-2025-39739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39739"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/arm-smmu-qcom: Add SM6115 MDSS compatible\n\nAdd the SM6115 MDSS compatible to clients compatible list, as it also\nneeds that workaround.\nWithout this workaround, for example, QRB4210 RB2 which is based on\nSM4250/SM6115 generates a lot of smmu unhandled context faults during\nboot:\n\narm_smmu_context_fault: 116854 callbacks suppressed\narm-smmu c600000.iommu: Unhandled context fault: fsr=0x402,\niova=0x5c0ec600, fsynr=0x320021, cbfrsynra=0x420, cb=5\narm-smmu c600000.iommu: FSR = 00000402 [Format=2 TF], SID=0x420\narm-smmu c600000.iommu: FSYNR0 = 00320021 [S1CBNDX=50 PNU PLVL=1]\narm-smmu c600000.iommu: Unhandled context fault: fsr=0x402,\niova=0x5c0d7800, fsynr=0x320021, cbfrsynra=0x420, cb=5\narm-smmu c600000.iommu: FSR = 00000402 [Format=2 TF], SID=0x420\n\nand also failed initialisation of lontium lt9611uxc, gpu and dpu is\nobserved:\n(binding MDSS components triggered by lt9611uxc have failed)\n\n ------------[ cut here ]------------\n !aspace\n WARNING: CPU: 6 PID: 324 at drivers/gpu/drm/msm/msm_gem_vma.c:130 msm_gem_vma_init+0x150/0x18c [msm]\n Modules linked in: ... (long list of modules)\n CPU: 6 UID: 0 PID: 324 Comm: (udev-worker) Not tainted 6.15.0-03037-gaacc73ceeb8b #4 PREEMPT\n Hardware name: Qualcomm Technologies, Inc. QRB4210 RB2 (DT)\n pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : msm_gem_vma_init+0x150/0x18c [msm]\n lr : msm_gem_vma_init+0x150/0x18c [msm]\n sp : ffff80008144b280\n \t\t...\n Call trace:\n msm_gem_vma_init+0x150/0x18c [msm] (P)\n get_vma_locked+0xc0/0x194 [msm]\n msm_gem_get_and_pin_iova_range+0x4c/0xdc [msm]\n msm_gem_kernel_new+0x48/0x160 [msm]\n msm_gpu_init+0x34c/0x53c [msm]\n adreno_gpu_init+0x1b0/0x2d8 [msm]\n a6xx_gpu_init+0x1e8/0x9e0 [msm]\n adreno_bind+0x2b8/0x348 [msm]\n component_bind_all+0x100/0x230\n msm_drm_bind+0x13c/0x3d0 [msm]\n try_to_bring_up_aggregate_device+0x164/0x1d0\n __component_add+0xa4/0x174\n component_add+0x14/0x20\n dsi_dev_attach+0x20/0x34 [msm]\n dsi_host_attach+0x58/0x98 [msm]\n devm_mipi_dsi_attach+0x34/0x90\n lt9611uxc_attach_dsi.isra.0+0x94/0x124 [lontium_lt9611uxc]\n lt9611uxc_probe+0x540/0x5fc [lontium_lt9611uxc]\n i2c_device_probe+0x148/0x2a8\n really_probe+0xbc/0x2c0\n __driver_probe_device+0x78/0x120\n driver_probe_device+0x3c/0x154\n __driver_attach+0x90/0x1a0\n bus_for_each_dev+0x68/0xb8\n driver_attach+0x24/0x30\n bus_add_driver+0xe4/0x208\n driver_register+0x68/0x124\n i2c_register_driver+0x48/0xcc\n lt9611uxc_driver_init+0x20/0x1000 [lontium_lt9611uxc]\n do_one_initcall+0x60/0x1d4\n do_init_module+0x54/0x1fc\n load_module+0x1748/0x1c8c\n init_module_from_file+0x74/0xa0\n __arm64_sys_finit_module+0x130/0x2f8\n invoke_syscall+0x48/0x104\n el0_svc_common.constprop.0+0xc0/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x2c/0x80\n el0t_64_sync_handler+0x10c/0x138\n el0t_64_sync+0x198/0x19c\n ---[ end trace 0000000000000000 ]---\n msm_dpu 5e01000.display-controller: [drm:msm_gpu_init [msm]] *ERROR* could not allocate memptrs: -22\n msm_dpu 5e01000.display-controller: failed to load adreno gpu\n platform a400000.remoteproc:glink-edge:apr:service@7:dais: Adding to iommu group 19\n msm_dpu 5e01000.display-controller: failed to bind 5900000.gpu (ops a3xx_ops [msm]): -22\n msm_dpu 5e01000.display-controller: adev bind failed: -22\n lt9611uxc 0-002b: failed to attach dsi to host\n lt9611uxc 0-002b: probe with driver lt9611uxc failed with error -22",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39739",
"url": "https://www.suse.com/security/cve/CVE-2025-39739"
},
{
"category": "external",
"summary": "SUSE Bug 1249542 for CVE-2025-39739",
"url": "https://bugzilla.suse.com/1249542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39739"
},
{
"cve": "CVE-2025-39742",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39742"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask()\n\nThe function divides number of online CPUs by num_core_siblings, and\nlater checks the divider by zero. This implies a possibility to get\nand divide-by-zero runtime error. Fix it by moving the check prior to\ndivision. This also helps to save one indentation level.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39742",
"url": "https://www.suse.com/security/cve/CVE-2025-39742"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-39742",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1249479 for CVE-2025-39742",
"url": "https://bugzilla.suse.com/1249479"
},
{
"category": "external",
"summary": "SUSE Bug 1249480 for CVE-2025-39742",
"url": "https://bugzilla.suse.com/1249480"
},
{
"category": "external",
"summary": "SUSE Bug 1253291 for CVE-2025-39742",
"url": "https://bugzilla.suse.com/1253291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-39742"
},
{
"cve": "CVE-2025-39744",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39744"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrcu: Fix rcu_read_unlock() deadloop due to IRQ work\n\nDuring rcu_read_unlock_special(), if this happens during irq_exit(), we\ncan lockup if an IPI is issued. This is because the IPI itself triggers\nthe irq_exit() path causing a recursive lock up.\n\nThis is precisely what Xiongfeng found when invoking a BPF program on\nthe trace_tick_stop() tracepoint As shown in the trace below. Fix by\nmanaging the irq_work state correctly.\n\nirq_exit()\n __irq_exit_rcu()\n /* in_hardirq() returns false after this */\n preempt_count_sub(HARDIRQ_OFFSET)\n tick_irq_exit()\n tick_nohz_irq_exit()\n\t tick_nohz_stop_sched_tick()\n\t trace_tick_stop() /* a bpf prog is hooked on this trace point */\n\t\t __bpf_trace_tick_stop()\n\t\t bpf_trace_run2()\n\t\t\t rcu_read_unlock_special()\n /* will send a IPI to itself */\n\t\t\t irq_work_queue_on(\u0026rdp-\u003edefer_qs_iw, rdp-\u003ecpu);\n\nA simple reproducer can also be obtained by doing the following in\ntick_irq_exit(). It will hang on boot without the patch:\n\n static inline void tick_irq_exit(void)\n {\n +\trcu_read_lock();\n +\tWRITE_ONCE(current-\u003ercu_read_unlock_special.b.need_qs, true);\n +\trcu_read_unlock();\n +\n\n[neeraj: Apply Frederic\u0027s suggested fix for PREEMPT_RT]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39744",
"url": "https://www.suse.com/security/cve/CVE-2025-39744"
},
{
"category": "external",
"summary": "SUSE Bug 1249494 for CVE-2025-39744",
"url": "https://bugzilla.suse.com/1249494"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39744"
},
{
"cve": "CVE-2025-39746",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39746"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath10k: shutdown driver when hardware is unreliable\n\nIn rare cases, ath10k may lose connection with the PCIe bus due to\nsome unknown reasons, which could further lead to system crashes during\nresuming due to watchdog timeout:\n\nath10k_pci 0000:01:00.0: wmi command 20486 timeout, restarting hardware\nath10k_pci 0000:01:00.0: already restarting\nath10k_pci 0000:01:00.0: failed to stop WMI vdev 0: -11\nath10k_pci 0000:01:00.0: failed to stop vdev 0: -11\nieee80211 phy0: PM: **** DPM device timeout ****\nCall Trace:\n panic+0x125/0x315\n dpm_watchdog_set+0x54/0x54\n dpm_watchdog_handler+0x57/0x57\n call_timer_fn+0x31/0x13c\n\nAt this point, all WMI commands will timeout and attempt to restart\ndevice. So set a threshold for consecutive restart failures. If the\nthreshold is exceeded, consider the hardware is unreliable and all\nath10k operations should be skipped to avoid system crash.\n\nfail_cont_count and pending_recovery are atomic variables, and\ndo not involve complex conditional logic. Therefore, even if recovery\ncheck and reconfig complete are executed concurrently, the recovery\nmechanism will not be broken.\n\nTested-on: QCA6174 hw3.2 PCI WLAN.RM.4.4.1-00288-QCARMSWPZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39746",
"url": "https://www.suse.com/security/cve/CVE-2025-39746"
},
{
"category": "external",
"summary": "SUSE Bug 1249516 for CVE-2025-39746",
"url": "https://bugzilla.suse.com/1249516"
},
{
"category": "external",
"summary": "SUSE Bug 1249517 for CVE-2025-39746",
"url": "https://bugzilla.suse.com/1249517"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39746"
},
{
"cve": "CVE-2025-39747",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39747"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: Add error handling for krealloc in metadata setup\n\nFunction msm_ioctl_gem_info_set_metadata() now checks for krealloc\nfailure and returns -ENOMEM, avoiding potential NULL pointer dereference.\nExplicitly avoids __GFP_NOFAIL due to deadlock risks and allocation constraints.\n\nPatchwork: https://patchwork.freedesktop.org/patch/661235/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39747",
"url": "https://www.suse.com/security/cve/CVE-2025-39747"
},
{
"category": "external",
"summary": "SUSE Bug 1249566 for CVE-2025-39747",
"url": "https://bugzilla.suse.com/1249566"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39747"
},
{
"cve": "CVE-2025-39748",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39748"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Forget ranges when refining tnum after JSET\n\nSyzbot reported a kernel warning due to a range invariant violation on\nthe following BPF program.\n\n 0: call bpf_get_netns_cookie\n 1: if r0 == 0 goto \u003cexit\u003e\n 2: if r0 \u0026 Oxffffffff goto \u003cexit\u003e\n\nThe issue is on the path where we fall through both jumps.\n\nThat path is unreachable at runtime: after insn 1, we know r0 != 0, but\nwith the sign extension on the jset, we would only fallthrough insn 2\nif r0 == 0. Unfortunately, is_branch_taken() isn\u0027t currently able to\nfigure this out, so the verifier walks all branches. The verifier then\nrefines the register bounds using the second condition and we end\nup with inconsistent bounds on this unreachable path:\n\n 1: if r0 == 0 goto \u003cexit\u003e\n r0: u64=[0x1, 0xffffffffffffffff] var_off=(0, 0xffffffffffffffff)\n 2: if r0 \u0026 0xffffffff goto \u003cexit\u003e\n r0 before reg_bounds_sync: u64=[0x1, 0xffffffffffffffff] var_off=(0, 0)\n r0 after reg_bounds_sync: u64=[0x1, 0] var_off=(0, 0)\n\nImproving the range refinement for JSET to cover all cases is tricky. We\nalso don\u0027t expect many users to rely on JSET given LLVM doesn\u0027t generate\nthose instructions. So instead of improving the range refinement for\nJSETs, Eduard suggested we forget the ranges whenever we\u0027re narrowing\ntnums after a JSET. This patch implements that approach.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39748",
"url": "https://www.suse.com/security/cve/CVE-2025-39748"
},
{
"category": "external",
"summary": "SUSE Bug 1249587 for CVE-2025-39748",
"url": "https://bugzilla.suse.com/1249587"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39748"
},
{
"cve": "CVE-2025-39749",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39749"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrcu: Protect -\u003edefer_qs_iw_pending from data race\n\nOn kernels built with CONFIG_IRQ_WORK=y, when rcu_read_unlock() is\ninvoked within an interrupts-disabled region of code [1], it will invoke\nrcu_read_unlock_special(), which uses an irq-work handler to force the\nsystem to notice when the RCU read-side critical section actually ends.\nThat end won\u0027t happen until interrupts are enabled at the soonest.\n\nIn some kernels, such as those booted with rcutree.use_softirq=y, the\nirq-work handler is used unconditionally.\n\nThe per-CPU rcu_data structure\u0027s -\u003edefer_qs_iw_pending field is\nupdated by the irq-work handler and is both read and updated by\nrcu_read_unlock_special(). This resulted in the following KCSAN splat:\n\n------------------------------------------------------------------------\n\nBUG: KCSAN: data-race in rcu_preempt_deferred_qs_handler / rcu_read_unlock_special\n\nread to 0xffff96b95f42d8d8 of 1 bytes by task 90 on cpu 8:\n rcu_read_unlock_special+0x175/0x260\n __rcu_read_unlock+0x92/0xa0\n rt_spin_unlock+0x9b/0xc0\n __local_bh_enable+0x10d/0x170\n __local_bh_enable_ip+0xfb/0x150\n rcu_do_batch+0x595/0xc40\n rcu_cpu_kthread+0x4e9/0x830\n smpboot_thread_fn+0x24d/0x3b0\n kthread+0x3bd/0x410\n ret_from_fork+0x35/0x40\n ret_from_fork_asm+0x1a/0x30\n\nwrite to 0xffff96b95f42d8d8 of 1 bytes by task 88 on cpu 8:\n rcu_preempt_deferred_qs_handler+0x1e/0x30\n irq_work_single+0xaf/0x160\n run_irq_workd+0x91/0xc0\n smpboot_thread_fn+0x24d/0x3b0\n kthread+0x3bd/0x410\n ret_from_fork+0x35/0x40\n ret_from_fork_asm+0x1a/0x30\n\nno locks held by irq_work/8/88.\nirq event stamp: 200272\nhardirqs last enabled at (200272): [\u003cffffffffb0f56121\u003e] finish_task_switch+0x131/0x320\nhardirqs last disabled at (200271): [\u003cffffffffb25c7859\u003e] __schedule+0x129/0xd70\nsoftirqs last enabled at (0): [\u003cffffffffb0ee093f\u003e] copy_process+0x4df/0x1cc0\nsoftirqs last disabled at (0): [\u003c0000000000000000\u003e] 0x0\n\n------------------------------------------------------------------------\n\nThe problem is that irq-work handlers run with interrupts enabled, which\nmeans that rcu_preempt_deferred_qs_handler() could be interrupted,\nand that interrupt handler might contain an RCU read-side critical\nsection, which might invoke rcu_read_unlock_special(). In the strict\nKCSAN mode of operation used by RCU, this constitutes a data race on\nthe -\u003edefer_qs_iw_pending field.\n\nThis commit therefore disables interrupts across the portion of the\nrcu_preempt_deferred_qs_handler() that updates the -\u003edefer_qs_iw_pending\nfield. This suffices because this handler is not a fast path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39749",
"url": "https://www.suse.com/security/cve/CVE-2025-39749"
},
{
"category": "external",
"summary": "SUSE Bug 1249533 for CVE-2025-39749",
"url": "https://bugzilla.suse.com/1249533"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39749"
},
{
"cve": "CVE-2025-39750",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39750"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Correct tid cleanup when tid setup fails\n\nCurrently, if any error occurs during ath12k_dp_rx_peer_tid_setup(),\nthe tid value is already incremented, even though the corresponding\nTID is not actually allocated. Proceed to\nath12k_dp_rx_peer_tid_delete() starting from unallocated tid,\nwhich might leads to freeing unallocated TID and cause potential\ncrash or out-of-bounds access.\n\nHence, fix by correctly decrementing tid before cleanup to match only\nthe successfully allocated TIDs.\n\nAlso, remove tid-- from failure case of ath12k_dp_rx_peer_frag_setup(),\nas decrementing the tid before cleanup in loop will take care of this.\n\nCompile tested only.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39750",
"url": "https://www.suse.com/security/cve/CVE-2025-39750"
},
{
"category": "external",
"summary": "SUSE Bug 1249523 for CVE-2025-39750",
"url": "https://bugzilla.suse.com/1249523"
},
{
"category": "external",
"summary": "SUSE Bug 1252715 for CVE-2025-39750",
"url": "https://bugzilla.suse.com/1252715"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-39750"
},
{
"cve": "CVE-2025-39751",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39751"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39751",
"url": "https://www.suse.com/security/cve/CVE-2025-39751"
},
{
"category": "external",
"summary": "SUSE Bug 1249538 for CVE-2025-39751",
"url": "https://bugzilla.suse.com/1249538"
},
{
"category": "external",
"summary": "SUSE Bug 1249539 for CVE-2025-39751",
"url": "https://bugzilla.suse.com/1249539"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39751"
},
{
"cve": "CVE-2025-39754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39754"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/smaps: fix race between smaps_hugetlb_range and migration\n\nsmaps_hugetlb_range() handles the pte without holdling ptl, and may be\nconcurrenct with migration, leaing to BUG_ON in pfn_swap_entry_to_page(). \nThe race is as follows.\n\nsmaps_hugetlb_range migrate_pages\n huge_ptep_get\n remove_migration_ptes\n\t\t\t\t folio_unlock\n pfn_swap_entry_folio\n BUG_ON\n\nTo fix it, hold ptl lock in smaps_hugetlb_range().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39754",
"url": "https://www.suse.com/security/cve/CVE-2025-39754"
},
{
"category": "external",
"summary": "SUSE Bug 1249524 for CVE-2025-39754",
"url": "https://bugzilla.suse.com/1249524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39754"
},
{
"cve": "CVE-2025-39757",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39757"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Validate UAC3 cluster segment descriptors\n\nUAC3 class segment descriptors need to be verified whether their sizes\nmatch with the declared lengths and whether they fit with the\nallocated buffer sizes, too. Otherwise malicious firmware may lead to\nthe unexpected OOB accesses.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39757",
"url": "https://www.suse.com/security/cve/CVE-2025-39757"
},
{
"category": "external",
"summary": "SUSE Bug 1249515 for CVE-2025-39757",
"url": "https://bugzilla.suse.com/1249515"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39757"
},
{
"cve": "CVE-2025-39758",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39758"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/siw: Fix the sendmsg byte count in siw_tcp_sendpages\n\nEver since commit c2ff29e99a76 (\"siw: Inline do_tcp_sendpages()\"),\nwe have been doing this:\n\nstatic int siw_tcp_sendpages(struct socket *s, struct page **page, int offset,\n size_t size)\n[...]\n /* Calculate the number of bytes we need to push, for this page\n * specifically */\n size_t bytes = min_t(size_t, PAGE_SIZE - offset, size);\n /* If we can\u0027t splice it, then copy it in, as normal */\n if (!sendpage_ok(page[i]))\n msg.msg_flags \u0026= ~MSG_SPLICE_PAGES;\n /* Set the bvec pointing to the page, with len $bytes */\n bvec_set_page(\u0026bvec, page[i], bytes, offset);\n /* Set the iter to $size, aka the size of the whole sendpages (!!!) */\n iov_iter_bvec(\u0026msg.msg_iter, ITER_SOURCE, \u0026bvec, 1, size);\ntry_page_again:\n lock_sock(sk);\n /* Sendmsg with $size size (!!!) */\n rv = tcp_sendmsg_locked(sk, \u0026msg, size);\n\nThis means we\u0027ve been sending oversized iov_iters and tcp_sendmsg calls\nfor a while. This has a been a benign bug because sendpage_ok() always\nreturned true. With the recent slab allocator changes being slowly\nintroduced into next (that disallow sendpage on large kmalloc\nallocations), we have recently hit out-of-bounds crashes, due to slight\ndifferences in iov_iter behavior between the MSG_SPLICE_PAGES and\n\"regular\" copy paths:\n\n(MSG_SPLICE_PAGES)\nskb_splice_from_iter\n iov_iter_extract_pages\n iov_iter_extract_bvec_pages\n uses i-\u003enr_segs to correctly stop in its tracks before OoB\u0027ing everywhere\n skb_splice_from_iter gets a \"short\" read\n\n(!MSG_SPLICE_PAGES)\nskb_copy_to_page_nocache copy=iov_iter_count\n [...]\n copy_from_iter\n /* this doesn\u0027t help */\n if (unlikely(iter-\u003ecount \u003c len))\n len = iter-\u003ecount;\n iterate_bvec\n ... and we run off the bvecs\n\nFix this by properly setting the iov_iter\u0027s byte count, plus sending the\ncorrect byte count to tcp_sendmsg_locked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39758",
"url": "https://www.suse.com/security/cve/CVE-2025-39758"
},
{
"category": "external",
"summary": "SUSE Bug 1249490 for CVE-2025-39758",
"url": "https://bugzilla.suse.com/1249490"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39758"
},
{
"cve": "CVE-2025-39759",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39759"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: qgroup: fix race between quota disable and quota rescan ioctl\n\nThere\u0027s a race between a task disabling quotas and another running the\nrescan ioctl that can result in a use-after-free of qgroup records from\nthe fs_info-\u003eqgroup_tree rbtree.\n\nThis happens as follows:\n\n1) Task A enters btrfs_ioctl_quota_rescan() -\u003e btrfs_qgroup_rescan();\n\n2) Task B enters btrfs_quota_disable() and calls\n btrfs_qgroup_wait_for_completion(), which does nothing because at that\n point fs_info-\u003eqgroup_rescan_running is false (it wasn\u0027t set yet by\n task A);\n\n3) Task B calls btrfs_free_qgroup_config() which starts freeing qgroups\n from fs_info-\u003eqgroup_tree without taking the lock fs_info-\u003eqgroup_lock;\n\n4) Task A enters qgroup_rescan_zero_tracking() which starts iterating\n the fs_info-\u003eqgroup_tree tree while holding fs_info-\u003eqgroup_lock,\n but task B is freeing qgroup records from that tree without holding\n the lock, resulting in a use-after-free.\n\nFix this by taking fs_info-\u003eqgroup_lock at btrfs_free_qgroup_config().\nAlso at btrfs_qgroup_rescan() don\u0027t start the rescan worker if quotas\nwere already disabled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39759",
"url": "https://www.suse.com/security/cve/CVE-2025-39759"
},
{
"category": "external",
"summary": "SUSE Bug 1249522 for CVE-2025-39759",
"url": "https://bugzilla.suse.com/1249522"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39759"
},
{
"cve": "CVE-2025-39760",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39760"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: core: config: Prevent OOB read in SS endpoint companion parsing\n\nusb_parse_ss_endpoint_companion() checks descriptor type before length,\nenabling a potentially odd read outside of the buffer size.\n\nFix this up by checking the size first before looking at any of the\nfields in the descriptor.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39760",
"url": "https://www.suse.com/security/cve/CVE-2025-39760"
},
{
"category": "external",
"summary": "SUSE Bug 1249598 for CVE-2025-39760",
"url": "https://bugzilla.suse.com/1249598"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39760"
},
{
"cve": "CVE-2025-39761",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39761"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Decrement TID on RX peer frag setup error handling\n\nCurrently, TID is not decremented before peer cleanup, during error\nhandling path of ath12k_dp_rx_peer_frag_setup(). This could lead to\nout-of-bounds access in peer-\u003erx_tid[].\n\nHence, add a decrement operation for TID, before peer cleanup to\nensures proper cleanup and prevents out-of-bounds access issues when\nthe RX peer frag setup fails.\n\nFound during code review. Compile tested only.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39761",
"url": "https://www.suse.com/security/cve/CVE-2025-39761"
},
{
"category": "external",
"summary": "SUSE Bug 1249554 for CVE-2025-39761",
"url": "https://bugzilla.suse.com/1249554"
},
{
"category": "external",
"summary": "SUSE Bug 1249555 for CVE-2025-39761",
"url": "https://bugzilla.suse.com/1249555"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-39761"
},
{
"cve": "CVE-2025-39763",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39763"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered\n\nIf a synchronous error is detected as a result of user-space process\ntriggering a 2-bit uncorrected error, the CPU will take a synchronous\nerror exception such as Synchronous External Abort (SEA) on Arm64. The\nkernel will queue a memory_failure() work which poisons the related\npage, unmaps the page, and then sends a SIGBUS to the process, so that\na system wide panic can be avoided.\n\nHowever, no memory_failure() work will be queued when abnormal\nsynchronous errors occur. These errors can include situations like\ninvalid PA, unexpected severity, no memory failure config support,\ninvalid GUID section, etc. In such a case, the user-space process will\ntrigger SEA again. This loop can potentially exceed the platform\nfirmware threshold or even trigger a kernel hard lockup, leading to a\nsystem reboot.\n\nFix it by performing a force kill if no memory_failure() work is queued\nfor synchronous errors.\n\n[ rjw: Changelog edits ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39763",
"url": "https://www.suse.com/security/cve/CVE-2025-39763"
},
{
"category": "external",
"summary": "SUSE Bug 1249615 for CVE-2025-39763",
"url": "https://bugzilla.suse.com/1249615"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39763"
},
{
"cve": "CVE-2025-39764",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39764"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ctnetlink: remove refcounting in expectation dumpers\n\nSame pattern as previous patch: do not keep the expectation object\nalive via refcount, only store a cookie value and then use that\nas the skip hint for dump resumption.\n\nAFAICS this has the same issue as the one resolved in the conntrack\ndumper, when we do\n if (!refcount_inc_not_zero(\u0026exp-\u003euse))\n\nto increment the refcount, there is a chance that exp == last, which\ncauses a double-increment of the refcount and subsequent memory leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39764",
"url": "https://www.suse.com/security/cve/CVE-2025-39764"
},
{
"category": "external",
"summary": "SUSE Bug 1249513 for CVE-2025-39764",
"url": "https://bugzilla.suse.com/1249513"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39764"
},
{
"cve": "CVE-2025-39765",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39765"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: timer: fix ida_free call while not allocated\n\nIn the snd_utimer_create() function, if the kasprintf() function return\nNULL, snd_utimer_put_id() will be called, finally use ida_free()\nto free the unallocated id 0.\n\nthe syzkaller reported the following information:\n ------------[ cut here ]------------\n ida_free called for id=0 which is not allocated.\n WARNING: CPU: 1 PID: 1286 at lib/idr.c:592 ida_free+0x1fd/0x2f0 lib/idr.c:592\n Modules linked in:\n CPU: 1 UID: 0 PID: 1286 Comm: syz-executor164 Not tainted 6.15.8 #3 PREEMPT(lazy)\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-4.fc42 04/01/2014\n RIP: 0010:ida_free+0x1fd/0x2f0 lib/idr.c:592\n Code: f8 fc 41 83 fc 3e 76 69 e8 70 b2 f8 (...)\n RSP: 0018:ffffc900007f79c8 EFLAGS: 00010282\n RAX: 0000000000000000 RBX: 1ffff920000fef3b RCX: ffffffff872176a5\n RDX: ffff88800369d200 RSI: 0000000000000000 RDI: ffff88800369d200\n RBP: 0000000000000000 R08: ffffffff87ba60a5 R09: 0000000000000000\n R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000\n R13: 0000000000000002 R14: 0000000000000000 R15: 0000000000000000\n FS: 00007f6f1abc1740(0000) GS:ffff8880d76a0000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f6f1ad7a784 CR3: 000000007a6e2000 CR4: 00000000000006f0\n Call Trace:\n \u003cTASK\u003e\n snd_utimer_put_id sound/core/timer.c:2043 [inline] [snd_timer]\n snd_utimer_create+0x59b/0x6a0 sound/core/timer.c:2184 [snd_timer]\n snd_utimer_ioctl_create sound/core/timer.c:2202 [inline] [snd_timer]\n __snd_timer_user_ioctl.isra.0+0x724/0x1340 sound/core/timer.c:2287 [snd_timer]\n snd_timer_user_ioctl+0x75/0xc0 sound/core/timer.c:2298 [snd_timer]\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl fs/ioctl.c:893 [inline]\n __x64_sys_ioctl+0x198/0x200 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0x7b/0x160 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [...]\n\nThe utimer-\u003eid should be set properly before the kasprintf() function,\nensures the snd_utimer_put_id() function will free the allocated id.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39765",
"url": "https://www.suse.com/security/cve/CVE-2025-39765"
},
{
"category": "external",
"summary": "SUSE Bug 1249509 for CVE-2025-39765",
"url": "https://bugzilla.suse.com/1249509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39765"
},
{
"cve": "CVE-2025-39766",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39766"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit\n\nThe following setup can trigger a WARNING in htb_activate due to\nthe condition: !cl-\u003eleaf.q-\u003eq.qlen\n\ntc qdisc del dev lo root\ntc qdisc add dev lo root handle 1: htb default 1\ntc class add dev lo parent 1: classid 1:1 \\\n htb rate 64bit\ntc qdisc add dev lo parent 1:1 handle f: \\\n cake memlimit 1b\nping -I lo -f -c1 -s64 -W0.001 127.0.0.1\n\nThis is because the low memlimit leads to a low buffer_limit, which\ncauses packet dropping. However, cake_enqueue still returns\nNET_XMIT_SUCCESS, causing htb_enqueue to call htb_activate with an\nempty child qdisc. We should return NET_XMIT_CN when packets are\ndropped from the same tin and flow.\n\nI do not believe return value of NET_XMIT_CN is necessary for packet\ndrops in the case of ack filtering, as that is meant to optimize\nperformance, not to signal congestion.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39766",
"url": "https://www.suse.com/security/cve/CVE-2025-39766"
},
{
"category": "external",
"summary": "SUSE Bug 1249510 for CVE-2025-39766",
"url": "https://bugzilla.suse.com/1249510"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39766"
},
{
"cve": "CVE-2025-39770",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39770"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM\n\nWhen performing Generic Segmentation Offload (GSO) on an IPv6 packet that\ncontains extension headers, the kernel incorrectly requests checksum offload\nif the egress device only advertises NETIF_F_IPV6_CSUM feature, which has\na strict contract: it supports checksum offload only for plain TCP or UDP\nover IPv6 and explicitly does not support packets with extension headers.\nThe current GSO logic violates this contract by failing to disable the feature\nfor packets with extension headers, such as those used in GREoIPv6 tunnels.\n\nThis violation results in the device being asked to perform an operation\nit cannot support, leading to a `skb_warn_bad_offload` warning and a collapse\nof network throughput. While device TSO/USO is correctly bypassed in favor\nof software GSO for these packets, the GSO stack must be explicitly told not\nto request checksum offload.\n\nMask NETIF_F_IPV6_CSUM, NETIF_F_TSO6 and NETIF_F_GSO_UDP_L4\nin gso_features_check if the IPv6 header contains extension headers to compute\nchecksum in software.\n\nThe exception is a BIG TCP extension, which, as stated in commit\n68e068cabd2c6c53 (\"net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets\"):\n\"The feature is only enabled on devices that support BIG TCP TSO.\nThe header is only present for PF_PACKET taps like tcpdump,\nand not transmitted by physical devices.\"\n\nkernel log output (truncated):\nWARNING: CPU: 1 PID: 5273 at net/core/dev.c:3535 skb_warn_bad_offload+0x81/0x140\n...\nCall Trace:\n \u003cTASK\u003e\n skb_checksum_help+0x12a/0x1f0\n validate_xmit_skb+0x1a3/0x2d0\n validate_xmit_skb_list+0x4f/0x80\n sch_direct_xmit+0x1a2/0x380\n __dev_xmit_skb+0x242/0x670\n __dev_queue_xmit+0x3fc/0x7f0\n ip6_finish_output2+0x25e/0x5d0\n ip6_finish_output+0x1fc/0x3f0\n ip6_tnl_xmit+0x608/0xc00 [ip6_tunnel]\n ip6gre_tunnel_xmit+0x1c0/0x390 [ip6_gre]\n dev_hard_start_xmit+0x63/0x1c0\n __dev_queue_xmit+0x6d0/0x7f0\n ip6_finish_output2+0x214/0x5d0\n ip6_finish_output+0x1fc/0x3f0\n ip6_xmit+0x2ca/0x6f0\n ip6_finish_output+0x1fc/0x3f0\n ip6_xmit+0x2ca/0x6f0\n inet6_csk_xmit+0xeb/0x150\n __tcp_transmit_skb+0x555/0xa80\n tcp_write_xmit+0x32a/0xe90\n tcp_sendmsg_locked+0x437/0x1110\n tcp_sendmsg+0x2f/0x50\n...\nskb linear: 00000000: e4 3d 1a 7d ec 30 e4 3d 1a 7e 5d 90 86 dd 60 0e\nskb linear: 00000010: 00 0a 1b 34 3c 40 20 11 00 00 00 00 00 00 00 00\nskb linear: 00000020: 00 00 00 00 00 12 20 11 00 00 00 00 00 00 00 00\nskb linear: 00000030: 00 00 00 00 00 11 2f 00 04 01 04 01 01 00 00 00\nskb linear: 00000040: 86 dd 60 0e 00 0a 1b 00 06 40 20 23 00 00 00 00\nskb linear: 00000050: 00 00 00 00 00 00 00 00 00 12 20 23 00 00 00 00\nskb linear: 00000060: 00 00 00 00 00 00 00 00 00 11 bf 96 14 51 13 f9\nskb linear: 00000070: ae 27 a0 a8 2b e3 80 18 00 40 5b 6f 00 00 01 01\nskb linear: 00000080: 08 0a 42 d4 50 d5 4b 70 f8 1a",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39770",
"url": "https://www.suse.com/security/cve/CVE-2025-39770"
},
{
"category": "external",
"summary": "SUSE Bug 1249508 for CVE-2025-39770",
"url": "https://bugzilla.suse.com/1249508"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39770"
},
{
"cve": "CVE-2025-39772",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39772"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/hisilicon/hibmc: fix the hibmc loaded failed bug\n\nWhen hibmc loaded failed, the driver use hibmc_unload to free the\nresource, but the mutexes in mode.config are not init, which will\naccess an NULL pointer. Just change goto statement to return, because\nhibnc_hw_init() doesn\u0027t need to free anything.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39772",
"url": "https://www.suse.com/security/cve/CVE-2025-39772"
},
{
"category": "external",
"summary": "SUSE Bug 1249506 for CVE-2025-39772",
"url": "https://bugzilla.suse.com/1249506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39772"
},
{
"cve": "CVE-2025-39773",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39773"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: fix soft lockup in br_multicast_query_expired()\n\nWhen set multicast_query_interval to a large value, the local variable\n\u0027time\u0027 in br_multicast_send_query() may overflow. If the time is smaller\nthan jiffies, the timer will expire immediately, and then call mod_timer()\nagain, which creates a loop and may trigger the following soft lockup\nissue.\n\n watchdog: BUG: soft lockup - CPU#1 stuck for 221s! [rb_consumer:66]\n CPU: 1 UID: 0 PID: 66 Comm: rb_consumer Not tainted 6.16.0+ #259 PREEMPT(none)\n Call Trace:\n \u003cIRQ\u003e\n __netdev_alloc_skb+0x2e/0x3a0\n br_ip6_multicast_alloc_query+0x212/0x1b70\n __br_multicast_send_query+0x376/0xac0\n br_multicast_send_query+0x299/0x510\n br_multicast_query_expired.constprop.0+0x16d/0x1b0\n call_timer_fn+0x3b/0x2a0\n __run_timers+0x619/0x950\n run_timer_softirq+0x11c/0x220\n handle_softirqs+0x18e/0x560\n __irq_exit_rcu+0x158/0x1a0\n sysvec_apic_timer_interrupt+0x76/0x90\n \u003c/IRQ\u003e\n\nThis issue can be reproduced with:\n ip link add br0 type bridge\n echo 1 \u003e /sys/class/net/br0/bridge/multicast_querier\n echo 0xffffffffffffffff \u003e\n \t/sys/class/net/br0/bridge/multicast_query_interval\n ip link set dev br0 up\n\nThe multicast_startup_query_interval can also cause this issue. Similar to\nthe commit 99b40610956a (\"net: bridge: mcast: add and enforce query\ninterval minimum\"), add check for the query interval maximum to fix this\nissue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39773",
"url": "https://www.suse.com/security/cve/CVE-2025-39773"
},
{
"category": "external",
"summary": "SUSE Bug 1249504 for CVE-2025-39773",
"url": "https://bugzilla.suse.com/1249504"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39773"
},
{
"cve": "CVE-2025-39775",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39775"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/mremap: fix WARN with uffd that has remap events disabled\n\nRegistering userfaultd on a VMA that spans at least one PMD and then\nmremap()\u0027ing that VMA can trigger a WARN when recovering from a failed\npage table move due to a page table allocation error.\n\nThe code ends up doing the right thing (recurse, avoiding moving actual\npage tables), but triggering that WARN is unpleasant:\n\nWARNING: CPU: 2 PID: 6133 at mm/mremap.c:357 move_normal_pmd mm/mremap.c:357 [inline]\nWARNING: CPU: 2 PID: 6133 at mm/mremap.c:357 move_pgt_entry mm/mremap.c:595 [inline]\nWARNING: CPU: 2 PID: 6133 at mm/mremap.c:357 move_page_tables+0x3832/0x44a0 mm/mremap.c:852\nModules linked in:\nCPU: 2 UID: 0 PID: 6133 Comm: syz.0.19 Not tainted 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 PREEMPT(full)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nRIP: 0010:move_normal_pmd mm/mremap.c:357 [inline]\nRIP: 0010:move_pgt_entry mm/mremap.c:595 [inline]\nRIP: 0010:move_page_tables+0x3832/0x44a0 mm/mremap.c:852\nCode: ...\nRSP: 0018:ffffc900037a76d8 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: 0000000032930007 RCX: ffffffff820c6645\nRDX: ffff88802e56a440 RSI: ffffffff820c7201 RDI: 0000000000000007\nRBP: ffff888037728fc0 R08: 0000000000000007 R09: 0000000000000000\nR10: 0000000032930007 R11: 0000000000000000 R12: 0000000000000000\nR13: ffffc900037a79a8 R14: 0000000000000001 R15: dffffc0000000000\nFS: 000055556316a500(0000) GS:ffff8880d68bc000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b30863fff CR3: 0000000050171000 CR4: 0000000000352ef0\nCall Trace:\n \u003cTASK\u003e\n copy_vma_and_data+0x468/0x790 mm/mremap.c:1215\n move_vma+0x548/0x1780 mm/mremap.c:1282\n mremap_to+0x1b7/0x450 mm/mremap.c:1406\n do_mremap+0xfad/0x1f80 mm/mremap.c:1921\n __do_sys_mremap+0x119/0x170 mm/mremap.c:1977\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f00d0b8ebe9\nCode: ...\nRSP: 002b:00007ffe5ea5ee98 EFLAGS: 00000246 ORIG_RAX: 0000000000000019\nRAX: ffffffffffffffda RBX: 00007f00d0db5fa0 RCX: 00007f00d0b8ebe9\nRDX: 0000000000400000 RSI: 0000000000c00000 RDI: 0000200000000000\nRBP: 00007ffe5ea5eef0 R08: 0000200000c00000 R09: 0000000000000000\nR10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002\nR13: 00007f00d0db5fa0 R14: 00007f00d0db5fa0 R15: 0000000000000005\n \u003c/TASK\u003e\n\nThe underlying issue is that we recurse during the original page table\nmove, but not during the recovery move.\n\nFix it by checking for both VMAs and performing the check before the\npmd_none() sanity check.\n\nAdd a new helper where we perform+document that check for the PMD and PUD\nlevel.\n\nThanks to Harry for bisecting.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39775",
"url": "https://www.suse.com/security/cve/CVE-2025-39775"
},
{
"category": "external",
"summary": "SUSE Bug 1249500 for CVE-2025-39775",
"url": "https://bugzilla.suse.com/1249500"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39775"
},
{
"cve": "CVE-2025-39782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39782"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njbd2: prevent softlockup in jbd2_log_do_checkpoint()\n\nBoth jbd2_log_do_checkpoint() and jbd2_journal_shrink_checkpoint_list()\nperiodically release j_list_lock after processing a batch of buffers to\navoid long hold times on the j_list_lock. However, since both functions\ncontend for j_list_lock, the combined time spent waiting and processing\ncan be significant.\n\njbd2_journal_shrink_checkpoint_list() explicitly calls cond_resched() when\nneed_resched() is true to avoid softlockups during prolonged operations.\nBut jbd2_log_do_checkpoint() only exits its loop when need_resched() is\ntrue, relying on potentially sleeping functions like __flush_batch() or\nwait_on_buffer() to trigger rescheduling. If those functions do not sleep,\nthe kernel may hit a softlockup.\n\nwatchdog: BUG: soft lockup - CPU#3 stuck for 156s! [kworker/u129:2:373]\nCPU: 3 PID: 373 Comm: kworker/u129:2 Kdump: loaded Not tainted 6.6.0+ #10\nHardware name: Huawei TaiShan 2280 /BC11SPCD, BIOS 1.27 06/13/2017\nWorkqueue: writeback wb_workfn (flush-7:2)\npstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : native_queued_spin_lock_slowpath+0x358/0x418\nlr : jbd2_log_do_checkpoint+0x31c/0x438 [jbd2]\nCall trace:\n native_queued_spin_lock_slowpath+0x358/0x418\n jbd2_log_do_checkpoint+0x31c/0x438 [jbd2]\n __jbd2_log_wait_for_space+0xfc/0x2f8 [jbd2]\n add_transaction_credits+0x3bc/0x418 [jbd2]\n start_this_handle+0xf8/0x560 [jbd2]\n jbd2__journal_start+0x118/0x228 [jbd2]\n __ext4_journal_start_sb+0x110/0x188 [ext4]\n ext4_do_writepages+0x3dc/0x740 [ext4]\n ext4_writepages+0xa4/0x190 [ext4]\n do_writepages+0x94/0x228\n __writeback_single_inode+0x48/0x318\n writeback_sb_inodes+0x204/0x590\n __writeback_inodes_wb+0x54/0xf8\n wb_writeback+0x2cc/0x3d8\n wb_do_writeback+0x2e0/0x2f8\n wb_workfn+0x80/0x2a8\n process_one_work+0x178/0x3e8\n worker_thread+0x234/0x3b8\n kthread+0xf0/0x108\n ret_from_fork+0x10/0x20\n\nSo explicitly call cond_resched() in jbd2_log_do_checkpoint() to avoid\nsoftlockup.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39782",
"url": "https://www.suse.com/security/cve/CVE-2025-39782"
},
{
"category": "external",
"summary": "SUSE Bug 1249526 for CVE-2025-39782",
"url": "https://bugzilla.suse.com/1249526"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39782"
},
{
"cve": "CVE-2025-39783",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39783"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: Fix configfs group list head handling\n\nDoing a list_del() on the epf_group field of struct pci_epf_driver in\npci_epf_remove_cfs() is not correct as this field is a list head, not\na list entry. This list_del() call triggers a KASAN warning when an\nendpoint function driver which has a configfs attribute group is torn\ndown:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in pci_epf_remove_cfs+0x17c/0x198\nWrite of size 8 at addr ffff00010f4a0d80 by task rmmod/319\n\nCPU: 3 UID: 0 PID: 319 Comm: rmmod Not tainted 6.16.0-rc2 #1 NONE\nHardware name: Radxa ROCK 5B (DT)\nCall trace:\nshow_stack+0x2c/0x84 (C)\ndump_stack_lvl+0x70/0x98\nprint_report+0x17c/0x538\nkasan_report+0xb8/0x190\n__asan_report_store8_noabort+0x20/0x2c\npci_epf_remove_cfs+0x17c/0x198\npci_epf_unregister_driver+0x18/0x30\nnvmet_pci_epf_cleanup_module+0x24/0x30 [nvmet_pci_epf]\n__arm64_sys_delete_module+0x264/0x424\ninvoke_syscall+0x70/0x260\nel0_svc_common.constprop.0+0xac/0x230\ndo_el0_svc+0x40/0x58\nel0_svc+0x48/0xdc\nel0t_64_sync_handler+0x10c/0x138\nel0t_64_sync+0x198/0x19c\n...\n\nRemove this incorrect list_del() call from pci_epf_remove_cfs().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39783",
"url": "https://www.suse.com/security/cve/CVE-2025-39783"
},
{
"category": "external",
"summary": "SUSE Bug 1249486 for CVE-2025-39783",
"url": "https://bugzilla.suse.com/1249486"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39783"
},
{
"cve": "CVE-2025-39787",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39787"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: mdt_loader: Ensure we don\u0027t read past the ELF header\n\nWhen the MDT loader is used in remoteproc, the ELF header is sanitized\nbeforehand, but that\u0027s not necessary the case for other clients.\n\nValidate the size of the firmware buffer to ensure that we don\u0027t read\npast the end as we iterate over the header. e_phentsize and e_shentsize\nare validated as well, to ensure that the assumptions about step size in\nthe traversal are valid.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39787",
"url": "https://www.suse.com/security/cve/CVE-2025-39787"
},
{
"category": "external",
"summary": "SUSE Bug 1249545 for CVE-2025-39787",
"url": "https://bugzilla.suse.com/1249545"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39787"
},
{
"cve": "CVE-2025-39788",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39788"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE\n\nOn Google gs101, the number of UTP transfer request slots (nutrs) is 32,\nand in this case the driver ends up programming the UTRL_NEXUS_TYPE\nincorrectly as 0.\n\nThis is because the left hand side of the shift is 1, which is of type\nint, i.e. 31 bits wide. Shifting by more than that width results in\nundefined behaviour.\n\nFix this by switching to the BIT() macro, which applies correct type\ncasting as required. This ensures the correct value is written to\nUTRL_NEXUS_TYPE (0xffffffff on gs101), and it also fixes a UBSAN shift\nwarning:\n\n UBSAN: shift-out-of-bounds in drivers/ufs/host/ufs-exynos.c:1113:21\n shift exponent 32 is too large for 32-bit type \u0027int\u0027\n\nFor consistency, apply the same change to the nutmrs / UTMRL_NEXUS_TYPE\nwrite.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39788",
"url": "https://www.suse.com/security/cve/CVE-2025-39788"
},
{
"category": "external",
"summary": "SUSE Bug 1249547 for CVE-2025-39788",
"url": "https://bugzilla.suse.com/1249547"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39788"
},
{
"cve": "CVE-2025-39790",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39790"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: mhi: host: Detect events pointing to unexpected TREs\n\nWhen a remote device sends a completion event to the host, it contains a\npointer to the consumed TRE. The host uses this pointer to process all of\nthe TREs between it and the host\u0027s local copy of the ring\u0027s read pointer.\nThis works when processing completion for chained transactions, but can\nlead to nasty results if the device sends an event for a single-element\ntransaction with a read pointer that is multiple elements ahead of the\nhost\u0027s read pointer.\n\nFor instance, if the host accesses an event ring while the device is\nupdating it, the pointer inside of the event might still point to an old\nTRE. If the host uses the channel\u0027s xfer_cb() to directly free the buffer\npointed to by the TRE, the buffer will be double-freed.\n\nThis behavior was observed on an ep that used upstream EP stack without\n\u0027commit 6f18d174b73d (\"bus: mhi: ep: Update read pointer only after buffer\nis written\")\u0027. Where the device updated the events ring pointer before\nupdating the event contents, so it left a window where the host was able to\naccess the stale data the event pointed to, before the device had the\nchance to update them. The usual pattern was that the host received an\nevent pointing to a TRE that is not immediately after the last processed\none, so it got treated as if it was a chained transaction, processing all\nof the TREs in between the two read pointers.\n\nThis commit aims to harden the host by ensuring transactions where the\nevent points to a TRE that isn\u0027t local_rp + 1 are chained.\n\n[mani: added stable tag and reworded commit message]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39790",
"url": "https://www.suse.com/security/cve/CVE-2025-39790"
},
{
"category": "external",
"summary": "SUSE Bug 1249548 for CVE-2025-39790",
"url": "https://bugzilla.suse.com/1249548"
},
{
"category": "external",
"summary": "SUSE Bug 1249549 for CVE-2025-39790",
"url": "https://bugzilla.suse.com/1249549"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-39790"
},
{
"cve": "CVE-2025-39791",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39791"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: dm-crypt: Do not partially accept write BIOs with zoned targets\n\nRead and write operations issued to a dm-crypt target may be split\naccording to the dm-crypt internal limits defined by the max_read_size\nand max_write_size module parameters (default is 128 KB). The intent is\nto improve processing time of large BIOs by splitting them into smaller\noperations that can be parallelized on different CPUs.\n\nFor zoned dm-crypt targets, this BIO splitting is still done but without\nthe parallel execution to ensure that the issuing order of write\noperations to the underlying devices remains sequential. However, the\nsplitting itself causes other problems:\n\n1) Since dm-crypt relies on the block layer zone write plugging to\n handle zone append emulation using regular write operations, the\n reminder of a split write BIO will always be plugged into the target\n zone write plugged. Once the on-going write BIO finishes, this\n reminder BIO is unplugged and issued from the zone write plug work.\n If this reminder BIO itself needs to be split, the reminder will be\n re-issued and plugged again, but that causes a call to a\n blk_queue_enter(), which may block if a queue freeze operation was\n initiated. This results in a deadlock as DM submission still holds\n BIOs that the queue freeze side is waiting for.\n\n2) dm-crypt relies on the emulation done by the block layer using\n regular write operations for processing zone append operations. This\n still requires to properly return the written sector as the BIO\n sector of the original BIO. However, this can be done correctly only\n and only if there is a single clone BIO used for processing the\n original zone append operation issued by the user. If the size of a\n zone append operation is larger than dm-crypt max_write_size, then\n the orginal BIO will be split and processed as a chain of regular\n write operations. Such chaining result in an incorrect written sector\n being returned to the zone append issuer using the original BIO\n sector. This in turn results in file system data corruptions using\n xfs or btrfs.\n\nFix this by modifying get_max_request_size() to always return the size\nof the BIO to avoid it being split with dm_accpet_partial_bio() in\ncrypt_map(). get_max_request_size() is renamed to\nget_max_request_sectors() to clarify the unit of the value returned\nand its interface is changed to take a struct dm_target pointer and a\npointer to the struct bio being processed. In addition to this change,\nto ensure that crypt_alloc_buffer() works correctly, set the dm-crypt\ndevice max_hw_sectors limit to be at most\nBIO_MAX_VECS \u003c\u003c PAGE_SECTORS_SHIFT (1 MB with a 4KB page architecture).\nThis forces DM core to split write BIOs before passing them to\ncrypt_map(), and thus guaranteeing that dm-crypt can always accept an\nentire write BIO without needing to split it.\n\nThis change does not have any effect on the read path of dm-crypt. Read\noperations can still be split and the BIO fragments processed in\nparallel. There is also no impact on the performance of the write path\ngiven that all zone write BIOs were already processed inline instead of\nin parallel.\n\nThis change also does not affect in any way regular dm-crypt block\ndevices.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39791",
"url": "https://www.suse.com/security/cve/CVE-2025-39791"
},
{
"category": "external",
"summary": "SUSE Bug 1249550 for CVE-2025-39791",
"url": "https://bugzilla.suse.com/1249550"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39791"
},
{
"cve": "CVE-2025-39792",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39792"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: Always split write BIOs to zoned device limits\n\nAny zoned DM target that requires zone append emulation will use the\nblock layer zone write plugging. In such case, DM target drivers must\nnot split BIOs using dm_accept_partial_bio() as doing so can potentially\nlead to deadlocks with queue freeze operations. Regular write operations\nused to emulate zone append operations also cannot be split by the\ntarget driver as that would result in an invalid writen sector value\nreturn using the BIO sector.\n\nIn order for zoned DM target drivers to avoid such incorrect BIO\nsplitting, we must ensure that large BIOs are split before being passed\nto the map() function of the target, thus guaranteeing that the\nlimits for the mapped device are not exceeded.\n\ndm-crypt and dm-flakey are the only target drivers supporting zoned\ndevices and using dm_accept_partial_bio().\n\nIn the case of dm-crypt, this function is used to split BIOs to the\ninternal max_write_size limit (which will be suppressed in a different\npatch). However, since crypt_alloc_buffer() uses a bioset allowing only\nup to BIO_MAX_VECS (256) vectors in a BIO. The dm-crypt device\nmax_segments limit, which is not set and so default to BLK_MAX_SEGMENTS\n(128), must thus be respected and write BIOs split accordingly.\n\nIn the case of dm-flakey, since zone append emulation is not required,\nthe block layer zone write plugging is not used and no splitting of BIOs\nrequired.\n\nModify the function dm_zone_bio_needs_split() to use the block layer\nhelper function bio_needs_zone_write_plugging() to force a call to\nbio_split_to_limits() in dm_split_and_process_bio(). This allows DM\ntarget drivers to avoid using dm_accept_partial_bio() for write\noperations on zoned DM devices.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39792",
"url": "https://www.suse.com/security/cve/CVE-2025-39792"
},
{
"category": "external",
"summary": "SUSE Bug 1249618 for CVE-2025-39792",
"url": "https://bugzilla.suse.com/1249618"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39792"
},
{
"cve": "CVE-2025-39797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39797"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: Duplicate SPI Handling\n\nThe issue originates when Strongswan initiates an XFRM_MSG_ALLOCSPI\nNetlink message, which triggers the kernel function xfrm_alloc_spi().\nThis function is expected to ensure uniqueness of the Security Parameter\nIndex (SPI) for inbound Security Associations (SAs). However, it can\nreturn success even when the requested SPI is already in use, leading\nto duplicate SPIs assigned to multiple inbound SAs, differentiated\nonly by their destination addresses.\n\nThis behavior causes inconsistencies during SPI lookups for inbound packets.\nSince the lookup may return an arbitrary SA among those with the same SPI,\npacket processing can fail, resulting in packet drops.\n\nAccording to RFC 4301 section 4.4.2 , for inbound processing a unicast SA\nis uniquely identified by the SPI and optionally protocol.\n\nReproducing the Issue Reliably:\nTo consistently reproduce the problem, restrict the available SPI range in\ncharon.conf : spi_min = 0x10000000 spi_max = 0x10000002\nThis limits the system to only 2 usable SPI values.\nNext, create more than 2 Child SA. each using unique pair of src/dst address.\nAs soon as the 3rd Child SA is initiated, it will be assigned a duplicate\nSPI, since the SPI pool is already exhausted.\nWith a narrow SPI range, the issue is consistently reproducible.\nWith a broader/default range, it becomes rare and unpredictable.\n\nCurrent implementation:\nxfrm_spi_hash() lookup function computes hash using daddr, proto, and family.\nSo if two SAs have the same SPI but different destination addresses, then\nthey will:\na. Hash into different buckets\nb. Be stored in different linked lists (byspi + h)\nc. Not be seen in the same hlist_for_each_entry_rcu() iteration.\nAs a result, the lookup will result in NULL and kernel allows that Duplicate SPI\n\nProposed Change:\nxfrm_state_lookup_spi_proto() does a truly global search - across all states,\nregardless of hash bucket and matches SPI and proto.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39797",
"url": "https://www.suse.com/security/cve/CVE-2025-39797"
},
{
"category": "external",
"summary": "SUSE Bug 1249608 for CVE-2025-39797",
"url": "https://bugzilla.suse.com/1249608"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39797"
},
{
"cve": "CVE-2025-39798",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39798"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Fix the setting of capabilities when automounting a new filesystem\n\nCapabilities cannot be inherited when we cross into a new filesystem.\nThey need to be reset to the minimal defaults, and then probed for\nagain.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39798",
"url": "https://www.suse.com/security/cve/CVE-2025-39798"
},
{
"category": "external",
"summary": "SUSE Bug 1249774 for CVE-2025-39798",
"url": "https://bugzilla.suse.com/1249774"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39798"
},
{
"cve": "CVE-2025-39800",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39800"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: abort transaction on unexpected eb generation at btrfs_copy_root()\n\nIf we find an unexpected generation for the extent buffer we are cloning\nat btrfs_copy_root(), we just WARN_ON() and don\u0027t error out and abort the\ntransaction, meaning we allow to persist metadata with an unexpected\ngeneration. Instead of warning only, abort the transaction and return\n-EUCLEAN.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39800",
"url": "https://www.suse.com/security/cve/CVE-2025-39800"
},
{
"category": "external",
"summary": "SUSE Bug 1250177 for CVE-2025-39800",
"url": "https://bugzilla.suse.com/1250177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39800"
},
{
"cve": "CVE-2025-39801",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39801"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: Remove WARN_ON for device endpoint command timeouts\n\nThis commit addresses a rarely observed endpoint command timeout\nwhich causes kernel panic due to warn when \u0027panic_on_warn\u0027 is enabled\nand unnecessary call trace prints when \u0027panic_on_warn\u0027 is disabled.\nIt is seen during fast software-controlled connect/disconnect testcases.\nThe following is one such endpoint command timeout that we observed:\n\n1. Connect\n =======\n-\u003edwc3_thread_interrupt\n -\u003edwc3_ep0_interrupt\n -\u003econfigfs_composite_setup\n -\u003ecomposite_setup\n -\u003eusb_ep_queue\n -\u003edwc3_gadget_ep0_queue\n -\u003e__dwc3_gadget_ep0_queue\n -\u003e__dwc3_ep0_do_control_data\n -\u003edwc3_send_gadget_ep_cmd\n\n2. Disconnect\n ==========\n-\u003edwc3_thread_interrupt\n -\u003edwc3_gadget_disconnect_interrupt\n -\u003edwc3_ep0_reset_state\n -\u003edwc3_ep0_end_control_data\n -\u003edwc3_send_gadget_ep_cmd\n\nIn the issue scenario, in Exynos platforms, we observed that control\ntransfers for the previous connect have not yet been completed and end\ntransfer command sent as a part of the disconnect sequence and\nprocessing of USB_ENDPOINT_HALT feature request from the host timeout.\nThis maybe an expected scenario since the controller is processing EP\ncommands sent as a part of the previous connect. It maybe better to\nremove WARN_ON in all places where device endpoint commands are sent to\navoid unnecessary kernel panic due to warn.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39801",
"url": "https://www.suse.com/security/cve/CVE-2025-39801"
},
{
"category": "external",
"summary": "SUSE Bug 1250450 for CVE-2025-39801",
"url": "https://bugzilla.suse.com/1250450"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39801"
},
{
"cve": "CVE-2025-39806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39806"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: multitouch: fix slab out-of-bounds access in mt_report_fixup()\n\nA malicious HID device can trigger a slab out-of-bounds during\nmt_report_fixup() by passing in report descriptor smaller than\n607 bytes. mt_report_fixup() attempts to patch byte offset 607\nof the descriptor with 0x25 by first checking if byte offset\n607 is 0x15 however it lacks bounds checks to verify if the\ndescriptor is big enough before conducting this check. Fix\nthis bug by ensuring the descriptor size is at least 608\nbytes before accessing it.\n\nBelow is the KASAN splat after the out of bounds access happens:\n\n[ 13.671954] ==================================================================\n[ 13.672667] BUG: KASAN: slab-out-of-bounds in mt_report_fixup+0x103/0x110\n[ 13.673297] Read of size 1 at addr ffff888103df39df by task kworker/0:1/10\n[ 13.673297]\n[ 13.673297] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.15.0-00005-gec5d573d83f4-dirty #3\n[ 13.673297] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/04\n[ 13.673297] Call Trace:\n[ 13.673297] \u003cTASK\u003e\n[ 13.673297] dump_stack_lvl+0x5f/0x80\n[ 13.673297] print_report+0xd1/0x660\n[ 13.673297] kasan_report+0xe5/0x120\n[ 13.673297] __asan_report_load1_noabort+0x18/0x20\n[ 13.673297] mt_report_fixup+0x103/0x110\n[ 13.673297] hid_open_report+0x1ef/0x810\n[ 13.673297] mt_probe+0x422/0x960\n[ 13.673297] hid_device_probe+0x2e2/0x6f0\n[ 13.673297] really_probe+0x1c6/0x6b0\n[ 13.673297] __driver_probe_device+0x24f/0x310\n[ 13.673297] driver_probe_device+0x4e/0x220\n[ 13.673297] __device_attach_driver+0x169/0x320\n[ 13.673297] bus_for_each_drv+0x11d/0x1b0\n[ 13.673297] __device_attach+0x1b8/0x3e0\n[ 13.673297] device_initial_probe+0x12/0x20\n[ 13.673297] bus_probe_device+0x13d/0x180\n[ 13.673297] device_add+0xe3a/0x1670\n[ 13.673297] hid_add_device+0x31d/0xa40\n[...]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39806",
"url": "https://www.suse.com/security/cve/CVE-2025-39806"
},
{
"category": "external",
"summary": "SUSE Bug 1249888 for CVE-2025-39806",
"url": "https://bugzilla.suse.com/1249888"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39806"
},
{
"cve": "CVE-2025-39807",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39807"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mediatek: Add error handling for old state CRTC in atomic_disable\n\nIntroduce error handling to address an issue where, after a hotplug\nevent, the cursor continues to update. This situation can lead to a\nkernel panic due to accessing the NULL `old_state-\u003ecrtc`.\n\nE,g.\nUnable to handle kernel NULL pointer dereference at virtual address\nCall trace:\n mtk_crtc_plane_disable+0x24/0x140\n mtk_plane_atomic_update+0x8c/0xa8\n drm_atomic_helper_commit_planes+0x114/0x2c8\n drm_atomic_helper_commit_tail_rpm+0x4c/0x158\n commit_tail+0xa0/0x168\n drm_atomic_helper_commit+0x110/0x120\n drm_atomic_commit+0x8c/0xe0\n drm_atomic_helper_update_plane+0xd4/0x128\n __setplane_atomic+0xcc/0x110\n drm_mode_cursor_common+0x250/0x440\n drm_mode_cursor_ioctl+0x44/0x70\n drm_ioctl+0x264/0x5d8\n __arm64_sys_ioctl+0xd8/0x510\n invoke_syscall+0x6c/0xe0\n do_el0_svc+0x68/0xe8\n el0_svc+0x34/0x60\n el0t_64_sync_handler+0x1c/0xf8\n el0t_64_sync+0x180/0x188\n\nAdding NULL pointer checks to ensure stability by preventing operations\non an invalid CRTC state.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39807",
"url": "https://www.suse.com/security/cve/CVE-2025-39807"
},
{
"category": "external",
"summary": "SUSE Bug 1249887 for CVE-2025-39807",
"url": "https://bugzilla.suse.com/1249887"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39807"
},
{
"cve": "CVE-2025-39808",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39808"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hid-ntrig: fix unable to handle page fault in ntrig_report_version()\n\nin ntrig_report_version(), hdev parameter passed from hid_probe().\nsending descriptor to /dev/uhid can make hdev-\u003edev.parent-\u003eparent to null\nif hdev-\u003edev.parent-\u003eparent is null, usb_dev has\ninvalid address(0xffffffffffffff58) that hid_to_usb_dev(hdev) returned\nwhen usb_rcvctrlpipe() use usb_dev,it trigger\npage fault error for address(0xffffffffffffff58)\n\nadd null check logic to ntrig_report_version()\nbefore calling hid_to_usb_dev()",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39808",
"url": "https://www.suse.com/security/cve/CVE-2025-39808"
},
{
"category": "external",
"summary": "SUSE Bug 1250088 for CVE-2025-39808",
"url": "https://bugzilla.suse.com/1250088"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39808"
},
{
"cve": "CVE-2025-39810",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39810"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Fix memory corruption when FW resources change during ifdown\n\nbnxt_set_dflt_rings() assumes that it is always called before any TC has\nbeen created. So it doesn\u0027t take bp-\u003enum_tc into account and assumes\nthat it is always 0 or 1.\n\nIn the FW resource or capability change scenario, the FW will return\nflags in bnxt_hwrm_if_change() that will cause the driver to\nreinitialize and call bnxt_cancel_reservations(). This will lead to\nbnxt_init_dflt_ring_mode() calling bnxt_set_dflt_rings() and bp-\u003enum_tc\nmay be greater than 1. This will cause bp-\u003etx_ring[] to be sized too\nsmall and cause memory corruption in bnxt_alloc_cp_rings().\n\nFix it by properly scaling the TX rings by bp-\u003enum_tc in the code\npaths mentioned above. Add 2 helper functions to determine\nbp-\u003etx_nr_rings and bp-\u003etx_nr_rings_per_tc.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39810",
"url": "https://www.suse.com/security/cve/CVE-2025-39810"
},
{
"category": "external",
"summary": "SUSE Bug 1249975 for CVE-2025-39810",
"url": "https://bugzilla.suse.com/1249975"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39810"
},
{
"cve": "CVE-2025-39811",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39811"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/vm: Clear the scratch_pt pointer on error\n\nAvoid triggering a dereference of an error pointer on cleanup in\nxe_vm_free_scratch() by clearing any scratch_pt error pointer.\n\n(cherry picked from commit 358ee50ab565f3c8ea32480e9d03127a81ba32f8)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39811",
"url": "https://www.suse.com/security/cve/CVE-2025-39811"
},
{
"category": "external",
"summary": "SUSE Bug 1249915 for CVE-2025-39811",
"url": "https://bugzilla.suse.com/1249915"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39811"
},
{
"cve": "CVE-2025-39813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39813"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Fix potential warning in trace_printk_seq during ftrace_dump\n\nWhen calling ftrace_dump_one() concurrently with reading trace_pipe,\na WARN_ON_ONCE() in trace_printk_seq() can be triggered due to a race\ncondition.\n\nThe issue occurs because:\n\nCPU0 (ftrace_dump) CPU1 (reader)\necho z \u003e /proc/sysrq-trigger\n\n!trace_empty(\u0026iter)\ntrace_iterator_reset(\u0026iter) \u003c- len = size = 0\n cat /sys/kernel/tracing/trace_pipe\ntrace_find_next_entry_inc(\u0026iter)\n __find_next_entry\n ring_buffer_empty_cpu \u003c- all empty\n return NULL\n\ntrace_printk_seq(\u0026iter.seq)\n WARN_ON_ONCE(s-\u003eseq.len \u003e= s-\u003eseq.size)\n\nIn the context between trace_empty() and trace_find_next_entry_inc()\nduring ftrace_dump, the ring buffer data was consumed by other readers.\nThis caused trace_find_next_entry_inc to return NULL, failing to populate\n`iter.seq`. At this point, due to the prior trace_iterator_reset, both\n`iter.seq.len` and `iter.seq.size` were set to 0. Since they are equal,\nthe WARN_ON_ONCE condition is triggered.\n\nMove the trace_printk_seq() into the if block that checks to make sure the\nreturn value of trace_find_next_entry_inc() is non-NULL in\nftrace_dump_one(), ensuring the \u0027iter.seq\u0027 is properly populated before\nsubsequent operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39813",
"url": "https://www.suse.com/security/cve/CVE-2025-39813"
},
{
"category": "external",
"summary": "SUSE Bug 1250032 for CVE-2025-39813",
"url": "https://bugzilla.suse.com/1250032"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39813"
},
{
"cve": "CVE-2025-39816",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39816"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/kbuf: always use READ_ONCE() to read ring provided buffer lengths\n\nSince the buffers are mapped from userspace, it is prudent to use\nREAD_ONCE() to read the value into a local variable, and use that for\nany other actions taken. Having a stable read of the buffer length\navoids worrying about it changing after checking, or being read multiple\ntimes.\n\nSimilarly, the buffer may well change in between it being picked and\nbeing committed. Ensure the looping for incremental ring buffer commit\nstops if it hits a zero sized buffer, as no further progress can be made\nat that point.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39816",
"url": "https://www.suse.com/security/cve/CVE-2025-39816"
},
{
"category": "external",
"summary": "SUSE Bug 1249906 for CVE-2025-39816",
"url": "https://bugzilla.suse.com/1249906"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39816"
},
{
"cve": "CVE-2025-39823",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39823"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: use array_index_nospec with indices that come from guest\n\nmin and dest_id are guest-controlled indices. Using array_index_nospec()\nafter the bounds checks clamps these values to mitigate speculative execution\nside-channels.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39823",
"url": "https://www.suse.com/security/cve/CVE-2025-39823"
},
{
"category": "external",
"summary": "SUSE Bug 1250002 for CVE-2025-39823",
"url": "https://bugzilla.suse.com/1250002"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39823"
},
{
"cve": "CVE-2025-39824",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39824"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: asus: fix UAF via HID_CLAIMED_INPUT validation\n\nAfter hid_hw_start() is called hidinput_connect() will eventually be\ncalled to set up the device with the input layer since the\nHID_CONNECT_DEFAULT connect mask is used. During hidinput_connect()\nall input and output reports are processed and corresponding hid_inputs\nare allocated and configured via hidinput_configure_usages(). This\nprocess involves slot tagging report fields and configuring usages\nby setting relevant bits in the capability bitmaps. However it is possible\nthat the capability bitmaps are not set at all leading to the subsequent\nhidinput_has_been_populated() check to fail leading to the freeing of the\nhid_input and the underlying input device.\n\nThis becomes problematic because a malicious HID device like a\nASUS ROG N-Key keyboard can trigger the above scenario via a\nspecially crafted descriptor which then leads to a user-after-free\nwhen the name of the freed input device is written to later on after\nhid_hw_start(). Below, report 93 intentionally utilises the\nHID_UP_UNDEFINED Usage Page which is skipped during usage\nconfiguration, leading to the frees.\n\n0x05, 0x0D, // Usage Page (Digitizer)\n0x09, 0x05, // Usage (Touch Pad)\n0xA1, 0x01, // Collection (Application)\n0x85, 0x0D, // Report ID (13)\n0x06, 0x00, 0xFF, // Usage Page (Vendor Defined 0xFF00)\n0x09, 0xC5, // Usage (0xC5)\n0x15, 0x00, // Logical Minimum (0)\n0x26, 0xFF, 0x00, // Logical Maximum (255)\n0x75, 0x08, // Report Size (8)\n0x95, 0x04, // Report Count (4)\n0xB1, 0x02, // Feature (Data,Var,Abs)\n0x85, 0x5D, // Report ID (93)\n0x06, 0x00, 0x00, // Usage Page (Undefined)\n0x09, 0x01, // Usage (0x01)\n0x15, 0x00, // Logical Minimum (0)\n0x26, 0xFF, 0x00, // Logical Maximum (255)\n0x75, 0x08, // Report Size (8)\n0x95, 0x1B, // Report Count (27)\n0x81, 0x02, // Input (Data,Var,Abs)\n0xC0, // End Collection\n\nBelow is the KASAN splat after triggering the UAF:\n\n[ 21.672709] ==================================================================\n[ 21.673700] BUG: KASAN: slab-use-after-free in asus_probe+0xeeb/0xf80\n[ 21.673700] Write of size 8 at addr ffff88810a0ac000 by task kworker/1:2/54\n[ 21.673700]\n[ 21.673700] CPU: 1 UID: 0 PID: 54 Comm: kworker/1:2 Not tainted 6.16.0-rc4-g9773391cf4dd-dirty #36 PREEMPT(voluntary)\n[ 21.673700] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\n[ 21.673700] Call Trace:\n[ 21.673700] \u003cTASK\u003e\n[ 21.673700] dump_stack_lvl+0x5f/0x80\n[ 21.673700] print_report+0xd1/0x660\n[ 21.673700] kasan_report+0xe5/0x120\n[ 21.673700] __asan_report_store8_noabort+0x1b/0x30\n[ 21.673700] asus_probe+0xeeb/0xf80\n[ 21.673700] hid_device_probe+0x2ee/0x700\n[ 21.673700] really_probe+0x1c6/0x6b0\n[ 21.673700] __driver_probe_device+0x24f/0x310\n[ 21.673700] driver_probe_device+0x4e/0x220\n[...]\n[ 21.673700]\n[ 21.673700] Allocated by task 54:\n[ 21.673700] kasan_save_stack+0x3d/0x60\n[ 21.673700] kasan_save_track+0x18/0x40\n[ 21.673700] kasan_save_alloc_info+0x3b/0x50\n[ 21.673700] __kasan_kmalloc+0x9c/0xa0\n[ 21.673700] __kmalloc_cache_noprof+0x139/0x340\n[ 21.673700] input_allocate_device+0x44/0x370\n[ 21.673700] hidinput_connect+0xcb6/0x2630\n[ 21.673700] hid_connect+0xf74/0x1d60\n[ 21.673700] hid_hw_start+0x8c/0x110\n[ 21.673700] asus_probe+0x5a3/0xf80\n[ 21.673700] hid_device_probe+0x2ee/0x700\n[ 21.673700] really_probe+0x1c6/0x6b0\n[ 21.673700] __driver_probe_device+0x24f/0x310\n[ 21.673700] driver_probe_device+0x4e/0x220\n[...]\n[ 21.673700]\n[ 21.673700] Freed by task 54:\n[ 21.673700] kasan_save_stack+0x3d/0x60\n[ 21.673700] kasan_save_track+0x18/0x40\n[ 21.673700] kasan_save_free_info+0x3f/0x60\n[ 21.673700] __kasan_slab_free+0x3c/0x50\n[ 21.673700] kfre\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39824",
"url": "https://www.suse.com/security/cve/CVE-2025-39824"
},
{
"category": "external",
"summary": "SUSE Bug 1250007 for CVE-2025-39824",
"url": "https://bugzilla.suse.com/1250007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39824"
},
{
"cve": "CVE-2025-39825",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39825"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix race with concurrent opens in rename(2)\n\nBesides sending the rename request to the server, the rename process\nalso involves closing any deferred close, waiting for outstanding I/O\nto complete as well as marking all existing open handles as deleted to\nprevent them from deferring closes, which increases the race window\nfor potential concurrent opens on the target file.\n\nFix this by unhashing the dentry in advance to prevent any concurrent\nopens on the target.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39825",
"url": "https://www.suse.com/security/cve/CVE-2025-39825"
},
{
"category": "external",
"summary": "SUSE Bug 1250179 for CVE-2025-39825",
"url": "https://bugzilla.suse.com/1250179"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39825"
},
{
"cve": "CVE-2025-39826",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39826"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rose: convert \u0027use\u0027 field to refcount_t\n\nThe \u0027use\u0027 field in struct rose_neigh is used as a reference counter but\nlacks atomicity. This can lead to race conditions where a rose_neigh\nstructure is freed while still being referenced by other code paths.\n\nFor example, when rose_neigh-\u003euse becomes zero during an ioctl operation\nvia rose_rt_ioctl(), the structure may be removed while its timer is\nstill active, potentially causing use-after-free issues.\n\nThis patch changes the type of \u0027use\u0027 from unsigned short to refcount_t and\nupdates all code paths to use rose_neigh_hold() and rose_neigh_put() which\noperate reference counts atomically.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39826",
"url": "https://www.suse.com/security/cve/CVE-2025-39826"
},
{
"category": "external",
"summary": "SUSE Bug 1250203 for CVE-2025-39826",
"url": "https://bugzilla.suse.com/1250203"
},
{
"category": "external",
"summary": "SUSE Bug 1252713 for CVE-2025-39826",
"url": "https://bugzilla.suse.com/1252713"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-39826"
},
{
"cve": "CVE-2025-39827",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39827"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rose: include node references in rose_neigh refcount\n\nCurrent implementation maintains two separate reference counting\nmechanisms: the \u0027count\u0027 field in struct rose_neigh tracks references from\nrose_node structures, while the \u0027use\u0027 field (now refcount_t) tracks\nreferences from rose_sock.\n\nThis patch merges these two reference counting systems using \u0027use\u0027 field\nfor proper reference management. Specifically, this patch adds incrementing\nand decrementing of rose_neigh-\u003euse when rose_neigh-\u003ecount is incremented\nor decremented.\n\nThis patch also modifies rose_rt_free(), rose_rt_device_down() and\nrose_clear_route() to properly release references to rose_neigh objects\nbefore freeing a rose_node through rose_remove_node().\n\nThese changes ensure rose_neigh structures are properly freed only when\nall references, including those from rose_node structures, are released.\nAs a result, this resolves a slab-use-after-free issue reported by Syzbot.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39827",
"url": "https://www.suse.com/security/cve/CVE-2025-39827"
},
{
"category": "external",
"summary": "SUSE Bug 1250204 for CVE-2025-39827",
"url": "https://bugzilla.suse.com/1250204"
},
{
"category": "external",
"summary": "SUSE Bug 1252714 for CVE-2025-39827",
"url": "https://bugzilla.suse.com/1252714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-39827"
},
{
"cve": "CVE-2025-39828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39828"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: atmtcp: Prevent arbitrary write in atmtcp_recv_control().\n\nsyzbot reported the splat below. [0]\n\nWhen atmtcp_v_open() or atmtcp_v_close() is called via connect()\nor close(), atmtcp_send_control() is called to send an in-kernel\nspecial message.\n\nThe message has ATMTCP_HDR_MAGIC in atmtcp_control.hdr.length.\nAlso, a pointer of struct atm_vcc is set to atmtcp_control.vcc.\n\nThe notable thing is struct atmtcp_control is uAPI but has a\nspace for an in-kernel pointer.\n\n struct atmtcp_control {\n \tstruct atmtcp_hdr hdr;\t/* must be first */\n ...\n \tatm_kptr_t vcc;\t\t/* both directions */\n ...\n } __ATM_API_ALIGN;\n\n typedef struct { unsigned char _[8]; } __ATM_API_ALIGN atm_kptr_t;\n\nThe special message is processed in atmtcp_recv_control() called\nfrom atmtcp_c_send().\n\natmtcp_c_send() is vcc-\u003edev-\u003eops-\u003esend() and called from 2 paths:\n\n 1. .ndo_start_xmit() (vcc-\u003esend() == atm_send_aal0())\n 2. vcc_sendmsg()\n\nThe problem is sendmsg() does not validate the message length and\nuserspace can abuse atmtcp_recv_control() to overwrite any kptr\nby atmtcp_control.\n\nLet\u0027s add a new -\u003epre_send() hook to validate messages from sendmsg().\n\n[0]:\nOops: general protection fault, probably for non-canonical address 0xdffffc00200000ab: 0000 [#1] SMP KASAN PTI\nKASAN: probably user-memory-access in range [0x0000000100000558-0x000000010000055f]\nCPU: 0 UID: 0 PID: 5865 Comm: syz-executor331 Not tainted 6.17.0-rc1-syzkaller-00215-gbab3ce404553 #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025\nRIP: 0010:atmtcp_recv_control drivers/atm/atmtcp.c:93 [inline]\nRIP: 0010:atmtcp_c_send+0x1da/0x950 drivers/atm/atmtcp.c:297\nCode: 4d 8d 75 1a 4c 89 f0 48 c1 e8 03 42 0f b6 04 20 84 c0 0f 85 15 06 00 00 41 0f b7 1e 4d 8d b7 60 05 00 00 4c 89 f0 48 c1 e8 03 \u003c42\u003e 0f b6 04 20 84 c0 0f 85 13 06 00 00 66 41 89 1e 4d 8d 75 1c 4c\nRSP: 0018:ffffc90003f5f810 EFLAGS: 00010203\nRAX: 00000000200000ab RBX: 0000000000000000 RCX: 0000000000000000\nRDX: ffff88802a510000 RSI: 00000000ffffffff RDI: ffff888030a6068c\nRBP: ffff88802699fb40 R08: ffff888030a606eb R09: 1ffff1100614c0dd\nR10: dffffc0000000000 R11: ffffffff8718fc40 R12: dffffc0000000000\nR13: ffff888030a60680 R14: 000000010000055f R15: 00000000ffffffff\nFS: 00007f8d7e9236c0(0000) GS:ffff888125c1c000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000000045ad50 CR3: 0000000075bde000 CR4: 00000000003526f0\nCall Trace:\n \u003cTASK\u003e\n vcc_sendmsg+0xa10/0xc60 net/atm/common.c:645\n sock_sendmsg_nosec net/socket.c:714 [inline]\n __sock_sendmsg+0x219/0x270 net/socket.c:729\n ____sys_sendmsg+0x505/0x830 net/socket.c:2614\n ___sys_sendmsg+0x21f/0x2a0 net/socket.c:2668\n __sys_sendmsg net/socket.c:2700 [inline]\n __do_sys_sendmsg net/socket.c:2705 [inline]\n __se_sys_sendmsg net/socket.c:2703 [inline]\n __x64_sys_sendmsg+0x19b/0x260 net/socket.c:2703\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f8d7e96a4a9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f8d7e923198 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007f8d7e9f4308 RCX: 00007f8d7e96a4a9\nRDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000005\nRBP: 00007f8d7e9f4300 R08: 65732f636f72702f R09: 65732f636f72702f\nR10: 65732f636f72702f R11: 0000000000000246 R12: 00007f8d7e9c10ac\nR13: 00007f8d7e9231a0 R14: 0000200000000200 R15: 0000200000000250\n \u003c/TASK\u003e\nModules linked in:",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39828",
"url": "https://www.suse.com/security/cve/CVE-2025-39828"
},
{
"category": "external",
"summary": "SUSE Bug 1250205 for CVE-2025-39828",
"url": "https://bugzilla.suse.com/1250205"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39828"
},
{
"cve": "CVE-2025-39830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39830"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: HWS, Fix memory leak in hws_pool_buddy_init error path\n\nIn the error path of hws_pool_buddy_init(), the buddy allocator cleanup\ndoesn\u0027t free the allocator structure itself, causing a memory leak.\n\nAdd the missing kfree() to properly release all allocated memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39830",
"url": "https://www.suse.com/security/cve/CVE-2025-39830"
},
{
"category": "external",
"summary": "SUSE Bug 1249974 for CVE-2025-39830",
"url": "https://bugzilla.suse.com/1249974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39830"
},
{
"cve": "CVE-2025-39832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39832"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix lockdep assertion on sync reset unload event\n\nFix lockdep assertion triggered during sync reset unload event. When the\nsync reset flow is initiated using the devlink reload fw_activate\noption, the PF already holds the devlink lock while handling unload\nevent. In this case, delegate sync reset unload event handling back to\nthe devlink callback process to avoid double-locking and resolve the\nlockdep warning.\n\nKernel log:\nWARNING: CPU: 9 PID: 1578 at devl_assert_locked+0x31/0x40\n[...]\nCall Trace:\n\u003cTASK\u003e\n mlx5_unload_one_devl_locked+0x2c/0xc0 [mlx5_core]\n mlx5_sync_reset_unload_event+0xaf/0x2f0 [mlx5_core]\n process_one_work+0x222/0x640\n worker_thread+0x199/0x350\n kthread+0x10b/0x230\n ? __pfx_worker_thread+0x10/0x10\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x8e/0x100\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n\u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39832",
"url": "https://www.suse.com/security/cve/CVE-2025-39832"
},
{
"category": "external",
"summary": "SUSE Bug 1249901 for CVE-2025-39832",
"url": "https://bugzilla.suse.com/1249901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39832"
},
{
"cve": "CVE-2025-39833",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39833"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmISDN: hfcpci: Fix warning when deleting uninitialized timer\n\nWith CONFIG_DEBUG_OBJECTS_TIMERS unloading hfcpci module leads\nto the following splat:\n\n[ 250.215892] ODEBUG: assert_init not available (active state 0) object: ffffffffc01a3dc0 object type: timer_list hint: 0x0\n[ 250.217520] WARNING: CPU: 0 PID: 233 at lib/debugobjects.c:612 debug_print_object+0x1b6/0x2c0\n[ 250.218775] Modules linked in: hfcpci(-) mISDN_core\n[ 250.219537] CPU: 0 UID: 0 PID: 233 Comm: rmmod Not tainted 6.17.0-rc2-g6f713187ac98 #2 PREEMPT(voluntary)\n[ 250.220940] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 250.222377] RIP: 0010:debug_print_object+0x1b6/0x2c0\n[ 250.223131] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 4f 41 56 48 8b 14 dd a0 4e 01 9f 48 89 ee 48 c7 c7 20 46 01 9f e8 cb 84d\n[ 250.225805] RSP: 0018:ffff888015ea7c08 EFLAGS: 00010286\n[ 250.226608] RAX: 0000000000000000 RBX: 0000000000000005 RCX: ffffffff9be93a95\n[ 250.227708] RDX: 1ffff1100d945138 RSI: 0000000000000008 RDI: ffff88806ca289c0\n[ 250.228993] RBP: ffffffff9f014a00 R08: 0000000000000001 R09: ffffed1002bd4f39\n[ 250.230043] R10: ffff888015ea79cf R11: 0000000000000001 R12: 0000000000000001\n[ 250.231185] R13: ffffffff9eea0520 R14: 0000000000000000 R15: ffff888015ea7cc8\n[ 250.232454] FS: 00007f3208f01540(0000) GS:ffff8880caf5a000(0000) knlGS:0000000000000000\n[ 250.233851] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 250.234856] CR2: 00007f32090a7421 CR3: 0000000004d63000 CR4: 00000000000006f0\n[ 250.236117] Call Trace:\n[ 250.236599] \u003cTASK\u003e\n[ 250.236967] ? trace_irq_enable.constprop.0+0xd4/0x130\n[ 250.237920] debug_object_assert_init+0x1f6/0x310\n[ 250.238762] ? __pfx_debug_object_assert_init+0x10/0x10\n[ 250.239658] ? __lock_acquire+0xdea/0x1c70\n[ 250.240369] __try_to_del_timer_sync+0x69/0x140\n[ 250.241172] ? __pfx___try_to_del_timer_sync+0x10/0x10\n[ 250.242058] ? __timer_delete_sync+0xc6/0x120\n[ 250.242842] ? lock_acquire+0x30/0x80\n[ 250.243474] ? __timer_delete_sync+0xc6/0x120\n[ 250.244262] __timer_delete_sync+0x98/0x120\n[ 250.245015] HFC_cleanup+0x10/0x20 [hfcpci]\n[ 250.245704] __do_sys_delete_module+0x348/0x510\n[ 250.246461] ? __pfx___do_sys_delete_module+0x10/0x10\n[ 250.247338] do_syscall_64+0xc1/0x360\n[ 250.247924] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFix this by initializing hfc_tl timer with DEFINE_TIMER macro.\nAlso, use mod_timer instead of manual timeout update.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39833",
"url": "https://www.suse.com/security/cve/CVE-2025-39833"
},
{
"category": "external",
"summary": "SUSE Bug 1250028 for CVE-2025-39833",
"url": "https://bugzilla.suse.com/1250028"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39833"
},
{
"cve": "CVE-2025-39834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39834"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: HWS, Fix memory leak in hws_action_get_shared_stc_nic error flow\n\nWhen an invalid stc_type is provided, the function allocates memory for\nshared_stc but jumps to unlock_and_out without freeing it, causing a\nmemory leak.\n\nFix by jumping to free_shared_stc label instead to ensure proper cleanup.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39834",
"url": "https://www.suse.com/security/cve/CVE-2025-39834"
},
{
"category": "external",
"summary": "SUSE Bug 1250021 for CVE-2025-39834",
"url": "https://bugzilla.suse.com/1250021"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39834"
},
{
"cve": "CVE-2025-39835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39835"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: do not propagate ENODATA disk errors into xattr code\n\nENODATA (aka ENOATTR) has a very specific meaning in the xfs xattr code;\nnamely, that the requested attribute name could not be found.\n\nHowever, a medium error from disk may also return ENODATA. At best,\nthis medium error may escape to userspace as \"attribute not found\"\nwhen in fact it\u0027s an IO (disk) error.\n\nAt worst, we may oops in xfs_attr_leaf_get() when we do:\n\n\terror = xfs_attr_leaf_hasname(args, \u0026bp);\n\tif (error == -ENOATTR) {\n\t\txfs_trans_brelse(args-\u003etrans, bp);\n\t\treturn error;\n\t}\n\nbecause an ENODATA/ENOATTR error from disk leaves us with a null bp,\nand the xfs_trans_brelse will then null-deref it.\n\nAs discussed on the list, we really need to modify the lower level\nIO functions to trap all disk errors and ensure that we don\u0027t let\nunique errors like this leak up into higher xfs functions - many\nlike this should be remapped to EIO.\n\nHowever, this patch directly addresses a reported bug in the xattr\ncode, and should be safe to backport to stable kernels. A larger-scope\npatch to handle more unique errors at lower levels can follow later.\n\n(Note, prior to 07120f1abdff we did not oops, but we did return the\nwrong error code to userspace.)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39835",
"url": "https://www.suse.com/security/cve/CVE-2025-39835"
},
{
"category": "external",
"summary": "SUSE Bug 1250025 for CVE-2025-39835",
"url": "https://bugzilla.suse.com/1250025"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39835"
},
{
"cve": "CVE-2025-39836",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39836"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi: stmm: Fix incorrect buffer allocation method\n\nThe communication buffer allocated by setup_mm_hdr() is later on passed\nto tee_shm_register_kernel_buf(). The latter expects those buffers to be\ncontiguous pages, but setup_mm_hdr() just uses kmalloc(). That can cause\nvarious corruptions or BUGs, specifically since commit 9aec2fb0fd5e\n(\"slab: allocate frozen pages\"), though it was broken before as well.\n\nFix this by using alloc_pages_exact() instead of kmalloc().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39836",
"url": "https://www.suse.com/security/cve/CVE-2025-39836"
},
{
"category": "external",
"summary": "SUSE Bug 1249904 for CVE-2025-39836",
"url": "https://bugzilla.suse.com/1249904"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39836"
},
{
"cve": "CVE-2025-39838",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39838"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: prevent NULL pointer dereference in UTF16 conversion\n\nThere can be a NULL pointer dereference bug here. NULL is passed to\n__cifs_sfu_make_node without checks, which passes it unchecked to\ncifs_strndup_to_utf16, which in turn passes it to\ncifs_local_to_utf16_bytes where \u0027*from\u0027 is dereferenced, causing a crash.\n\nThis patch adds a check for NULL \u0027src\u0027 in cifs_strndup_to_utf16 and\nreturns NULL early to prevent dereferencing NULL pointer.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39838",
"url": "https://www.suse.com/security/cve/CVE-2025-39838"
},
{
"category": "external",
"summary": "SUSE Bug 1250365 for CVE-2025-39838",
"url": "https://bugzilla.suse.com/1250365"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39838"
},
{
"cve": "CVE-2025-39839",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39839"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: fix OOB read/write in network-coding decode\n\nbatadv_nc_skb_decode_packet() trusts coded_len and checks only against\nskb-\u003elen. XOR starts at sizeof(struct batadv_unicast_packet), reducing\npayload headroom, and the source skb length is not verified, allowing an\nout-of-bounds read and a small out-of-bounds write.\n\nValidate that coded_len fits within the payload area of both destination\nand source sk_buffs before XORing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39839",
"url": "https://www.suse.com/security/cve/CVE-2025-39839"
},
{
"category": "external",
"summary": "SUSE Bug 1250291 for CVE-2025-39839",
"url": "https://bugzilla.suse.com/1250291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39839"
},
{
"cve": "CVE-2025-39841",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39841"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix buffer free/clear order in deferred receive path\n\nFix a use-after-free window by correcting the buffer release sequence in\nthe deferred receive path. The code freed the RQ buffer first and only\nthen cleared the context pointer under the lock. Concurrent paths (e.g.,\nABTS and the repost path) also inspect and release the same pointer under\nthe lock, so the old order could lead to double-free/UAF.\n\nNote that the repost path already uses the correct pattern: detach the\npointer under the lock, then free it after dropping the lock. The\ndeferred path should do the same.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39841",
"url": "https://www.suse.com/security/cve/CVE-2025-39841"
},
{
"category": "external",
"summary": "SUSE Bug 1250274 for CVE-2025-39841",
"url": "https://bugzilla.suse.com/1250274"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39841"
},
{
"cve": "CVE-2025-39842",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39842"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: prevent release journal inode after journal shutdown\n\nBefore calling ocfs2_delete_osb(), ocfs2_journal_shutdown() has already\nbeen executed in ocfs2_dismount_volume(), so osb-\u003ejournal must be NULL. \nTherefore, the following calltrace will inevitably fail when it reaches\njbd2_journal_release_jbd_inode().\n\nocfs2_dismount_volume()-\u003e\n ocfs2_delete_osb()-\u003e\n ocfs2_free_slot_info()-\u003e\n __ocfs2_free_slot_info()-\u003e\n evict()-\u003e\n ocfs2_evict_inode()-\u003e\n ocfs2_clear_inode()-\u003e\n\t jbd2_journal_release_jbd_inode(osb-\u003ejournal-\u003ej_journal,\n\nAdding osb-\u003ejournal checks will prevent null-ptr-deref during the above\nexecution path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39842",
"url": "https://www.suse.com/security/cve/CVE-2025-39842"
},
{
"category": "external",
"summary": "SUSE Bug 1250267 for CVE-2025-39842",
"url": "https://bugzilla.suse.com/1250267"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39842"
},
{
"cve": "CVE-2025-39844",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39844"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: move page table sync declarations to linux/pgtable.h\n\nDuring our internal testing, we started observing intermittent boot\nfailures when the machine uses 4-level paging and has a large amount of\npersistent memory:\n\n BUG: unable to handle page fault for address: ffffe70000000034\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD 0 P4D 0 \n Oops: 0002 [#1] SMP NOPTI\n RIP: 0010:__init_single_page+0x9/0x6d\n Call Trace:\n \u003cTASK\u003e\n __init_zone_device_page+0x17/0x5d\n memmap_init_zone_device+0x154/0x1bb\n pagemap_range+0x2e0/0x40f\n memremap_pages+0x10b/0x2f0\n devm_memremap_pages+0x1e/0x60\n dev_dax_probe+0xce/0x2ec [device_dax]\n dax_bus_probe+0x6d/0xc9\n [... snip ...]\n \u003c/TASK\u003e\n\nIt turns out that the kernel panics while initializing vmemmap (struct\npage array) when the vmemmap region spans two PGD entries, because the new\nPGD entry is only installed in init_mm.pgd, but not in the page tables of\nother tasks.\n\nAnd looking at __populate_section_memmap():\n if (vmemmap_can_optimize(altmap, pgmap)) \n // does not sync top level page tables\n r = vmemmap_populate_compound_pages(pfn, start, end, nid, pgmap);\n else \n // sync top level page tables in x86\n r = vmemmap_populate(start, end, nid, altmap);\n\nIn the normal path, vmemmap_populate() in arch/x86/mm/init_64.c\nsynchronizes the top level page table (See commit 9b861528a801 (\"x86-64,\nmem: Update all PGDs for direct mapping and vmemmap mapping changes\")) so\nthat all tasks in the system can see the new vmemmap area.\n\nHowever, when vmemmap_can_optimize() returns true, the optimized path\nskips synchronization of top-level page tables. This is because\nvmemmap_populate_compound_pages() is implemented in core MM code, which\ndoes not handle synchronization of the top-level page tables. Instead,\nthe core MM has historically relied on each architecture to perform this\nsynchronization manually.\n\nWe\u0027re not the first party to encounter a crash caused by not-sync\u0027d top\nlevel page tables: earlier this year, Gwan-gyeong Mun attempted to address\nthe issue [1] [2] after hitting a kernel panic when x86 code accessed the\nvmemmap area before the corresponding top-level entries were synced. At\nthat time, the issue was believed to be triggered only when struct page\nwas enlarged for debugging purposes, and the patch did not get further\nupdates.\n\nIt turns out that current approach of relying on each arch to handle the\npage table sync manually is fragile because 1) it\u0027s easy to forget to sync\nthe top level page table, and 2) it\u0027s also easy to overlook that the\nkernel should not access the vmemmap and direct mapping areas before the\nsync.\n\n# The solution: Make page table sync more code robust and harder to miss\n\nTo address this, Dave Hansen suggested [3] [4] introducing\n{pgd,p4d}_populate_kernel() for updating kernel portion of the page tables\nand allow each architecture to explicitly perform synchronization when\ninstalling top-level entries. With this approach, we no longer need to\nworry about missing the sync step, reducing the risk of future\nregressions.\n\nThe new interface reuses existing ARCH_PAGE_TABLE_SYNC_MASK,\nPGTBL_P*D_MODIFIED and arch_sync_kernel_mappings() facility used by\nvmalloc and ioremap to synchronize page tables.\n\npgd_populate_kernel() looks like this:\nstatic inline void pgd_populate_kernel(unsigned long addr, pgd_t *pgd,\n p4d_t *p4d)\n{\n pgd_populate(\u0026init_mm, pgd, p4d);\n if (ARCH_PAGE_TABLE_SYNC_MASK \u0026 PGTBL_PGD_MODIFIED)\n arch_sync_kernel_mappings(addr, addr);\n}\n\nIt is worth noting that vmalloc() and apply_to_range() carefully\nsynchronizes page tables by calling p*d_alloc_track() and\narch_sync_kernel_mappings(), and thus they are not affected by\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39844",
"url": "https://www.suse.com/security/cve/CVE-2025-39844"
},
{
"category": "external",
"summary": "SUSE Bug 1250268 for CVE-2025-39844",
"url": "https://bugzilla.suse.com/1250268"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39844"
},
{
"cve": "CVE-2025-39845",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39845"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings()\n\nDefine ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() to ensure\npage tables are properly synchronized when calling p*d_populate_kernel().\n\nFor 5-level paging, synchronization is performed via\npgd_populate_kernel(). In 4-level paging, pgd_populate() is a no-op, so\nsynchronization is instead performed at the P4D level via\np4d_populate_kernel().\n\nThis fixes intermittent boot failures on systems using 4-level paging and\na large amount of persistent memory:\n\n BUG: unable to handle page fault for address: ffffe70000000034\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD 0 P4D 0\n Oops: 0002 [#1] SMP NOPTI\n RIP: 0010:__init_single_page+0x9/0x6d\n Call Trace:\n \u003cTASK\u003e\n __init_zone_device_page+0x17/0x5d\n memmap_init_zone_device+0x154/0x1bb\n pagemap_range+0x2e0/0x40f\n memremap_pages+0x10b/0x2f0\n devm_memremap_pages+0x1e/0x60\n dev_dax_probe+0xce/0x2ec [device_dax]\n dax_bus_probe+0x6d/0xc9\n [... snip ...]\n \u003c/TASK\u003e\n\nIt also fixes a crash in vmemmap_set_pmd() caused by accessing vmemmap\nbefore sync_global_pgds() [1]:\n\n BUG: unable to handle page fault for address: ffffeb3ff1200000\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0002 [#1] PREEMPT SMP NOPTI\n Tainted: [W]=WARN\n RIP: 0010:vmemmap_set_pmd+0xff/0x230\n \u003cTASK\u003e\n vmemmap_populate_hugepages+0x176/0x180\n vmemmap_populate+0x34/0x80\n __populate_section_memmap+0x41/0x90\n sparse_add_section+0x121/0x3e0\n __add_pages+0xba/0x150\n add_pages+0x1d/0x70\n memremap_pages+0x3dc/0x810\n devm_memremap_pages+0x1c/0x60\n xe_devm_add+0x8b/0x100 [xe]\n xe_tile_init_noalloc+0x6a/0x70 [xe]\n xe_device_probe+0x48c/0x740 [xe]\n [... snip ...]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39845",
"url": "https://www.suse.com/security/cve/CVE-2025-39845"
},
{
"category": "external",
"summary": "SUSE Bug 1250262 for CVE-2025-39845",
"url": "https://bugzilla.suse.com/1250262"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39845"
},
{
"cve": "CVE-2025-39847",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39847"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nppp: fix memory leak in pad_compress_skb\n\nIf alloc_skb() fails in pad_compress_skb(), it returns NULL without\nreleasing the old skb. The caller does:\n\n skb = pad_compress_skb(ppp, skb);\n if (!skb)\n goto drop;\n\ndrop:\n kfree_skb(skb);\n\nWhen pad_compress_skb() returns NULL, the reference to the old skb is\nlost and kfree_skb(skb) ends up doing nothing, leading to a memory leak.\n\nAlign pad_compress_skb() semantics with realloc(): only free the old\nskb if allocation and compression succeed. At the call site, use the\nnew_skb variable so the original skb is not lost when pad_compress_skb()\nfails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39847",
"url": "https://www.suse.com/security/cve/CVE-2025-39847"
},
{
"category": "external",
"summary": "SUSE Bug 1250292 for CVE-2025-39847",
"url": "https://bugzilla.suse.com/1250292"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39847"
},
{
"cve": "CVE-2025-39848",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39848"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nax25: properly unshare skbs in ax25_kiss_rcv()\n\nBernard Pidoux reported a regression apparently caused by commit\nc353e8983e0d (\"net: introduce per netns packet chains\").\n\nskb-\u003edev becomes NULL and we crash in __netif_receive_skb_core().\n\nBefore above commit, different kind of bugs or corruptions could happen\nwithout a major crash.\n\nBut the root cause is that ax25_kiss_rcv() can queue/mangle input skb\nwithout checking if this skb is shared or not.\n\nMany thanks to Bernard Pidoux for his help, diagnosis and tests.\n\nWe had a similar issue years ago fixed with commit 7aaed57c5c28\n(\"phonet: properly unshare skbs in phonet_rcv()\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39848",
"url": "https://www.suse.com/security/cve/CVE-2025-39848"
},
{
"category": "external",
"summary": "SUSE Bug 1250298 for CVE-2025-39848",
"url": "https://bugzilla.suse.com/1250298"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39848"
},
{
"cve": "CVE-2025-39849",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39849"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result()\n\nIf the ssid-\u003edatalen is more than IEEE80211_MAX_SSID_LEN (32) it would\nlead to memory corruption so add some bounds checking.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39849",
"url": "https://www.suse.com/security/cve/CVE-2025-39849"
},
{
"category": "external",
"summary": "SUSE Bug 1250266 for CVE-2025-39849",
"url": "https://bugzilla.suse.com/1250266"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39849"
},
{
"cve": "CVE-2025-39850",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39850"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects\n\nWhen the \"proxy\" option is enabled on a VXLAN device, the device will\nsuppress ARP requests and IPv6 Neighbor Solicitation messages if it is\nable to reply on behalf of the remote host. That is, if a matching and\nvalid neighbor entry is configured on the VXLAN device whose MAC address\nis not behind the \"any\" remote (0.0.0.0 / ::).\n\nThe code currently assumes that the FDB entry for the neighbor\u0027s MAC\naddress points to a valid remote destination, but this is incorrect if\nthe entry is associated with an FDB nexthop group. This can result in a\nNPD [1][3] which can be reproduced using [2][4].\n\nFix by checking that the remote destination exists before dereferencing\nit.\n\n[1]\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n[...]\nCPU: 4 UID: 0 PID: 365 Comm: arping Not tainted 6.17.0-rc2-virtme-g2a89cb21162c #2 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-4.fc41 04/01/2014\nRIP: 0010:vxlan_xmit+0xb58/0x15f0\n[...]\nCall Trace:\n \u003cTASK\u003e\n dev_hard_start_xmit+0x5d/0x1c0\n __dev_queue_xmit+0x246/0xfd0\n packet_sendmsg+0x113a/0x1850\n __sock_sendmsg+0x38/0x70\n __sys_sendto+0x126/0x180\n __x64_sys_sendto+0x24/0x30\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n[2]\n #!/bin/bash\n\n ip address add 192.0.2.1/32 dev lo\n\n ip nexthop add id 1 via 192.0.2.2 fdb\n ip nexthop add id 10 group 1 fdb\n\n ip link add name vx0 up type vxlan id 10010 local 192.0.2.1 dstport 4789 proxy\n\n ip neigh add 192.0.2.3 lladdr 00:11:22:33:44:55 nud perm dev vx0\n\n bridge fdb add 00:11:22:33:44:55 dev vx0 self static nhid 10\n\n arping -b -c 1 -s 192.0.2.1 -I vx0 192.0.2.3\n\n[3]\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n[...]\nCPU: 13 UID: 0 PID: 372 Comm: ndisc6 Not tainted 6.17.0-rc2-virtmne-g6ee90cb26014 #3 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1v996), BIOS 1.17.0-4.fc41 04/01/2x014\nRIP: 0010:vxlan_xmit+0x803/0x1600\n[...]\nCall Trace:\n \u003cTASK\u003e\n dev_hard_start_xmit+0x5d/0x1c0\n __dev_queue_xmit+0x246/0xfd0\n ip6_finish_output2+0x210/0x6c0\n ip6_finish_output+0x1af/0x2b0\n ip6_mr_output+0x92/0x3e0\n ip6_send_skb+0x30/0x90\n rawv6_sendmsg+0xe6e/0x12e0\n __sock_sendmsg+0x38/0x70\n __sys_sendto+0x126/0x180\n __x64_sys_sendto+0x24/0x30\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\nRIP: 0033:0x7f383422ec77\n\n[4]\n #!/bin/bash\n\n ip address add 2001:db8:1::1/128 dev lo\n\n ip nexthop add id 1 via 2001:db8:1::1 fdb\n ip nexthop add id 10 group 1 fdb\n\n ip link add name vx0 up type vxlan id 10010 local 2001:db8:1::1 dstport 4789 proxy\n\n ip neigh add 2001:db8:1::3 lladdr 00:11:22:33:44:55 nud perm dev vx0\n\n bridge fdb add 00:11:22:33:44:55 dev vx0 self static nhid 10\n\n ndisc6 -r 1 -s 2001:db8:1::1 -w 1 2001:db8:1::3 vx0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39850",
"url": "https://www.suse.com/security/cve/CVE-2025-39850"
},
{
"category": "external",
"summary": "SUSE Bug 1250276 for CVE-2025-39850",
"url": "https://bugzilla.suse.com/1250276"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39850"
},
{
"cve": "CVE-2025-39851",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39851"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: Fix NPD when refreshing an FDB entry with a nexthop object\n\nVXLAN FDB entries can point to either a remote destination or an FDB\nnexthop group. The latter is usually used in EVPN deployments where\nlearning is disabled.\n\nHowever, when learning is enabled, an incoming packet might try to\nrefresh an FDB entry that points to an FDB nexthop group and therefore\ndoes not have a remote. Such packets should be dropped, but they are\nonly dropped after dereferencing the non-existent remote, resulting in a\nNPD [1] which can be reproduced using [2].\n\nFix by dropping such packets earlier. Remove the misleading comment from\nfirst_remote_rcu().\n\n[1]\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n[...]\nCPU: 13 UID: 0 PID: 361 Comm: mausezahn Not tainted 6.17.0-rc1-virtme-g9f6b606b6b37 #1 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-4.fc41 04/01/2014\nRIP: 0010:vxlan_snoop+0x98/0x1e0\n[...]\nCall Trace:\n \u003cTASK\u003e\n vxlan_encap_bypass+0x209/0x240\n encap_bypass_if_local+0xb1/0x100\n vxlan_xmit_one+0x1375/0x17e0\n vxlan_xmit+0x6b4/0x15f0\n dev_hard_start_xmit+0x5d/0x1c0\n __dev_queue_xmit+0x246/0xfd0\n packet_sendmsg+0x113a/0x1850\n __sock_sendmsg+0x38/0x70\n __sys_sendto+0x126/0x180\n __x64_sys_sendto+0x24/0x30\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n[2]\n #!/bin/bash\n\n ip address add 192.0.2.1/32 dev lo\n ip address add 192.0.2.2/32 dev lo\n\n ip nexthop add id 1 via 192.0.2.3 fdb\n ip nexthop add id 10 group 1 fdb\n\n ip link add name vx0 up type vxlan id 10010 local 192.0.2.1 dstport 12345 localbypass\n ip link add name vx1 up type vxlan id 10020 local 192.0.2.2 dstport 54321 learning\n\n bridge fdb add 00:11:22:33:44:55 dev vx0 self static dst 192.0.2.2 port 54321 vni 10020\n bridge fdb add 00:aa:bb:cc:dd:ee dev vx1 self static nhid 10\n\n mausezahn vx0 -a 00:aa:bb:cc:dd:ee -b 00:11:22:33:44:55 -c 1 -q",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39851",
"url": "https://www.suse.com/security/cve/CVE-2025-39851"
},
{
"category": "external",
"summary": "SUSE Bug 1250296 for CVE-2025-39851",
"url": "https://bugzilla.suse.com/1250296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39851"
},
{
"cve": "CVE-2025-39852",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39852"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/tcp: Fix socket memory leak in TCP-AO failure handling for IPv6\n\nWhen tcp_ao_copy_all_matching() fails in tcp_v6_syn_recv_sock() it just\nexits the function. This ends up causing a memory-leak:\n\nunreferenced object 0xffff0000281a8200 (size 2496):\n comm \"softirq\", pid 0, jiffies 4295174684\n hex dump (first 32 bytes):\n 7f 00 00 06 7f 00 00 06 00 00 00 00 cb a8 88 13 ................\n 0a 00 03 61 00 00 00 00 00 00 00 00 00 00 00 00 ...a............\n backtrace (crc 5ebdbe15):\n kmemleak_alloc+0x44/0xe0\n kmem_cache_alloc_noprof+0x248/0x470\n sk_prot_alloc+0x48/0x120\n sk_clone_lock+0x38/0x3b0\n inet_csk_clone_lock+0x34/0x150\n tcp_create_openreq_child+0x3c/0x4a8\n tcp_v6_syn_recv_sock+0x1c0/0x620\n tcp_check_req+0x588/0x790\n tcp_v6_rcv+0x5d0/0xc18\n ip6_protocol_deliver_rcu+0x2d8/0x4c0\n ip6_input_finish+0x74/0x148\n ip6_input+0x50/0x118\n ip6_sublist_rcv+0x2fc/0x3b0\n ipv6_list_rcv+0x114/0x170\n __netif_receive_skb_list_core+0x16c/0x200\n netif_receive_skb_list_internal+0x1f0/0x2d0\n\nThis is because in tcp_v6_syn_recv_sock (and the IPv4 counterpart), when\nexiting upon error, inet_csk_prepare_forced_close() and tcp_done() need\nto be called. They make sure the newsk will end up being correctly\nfree\u0027d.\n\ntcp_v4_syn_recv_sock() makes this very clear by having the put_and_exit\nlabel that takes care of things. So, this patch here makes sure\ntcp_v4_syn_recv_sock and tcp_v6_syn_recv_sock have similar\nerror-handling and thus fixes the leak for TCP-AO.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39852",
"url": "https://www.suse.com/security/cve/CVE-2025-39852"
},
{
"category": "external",
"summary": "SUSE Bug 1250258 for CVE-2025-39852",
"url": "https://bugzilla.suse.com/1250258"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39852"
},
{
"cve": "CVE-2025-39853",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39853"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: Fix potential invalid access when MAC list is empty\n\nlist_first_entry() never returns NULL - if the list is empty, it still\nreturns a pointer to an invalid object, leading to potential invalid\nmemory access when dereferenced.\n\nFix this by using list_first_entry_or_null instead of list_first_entry.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39853",
"url": "https://www.suse.com/security/cve/CVE-2025-39853"
},
{
"category": "external",
"summary": "SUSE Bug 1250275 for CVE-2025-39853",
"url": "https://bugzilla.suse.com/1250275"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39853"
},
{
"cve": "CVE-2025-39854",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39854"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix NULL access of tx-\u003ein_use in ice_ll_ts_intr\n\nRecent versions of the E810 firmware have support for an extra interrupt to\nhandle report of the \"low latency\" Tx timestamps coming from the\nspecialized low latency firmware interface. Instead of polling the\nregisters, software can wait until the low latency interrupt is fired.\n\nThis logic makes use of the Tx timestamp tracking structure, ice_ptp_tx, as\nit uses the same \"ready\" bitmap to track which Tx timestamps complete.\n\nUnfortunately, the ice_ll_ts_intr() function does not check if the\ntracker is initialized before its first access. This results in NULL\ndereference or use-after-free bugs similar to the issues fixed in the\nice_ptp_ts_irq() function.\n\nFix this by only checking the in_use bitmap (and other fields) if the\ntracker is marked as initialized. The reset flow will clear the init field\nunder lock before it tears the tracker down, thus preventing any\nuse-after-free or NULL access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39854",
"url": "https://www.suse.com/security/cve/CVE-2025-39854"
},
{
"category": "external",
"summary": "SUSE Bug 1250297 for CVE-2025-39854",
"url": "https://bugzilla.suse.com/1250297"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39854"
},
{
"cve": "CVE-2025-39857",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39857"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync()\n\nBUG: kernel NULL pointer dereference, address: 00000000000002ec\nPGD 0 P4D 0\nOops: Oops: 0000 [#1] SMP PTI\nCPU: 28 UID: 0 PID: 343 Comm: kworker/28:1 Kdump: loaded Tainted: G OE 6.17.0-rc2+ #9 NONE\nTainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\nWorkqueue: smc_hs_wq smc_listen_work [smc]\nRIP: 0010:smc_ib_is_sg_need_sync+0x9e/0xd0 [smc]\n...\nCall Trace:\n \u003cTASK\u003e\n smcr_buf_map_link+0x211/0x2a0 [smc]\n __smc_buf_create+0x522/0x970 [smc]\n smc_buf_create+0x3a/0x110 [smc]\n smc_find_rdma_v2_device_serv+0x18f/0x240 [smc]\n ? smc_vlan_by_tcpsk+0x7e/0xe0 [smc]\n smc_listen_find_device+0x1dd/0x2b0 [smc]\n smc_listen_work+0x30f/0x580 [smc]\n process_one_work+0x18c/0x340\n worker_thread+0x242/0x360\n kthread+0xe7/0x220\n ret_from_fork+0x13a/0x160\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nIf the software RoCE device is used, ibdev-\u003edma_device is a null pointer.\nAs a result, the problem occurs. Null pointer detection is added to\nprevent problems.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39857",
"url": "https://www.suse.com/security/cve/CVE-2025-39857"
},
{
"category": "external",
"summary": "SUSE Bug 1250251 for CVE-2025-39857",
"url": "https://bugzilla.suse.com/1250251"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39857"
},
{
"cve": "CVE-2025-39860",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39860"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix use-after-free in l2cap_sock_cleanup_listen()\n\nsyzbot reported the splat below without a repro.\n\nIn the splat, a single thread calling bt_accept_dequeue() freed sk\nand touched it after that.\n\nThe root cause would be the racy l2cap_sock_cleanup_listen() call\nadded by the cited commit.\n\nbt_accept_dequeue() is called under lock_sock() except for\nl2cap_sock_release().\n\nTwo threads could see the same socket during the list iteration\nin bt_accept_dequeue():\n\n CPU1 CPU2 (close())\n ---- ----\n sock_hold(sk) sock_hold(sk);\n lock_sock(sk) \u003c-- block close()\n sock_put(sk)\n bt_accept_unlink(sk)\n sock_put(sk) \u003c-- refcnt by bt_accept_enqueue()\n release_sock(sk)\n lock_sock(sk)\n sock_put(sk)\n bt_accept_unlink(sk)\n sock_put(sk) \u003c-- last refcnt\n bt_accept_unlink(sk) \u003c-- UAF\n\nDepending on the timing, the other thread could show up in the\n\"Freed by task\" part.\n\nLet\u0027s call l2cap_sock_cleanup_listen() under lock_sock() in\nl2cap_sock_release().\n\n[0]:\nBUG: KASAN: slab-use-after-free in debug_spin_lock_before kernel/locking/spinlock_debug.c:86 [inline]\nBUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x26f/0x2b0 kernel/locking/spinlock_debug.c:115\nRead of size 4 at addr ffff88803b7eb1c4 by task syz.5.3276/16995\nCPU: 3 UID: 0 PID: 16995 Comm: syz.5.3276 Not tainted syzkaller #0 PREEMPT(full)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xcd/0x630 mm/kasan/report.c:482\n kasan_report+0xe0/0x110 mm/kasan/report.c:595\n debug_spin_lock_before kernel/locking/spinlock_debug.c:86 [inline]\n do_raw_spin_lock+0x26f/0x2b0 kernel/locking/spinlock_debug.c:115\n spin_lock_bh include/linux/spinlock.h:356 [inline]\n release_sock+0x21/0x220 net/core/sock.c:3746\n bt_accept_dequeue+0x505/0x600 net/bluetooth/af_bluetooth.c:312\n l2cap_sock_cleanup_listen+0x5c/0x2a0 net/bluetooth/l2cap_sock.c:1451\n l2cap_sock_release+0x5c/0x210 net/bluetooth/l2cap_sock.c:1425\n __sock_release+0xb3/0x270 net/socket.c:649\n sock_close+0x1c/0x30 net/socket.c:1439\n __fput+0x3ff/0xb70 fs/file_table.c:468\n task_work_run+0x14d/0x240 kernel/task_work.c:227\n resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]\n exit_to_user_mode_loop+0xeb/0x110 kernel/entry/common.c:43\n exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]\n syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline]\n syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline]\n do_syscall_64+0x3f6/0x4c0 arch/x86/entry/syscall_64.c:100\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f2accf8ebe9\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffdb6cb1378 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4\nRAX: 0000000000000000 RBX: 00000000000426fb RCX: 00007f2accf8ebe9\nRDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003\nRBP: 00007f2acd1b7da0 R08: 0000000000000001 R09: 00000012b6cb166f\nR10: 0000001b30e20000 R11: 0000000000000246 R12: 00007f2acd1b609c\nR13: 00007f2acd1b6090 R14: ffffffffffffffff R15: 00007ffdb6cb1490\n \u003c/TASK\u003e\n\nAllocated by task 5326:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:388 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:405\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4365 [inline]\n __kmalloc_nopro\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39860",
"url": "https://www.suse.com/security/cve/CVE-2025-39860"
},
{
"category": "external",
"summary": "SUSE Bug 1250247 for CVE-2025-39860",
"url": "https://bugzilla.suse.com/1250247"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39860"
},
{
"cve": "CVE-2025-39861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39861"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: vhci: Prevent use-after-free by removing debugfs files early\n\nMove the creation of debugfs files into a dedicated function, and ensure\nthey are explicitly removed during vhci_release(), before associated\ndata structures are freed.\n\nPreviously, debugfs files such as \"force_suspend\", \"force_wakeup\", and\nothers were created under hdev-\u003edebugfs but not removed in\nvhci_release(). Since vhci_release() frees the backing vhci_data\nstructure, any access to these files after release would result in\nuse-after-free errors.\n\nAlthough hdev-\u003edebugfs is later freed in hci_release_dev(), user can\naccess files after vhci_data is freed but before hdev-\u003edebugfs is\nreleased.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39861",
"url": "https://www.suse.com/security/cve/CVE-2025-39861"
},
{
"category": "external",
"summary": "SUSE Bug 1250249 for CVE-2025-39861",
"url": "https://bugzilla.suse.com/1250249"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39861"
},
{
"cve": "CVE-2025-39863",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39863"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work\n\nThe brcmf_btcoex_detach() only shuts down the btcoex timer, if the\nflag timer_on is false. However, the brcmf_btcoex_timerfunc(), which\nruns as timer handler, sets timer_on to false. This creates critical\nrace conditions:\n\n1.If brcmf_btcoex_detach() is called while brcmf_btcoex_timerfunc()\nis executing, it may observe timer_on as false and skip the call to\ntimer_shutdown_sync().\n\n2.The brcmf_btcoex_timerfunc() may then reschedule the brcmf_btcoex_info\nworker after the cancel_work_sync() has been executed, resulting in\nuse-after-free bugs.\n\nThe use-after-free bugs occur in two distinct scenarios, depending on\nthe timing of when the brcmf_btcoex_info struct is freed relative to\nthe execution of its worker thread.\n\nScenario 1: Freed before the worker is scheduled\n\nThe brcmf_btcoex_info is deallocated before the worker is scheduled.\nA race condition can occur when schedule_work(\u0026bt_local-\u003ework) is\ncalled after the target memory has been freed. The sequence of events\nis detailed below:\n\nCPU0 | CPU1\nbrcmf_btcoex_detach | brcmf_btcoex_timerfunc\n | bt_local-\u003etimer_on = false;\n if (cfg-\u003ebtcoex-\u003etimer_on) |\n ... |\n cancel_work_sync(); |\n ... |\n kfree(cfg-\u003ebtcoex); // FREE |\n | schedule_work(\u0026bt_local-\u003ework); // USE\n\nScenario 2: Freed after the worker is scheduled\n\nThe brcmf_btcoex_info is freed after the worker has been scheduled\nbut before or during its execution. In this case, statements within\nthe brcmf_btcoex_handler() - such as the container_of macro and\nsubsequent dereferences of the brcmf_btcoex_info object will cause\na use-after-free access. The following timeline illustrates this\nscenario:\n\nCPU0 | CPU1\nbrcmf_btcoex_detach | brcmf_btcoex_timerfunc\n | bt_local-\u003etimer_on = false;\n if (cfg-\u003ebtcoex-\u003etimer_on) |\n ... |\n cancel_work_sync(); |\n ... | schedule_work(); // Reschedule\n |\n kfree(cfg-\u003ebtcoex); // FREE | brcmf_btcoex_handler() // Worker\n /* | btci = container_of(....); // USE\n The kfree() above could | ...\n also occur at any point | btci-\u003e // USE\n during the worker\u0027s execution|\n */ |\n\nTo resolve the race conditions, drop the conditional check and call\ntimer_shutdown_sync() directly. It can deactivate the timer reliably,\nregardless of its current state. Once stopped, the timer_on state is\nthen set to false.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39863",
"url": "https://www.suse.com/security/cve/CVE-2025-39863"
},
{
"category": "external",
"summary": "SUSE Bug 1250281 for CVE-2025-39863",
"url": "https://bugzilla.suse.com/1250281"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39863"
},
{
"cve": "CVE-2025-39864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39864"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: fix use-after-free in cmp_bss()\n\nFollowing bss_free() quirk introduced in commit 776b3580178f\n(\"cfg80211: track hidden SSID networks properly\"), adjust\ncfg80211_update_known_bss() to free the last beacon frame\nelements only if they\u0027re not shared via the corresponding\n\u0027hidden_beacon_bss\u0027 pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39864",
"url": "https://www.suse.com/security/cve/CVE-2025-39864"
},
{
"category": "external",
"summary": "SUSE Bug 1250242 for CVE-2025-39864",
"url": "https://bugzilla.suse.com/1250242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39864"
},
{
"cve": "CVE-2025-39865",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39865"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntee: fix NULL pointer dereference in tee_shm_put\n\ntee_shm_put have NULL pointer dereference:\n\n__optee_disable_shm_cache --\u003e\n\tshm = reg_pair_to_ptr(...);//shm maybe return NULL\n tee_shm_free(shm); --\u003e\n\t\ttee_shm_put(shm);//crash\n\nAdd check in tee_shm_put to fix it.\n\npanic log:\nUnable to handle kernel paging request at virtual address 0000000000100cca\nMem abort info:\nESR = 0x0000000096000004\nEC = 0x25: DABT (current EL), IL = 32 bits\nSET = 0, FnV = 0\nEA = 0, S1PTW = 0\nFSC = 0x04: level 0 translation fault\nData abort info:\nISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\nCM = 0, WnR = 0, TnD = 0, TagAccess = 0\nGCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\nuser pgtable: 4k pages, 48-bit VAs, pgdp=0000002049d07000\n[0000000000100cca] pgd=0000000000000000, p4d=0000000000000000\nInternal error: Oops: 0000000096000004 [#1] SMP\nCPU: 2 PID: 14442 Comm: systemd-sleep Tainted: P OE ------- ----\n6.6.0-39-generic #38\nSource Version: 938b255f6cb8817c95b0dd5c8c2944acfce94b07\nHardware name: greatwall GW-001Y1A-FTH, BIOS Great Wall BIOS V3.0\n10/26/2022\npstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : tee_shm_put+0x24/0x188\nlr : tee_shm_free+0x14/0x28\nsp : ffff001f98f9faf0\nx29: ffff001f98f9faf0 x28: ffff0020df543cc0 x27: 0000000000000000\nx26: ffff001f811344a0 x25: ffff8000818dac00 x24: ffff800082d8d048\nx23: ffff001f850fcd18 x22: 0000000000000001 x21: ffff001f98f9fb88\nx20: ffff001f83e76218 x19: ffff001f83e761e0 x18: 000000000000ffff\nx17: 303a30303a303030 x16: 0000000000000000 x15: 0000000000000003\nx14: 0000000000000001 x13: 0000000000000000 x12: 0101010101010101\nx11: 0000000000000001 x10: 0000000000000001 x9 : ffff800080e08d0c\nx8 : ffff001f98f9fb88 x7 : 0000000000000000 x6 : 0000000000000000\nx5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000\nx2 : ffff001f83e761e0 x1 : 00000000ffff001f x0 : 0000000000100cca\nCall trace:\ntee_shm_put+0x24/0x188\ntee_shm_free+0x14/0x28\n__optee_disable_shm_cache+0xa8/0x108\noptee_shutdown+0x28/0x38\nplatform_shutdown+0x28/0x40\ndevice_shutdown+0x144/0x2b0\nkernel_power_off+0x3c/0x80\nhibernate+0x35c/0x388\nstate_store+0x64/0x80\nkobj_attr_store+0x14/0x28\nsysfs_kf_write+0x48/0x60\nkernfs_fop_write_iter+0x128/0x1c0\nvfs_write+0x270/0x370\nksys_write+0x6c/0x100\n__arm64_sys_write+0x20/0x30\ninvoke_syscall+0x4c/0x120\nel0_svc_common.constprop.0+0x44/0xf0\ndo_el0_svc+0x24/0x38\nel0_svc+0x24/0x88\nel0t_64_sync_handler+0x134/0x150\nel0t_64_sync+0x14c/0x15",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39865",
"url": "https://www.suse.com/security/cve/CVE-2025-39865"
},
{
"category": "external",
"summary": "SUSE Bug 1250294 for CVE-2025-39865",
"url": "https://bugzilla.suse.com/1250294"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39865"
},
{
"cve": "CVE-2025-39869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39869"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: ti: edma: Fix memory allocation size for queue_priority_map\n\nFix a critical memory allocation bug in edma_setup_from_hw() where\nqueue_priority_map was allocated with insufficient memory. The code\ndeclared queue_priority_map as s8 (*)[2] (pointer to array of 2 s8),\nbut allocated memory using sizeof(s8) instead of the correct size.\n\nThis caused out-of-bounds memory writes when accessing:\n queue_priority_map[i][0] = i;\n queue_priority_map[i][1] = i;\n\nThe bug manifested as kernel crashes with \"Oops - undefined instruction\"\non ARM platforms (BeagleBoard-X15) during EDMA driver probe, as the\nmemory corruption triggered kernel hardening features on Clang.\n\nChange the allocation to use sizeof(*queue_priority_map) which\nautomatically gets the correct size for the 2D array structure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39869",
"url": "https://www.suse.com/security/cve/CVE-2025-39869"
},
{
"category": "external",
"summary": "SUSE Bug 1250406 for CVE-2025-39869",
"url": "https://bugzilla.suse.com/1250406"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39869"
},
{
"cve": "CVE-2025-39870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39870"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix double free in idxd_setup_wqs()\n\nThe clean up in idxd_setup_wqs() has had a couple bugs because the error\nhandling is a bit subtle. It\u0027s simpler to just re-write it in a cleaner\nway. The issues here are:\n\n1) If \"idxd-\u003emax_wqs\" is \u003c= 0 then we call put_device(conf_dev) when\n \"conf_dev\" hasn\u0027t been initialized.\n2) If kzalloc_node() fails then again \"conf_dev\" is invalid. It\u0027s\n either uninitialized or it points to the \"conf_dev\" from the\n previous iteration so it leads to a double free.\n\nIt\u0027s better to free partial loop iterations within the loop and then\nthe unwinding at the end can handle whole loop iterations. I also\nrenamed the labels to describe what the goto does and not where the goto\nwas located.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39870",
"url": "https://www.suse.com/security/cve/CVE-2025-39870"
},
{
"category": "external",
"summary": "SUSE Bug 1250402 for CVE-2025-39870",
"url": "https://bugzilla.suse.com/1250402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39870"
},
{
"cve": "CVE-2025-39871",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39871"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Remove improper idxd_free\n\nThe call to idxd_free() introduces a duplicate put_device() leading to a\nreference count underflow:\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 15 PID: 4428 at lib/refcount.c:28 refcount_warn_saturate+0xbe/0x110\n...\nCall Trace:\n \u003cTASK\u003e\n idxd_remove+0xe4/0x120 [idxd]\n pci_device_remove+0x3f/0xb0\n device_release_driver_internal+0x197/0x200\n driver_detach+0x48/0x90\n bus_remove_driver+0x74/0xf0\n pci_unregister_driver+0x2e/0xb0\n idxd_exit_module+0x34/0x7a0 [idxd]\n __do_sys_delete_module.constprop.0+0x183/0x280\n do_syscall_64+0x54/0xd70\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe idxd_unregister_devices() which is invoked at the very beginning of\nidxd_remove(), already takes care of the necessary put_device() through the\nfollowing call path:\nidxd_unregister_devices() -\u003e device_unregister() -\u003e put_device()\n\nIn addition, when CONFIG_DEBUG_KOBJECT_RELEASE is enabled, put_device() may\ntrigger asynchronous cleanup via schedule_delayed_work(). If idxd_free() is\ncalled immediately after, it can result in a use-after-free.\n\nRemove the improper idxd_free() to avoid both the refcount underflow and\npotential memory corruption during module unload.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39871",
"url": "https://www.suse.com/security/cve/CVE-2025-39871"
},
{
"category": "external",
"summary": "SUSE Bug 1250377 for CVE-2025-39871",
"url": "https://bugzilla.suse.com/1250377"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39871"
},
{
"cve": "CVE-2025-39873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39873"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB\n\ncan_put_echo_skb() takes ownership of the SKB and it may be freed\nduring or after the call.\n\nHowever, xilinx_can xcan_write_frame() keeps using SKB after the call.\n\nFix that by only calling can_put_echo_skb() after the code is done\ntouching the SKB.\n\nThe tx_lock is held for the entire xcan_write_frame() execution and\nalso on the can_get_echo_skb() side so the order of operations does not\nmatter.\n\nAn earlier fix commit 3d3c817c3a40 (\"can: xilinx_can: Fix usage of skb\nmemory\") did not move the can_put_echo_skb() call far enough.\n\n[mkl: add \"commit\" in front of sha1 in patch description]\n[mkl: fix indention]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39873",
"url": "https://www.suse.com/security/cve/CVE-2025-39873"
},
{
"category": "external",
"summary": "SUSE Bug 1250371 for CVE-2025-39873",
"url": "https://bugzilla.suse.com/1250371"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39873"
},
{
"cve": "CVE-2025-39875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39875"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nigb: Fix NULL pointer dereference in ethtool loopback test\n\nThe igb driver currently causes a NULL pointer dereference when executing\nthe ethtool loopback test. This occurs because there is no associated\nq_vector for the test ring when it is set up, as interrupts are typically\nnot added to the test rings.\n\nSince commit 5ef44b3cb43b removed the napi_id assignment in\n__xdp_rxq_info_reg(), there is no longer a need to pass a napi_id to it.\nTherefore, simply use 0 as the last parameter.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39875",
"url": "https://www.suse.com/security/cve/CVE-2025-39875"
},
{
"category": "external",
"summary": "SUSE Bug 1250398 for CVE-2025-39875",
"url": "https://bugzilla.suse.com/1250398"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39875"
},
{
"cve": "CVE-2025-39877",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39877"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/sysfs: fix use-after-free in state_show()\n\nstate_show() reads kdamond-\u003edamon_ctx without holding damon_sysfs_lock. \nThis allows a use-after-free race:\n\nCPU 0 CPU 1\n----- -----\nstate_show() damon_sysfs_turn_damon_on()\nctx = kdamond-\u003edamon_ctx; mutex_lock(\u0026damon_sysfs_lock);\n damon_destroy_ctx(kdamond-\u003edamon_ctx);\n kdamond-\u003edamon_ctx = NULL;\n mutex_unlock(\u0026damon_sysfs_lock);\ndamon_is_running(ctx); /* ctx is freed */\nmutex_lock(\u0026ctx-\u003ekdamond_lock); /* UAF */\n\n(The race can also occur with damon_sysfs_kdamonds_rm_dirs() and\ndamon_sysfs_kdamond_release(), which free or replace the context under\ndamon_sysfs_lock.)\n\nFix by taking damon_sysfs_lock before dereferencing the context, mirroring\nthe locking used in pid_show().\n\nThe bug has existed since state_show() first accessed kdamond-\u003edamon_ctx.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39877",
"url": "https://www.suse.com/security/cve/CVE-2025-39877"
},
{
"category": "external",
"summary": "SUSE Bug 1250408 for CVE-2025-39877",
"url": "https://bugzilla.suse.com/1250408"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39877"
},
{
"cve": "CVE-2025-39882",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39882"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mediatek: fix potential OF node use-after-free\n\nThe for_each_child_of_node() helper drops the reference it takes to each\nnode as it iterates over children and an explicit of_node_put() is only\nneeded when exiting the loop early.\n\nDrop the recently introduced bogus additional reference count decrement\nat each iteration that could potentially lead to a use-after-free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39882",
"url": "https://www.suse.com/security/cve/CVE-2025-39882"
},
{
"category": "external",
"summary": "SUSE Bug 1250389 for CVE-2025-39882",
"url": "https://bugzilla.suse.com/1250389"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39882"
},
{
"cve": "CVE-2025-39884",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39884"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix subvolume deletion lockup caused by inodes xarray race\n\nThere is a race condition between inode eviction and inode caching that\ncan cause a live struct btrfs_inode to be missing from the root-\u003einodes\nxarray. Specifically, there is a window during evict() between the inode\nbeing unhashed and deleted from the xarray. If btrfs_iget() is called\nfor the same inode in that window, it will be recreated and inserted\ninto the xarray, but then eviction will delete the new entry, leaving\nnothing in the xarray:\n\nThread 1 Thread 2\n---------------------------------------------------------------\nevict()\n remove_inode_hash()\n btrfs_iget_path()\n btrfs_iget_locked()\n btrfs_read_locked_inode()\n btrfs_add_inode_to_root()\n destroy_inode()\n btrfs_destroy_inode()\n btrfs_del_inode_from_root()\n __xa_erase\n\nIn turn, this can cause issues for subvolume deletion. Specifically, if\nan inode is in this lost state, and all other inodes are evicted, then\nbtrfs_del_inode_from_root() will call btrfs_add_dead_root() prematurely.\nIf the lost inode has a delayed_node attached to it, then when\nbtrfs_clean_one_deleted_snapshot() calls btrfs_kill_all_delayed_nodes(),\nit will loop forever because the delayed_nodes xarray will never become\nempty (unless memory pressure forces the inode out). We saw this\nmanifest as soft lockups in production.\n\nFix it by only deleting the xarray entry if it matches the given inode\n(using __xa_cmpxchg()).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39884",
"url": "https://www.suse.com/security/cve/CVE-2025-39884"
},
{
"category": "external",
"summary": "SUSE Bug 1250386 for CVE-2025-39884",
"url": "https://bugzilla.suse.com/1250386"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39884"
},
{
"cve": "CVE-2025-39885",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39885"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix recursive semaphore deadlock in fiemap call\n\nsyzbot detected a OCFS2 hang due to a recursive semaphore on a\nFS_IOC_FIEMAP of the extent list on a specially crafted mmap file.\n\ncontext_switch kernel/sched/core.c:5357 [inline]\n __schedule+0x1798/0x4cc0 kernel/sched/core.c:6961\n __schedule_loop kernel/sched/core.c:7043 [inline]\n schedule+0x165/0x360 kernel/sched/core.c:7058\n schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7115\n rwsem_down_write_slowpath+0x872/0xfe0 kernel/locking/rwsem.c:1185\n __down_write_common kernel/locking/rwsem.c:1317 [inline]\n __down_write kernel/locking/rwsem.c:1326 [inline]\n down_write+0x1ab/0x1f0 kernel/locking/rwsem.c:1591\n ocfs2_page_mkwrite+0x2ff/0xc40 fs/ocfs2/mmap.c:142\n do_page_mkwrite+0x14d/0x310 mm/memory.c:3361\n wp_page_shared mm/memory.c:3762 [inline]\n do_wp_page+0x268d/0x5800 mm/memory.c:3981\n handle_pte_fault mm/memory.c:6068 [inline]\n __handle_mm_fault+0x1033/0x5440 mm/memory.c:6195\n handle_mm_fault+0x40a/0x8e0 mm/memory.c:6364\n do_user_addr_fault+0x764/0x1390 arch/x86/mm/fault.c:1387\n handle_page_fault arch/x86/mm/fault.c:1476 [inline]\n exc_page_fault+0x76/0xf0 arch/x86/mm/fault.c:1532\n asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623\nRIP: 0010:copy_user_generic arch/x86/include/asm/uaccess_64.h:126 [inline]\nRIP: 0010:raw_copy_to_user arch/x86/include/asm/uaccess_64.h:147 [inline]\nRIP: 0010:_inline_copy_to_user include/linux/uaccess.h:197 [inline]\nRIP: 0010:_copy_to_user+0x85/0xb0 lib/usercopy.c:26\nCode: e8 00 bc f7 fc 4d 39 fc 72 3d 4d 39 ec 77 38 e8 91 b9 f7 fc 4c 89\nf7 89 de e8 47 25 5b fd 0f 01 cb 4c 89 ff 48 89 d9 4c 89 f6 \u003cf3\u003e a4 0f\n1f 00 48 89 cb 0f 01 ca 48 89 d8 5b 41 5c 41 5d 41 5e 41\nRSP: 0018:ffffc9000403f950 EFLAGS: 00050256\nRAX: ffffffff84c7f101 RBX: 0000000000000038 RCX: 0000000000000038\nRDX: 0000000000000000 RSI: ffffc9000403f9e0 RDI: 0000200000000060\nRBP: ffffc9000403fa90 R08: ffffc9000403fa17 R09: 1ffff92000807f42\nR10: dffffc0000000000 R11: fffff52000807f43 R12: 0000200000000098\nR13: 00007ffffffff000 R14: ffffc9000403f9e0 R15: 0000200000000060\n copy_to_user include/linux/uaccess.h:225 [inline]\n fiemap_fill_next_extent+0x1c0/0x390 fs/ioctl.c:145\n ocfs2_fiemap+0x888/0xc90 fs/ocfs2/extent_map.c:806\n ioctl_fiemap fs/ioctl.c:220 [inline]\n do_vfs_ioctl+0x1173/0x1430 fs/ioctl.c:532\n __do_sys_ioctl fs/ioctl.c:596 [inline]\n __se_sys_ioctl+0x82/0x170 fs/ioctl.c:584\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f5f13850fd9\nRSP: 002b:00007ffe3b3518b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 0000200000000000 RCX: 00007f5f13850fd9\nRDX: 0000200000000040 RSI: 00000000c020660b RDI: 0000000000000004\nRBP: 6165627472616568 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe3b3518f0\nR13: 00007ffe3b351b18 R14: 431bde82d7b634db R15: 00007f5f1389a03b\n\nocfs2_fiemap() takes a read lock of the ip_alloc_sem semaphore (since\nv2.6.22-527-g7307de80510a) and calls fiemap_fill_next_extent() to read the\nextent list of this running mmap executable. The user supplied buffer to\nhold the fiemap information page faults calling ocfs2_page_mkwrite() which\nwill take a write lock (since v2.6.27-38-g00dc417fa3e7) of the same\nsemaphore. This recursive semaphore will hold filesystem locks and causes\na hang of the fileystem.\n\nThe ip_alloc_sem protects the inode extent list and size. Release the\nread semphore before calling fiemap_fill_next_extent() in ocfs2_fiemap()\nand ocfs2_fiemap_inline(). This does an unnecessary semaphore lock/unlock\non the last extent but simplifies the error path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39885",
"url": "https://www.suse.com/security/cve/CVE-2025-39885"
},
{
"category": "external",
"summary": "SUSE Bug 1250407 for CVE-2025-39885",
"url": "https://bugzilla.suse.com/1250407"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39885"
},
{
"cve": "CVE-2025-39889",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39889"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: l2cap: Check encryption key size on incoming connection\n\nThis is required for passing GAP/SEC/SEM/BI-04-C PTS test case:\n Security Mode 4 Level 4, Responder - Invalid Encryption Key Size\n - 128 bit\n\nThis tests the security key with size from 1 to 15 bytes while the\nSecurity Mode 4 Level 4 requests 16 bytes key size.\n\nCurrently PTS fails with the following logs:\n- expected:Connection Response:\n Code: [3 (0x03)] Code\n Identifier: (lt)WildCard: Exists(gt)\n Length: [8 (0x0008)]\n Destination CID: (lt)WildCard: Exists(gt)\n Source CID: [64 (0x0040)]\n Result: [3 (0x0003)] Connection refused - Security block\n Status: (lt)WildCard: Exists(gt),\nbut received:Connection Response:\n Code: [3 (0x03)] Code\n Identifier: [1 (0x01)]\n Length: [8 (0x0008)]\n Destination CID: [64 (0x0040)]\n Source CID: [64 (0x0040)]\n Result: [0 (0x0000)] Connection Successful\n Status: [0 (0x0000)] No further information available\n\nAnd HCI logs:\n\u003c HCI Command: Read Encrypti.. (0x05|0x0008) plen 2\n Handle: 14 Address: 00:1B:DC:F2:24:10 (Vencer Co., Ltd.)\n\u003e HCI Event: Command Complete (0x0e) plen 7\n Read Encryption Key Size (0x05|0x0008) ncmd 1\n Status: Success (0x00)\n Handle: 14 Address: 00:1B:DC:F2:24:10 (Vencer Co., Ltd.)\n Key size: 7\n\u003e ACL Data RX: Handle 14 flags 0x02 dlen 12\n L2CAP: Connection Request (0x02) ident 1 len 4\n PSM: 4097 (0x1001)\n Source CID: 64\n\u003c ACL Data TX: Handle 14 flags 0x00 dlen 16\n L2CAP: Connection Response (0x03) ident 1 len 8\n Destination CID: 64\n Source CID: 64\n Result: Connection successful (0x0000)\n Status: No further information available (0x0000)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39889",
"url": "https://www.suse.com/security/cve/CVE-2025-39889"
},
{
"category": "external",
"summary": "SUSE Bug 1249833 for CVE-2025-39889",
"url": "https://bugzilla.suse.com/1249833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39889"
},
{
"cve": "CVE-2025-39890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39890"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix memory leak in ath12k_service_ready_ext_event\n\nCurrently, in ath12k_service_ready_ext_event(), svc_rdy_ext.mac_phy_caps\nis not freed in the failure case, causing a memory leak. The following\ntrace is observed in kmemleak:\n\nunreferenced object 0xffff8b3eb5789c00 (size 1024):\n comm \"softirq\", pid 0, jiffies 4294942577\n hex dump (first 32 bytes):\n 00 00 00 00 01 00 00 00 00 00 00 00 7b 00 00 10 ............{...\n 01 00 00 00 00 00 00 00 01 00 00 00 1f 38 00 00 .............8..\n backtrace (crc 44e1c357):\n __kmalloc_noprof+0x30b/0x410\n ath12k_wmi_mac_phy_caps_parse+0x84/0x100 [ath12k]\n ath12k_wmi_tlv_iter+0x5e/0x140 [ath12k]\n ath12k_wmi_svc_rdy_ext_parse+0x308/0x4c0 [ath12k]\n ath12k_wmi_tlv_iter+0x5e/0x140 [ath12k]\n ath12k_service_ready_ext_event.isra.0+0x44/0xd0 [ath12k]\n ath12k_wmi_op_rx+0x2eb/0xd70 [ath12k]\n ath12k_htc_rx_completion_handler+0x1f4/0x330 [ath12k]\n ath12k_ce_recv_process_cb+0x218/0x300 [ath12k]\n ath12k_pci_ce_workqueue+0x1b/0x30 [ath12k]\n process_one_work+0x219/0x680\n bh_worker+0x198/0x1f0\n tasklet_action+0x13/0x30\n handle_softirqs+0xca/0x460\n __irq_exit_rcu+0xbe/0x110\n irq_exit_rcu+0x9/0x30\n\nFree svc_rdy_ext.mac_phy_caps in the error case to fix this memory leak.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.4.1-00199-QCAHKSWPL_SILICONZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39890",
"url": "https://www.suse.com/security/cve/CVE-2025-39890"
},
{
"category": "external",
"summary": "SUSE Bug 1250334 for CVE-2025-39890",
"url": "https://bugzilla.suse.com/1250334"
},
{
"category": "external",
"summary": "SUSE Bug 1250488 for CVE-2025-39890",
"url": "https://bugzilla.suse.com/1250488"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-39890"
},
{
"cve": "CVE-2025-39891",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39891"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Initialize the chan_stats array to zero\n\nThe adapter-\u003echan_stats[] array is initialized in\nmwifiex_init_channel_scan_gap() with vmalloc(), which doesn\u0027t zero out\nmemory. The array is filled in mwifiex_update_chan_statistics()\nand then the user can query the data in mwifiex_cfg80211_dump_survey().\n\nThere are two potential issues here. What if the user calls\nmwifiex_cfg80211_dump_survey() before the data has been filled in.\nAlso the mwifiex_update_chan_statistics() function doesn\u0027t necessarily\ninitialize the whole array. Since the array was not initialized at\nthe start that could result in an information leak.\n\nAlso this array is pretty small. It\u0027s a maximum of 900 bytes so it\u0027s\nmore appropriate to use kcalloc() instead vmalloc().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39891",
"url": "https://www.suse.com/security/cve/CVE-2025-39891"
},
{
"category": "external",
"summary": "SUSE Bug 1250712 for CVE-2025-39891",
"url": "https://bugzilla.suse.com/1250712"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39891"
},
{
"cve": "CVE-2025-39896",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39896"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/ivpu: Prevent recovery work from being queued during device removal\n\nUse disable_work_sync() instead of cancel_work_sync() in ivpu_dev_fini()\nto ensure that no new recovery work items can be queued after device\nremoval has started. Previously, recovery work could be scheduled even\nafter canceling existing work, potentially leading to use-after-free\nbugs if recovery accessed freed resources.\n\nRename ivpu_pm_cancel_recovery() to ivpu_pm_disable_recovery() to better\nreflect its new behavior.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39896",
"url": "https://www.suse.com/security/cve/CVE-2025-39896"
},
{
"category": "external",
"summary": "SUSE Bug 1250716 for CVE-2025-39896",
"url": "https://bugzilla.suse.com/1250716"
},
{
"category": "external",
"summary": "SUSE Bug 1250717 for CVE-2025-39896",
"url": "https://bugzilla.suse.com/1250717"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-39896"
},
{
"cve": "CVE-2025-39898",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39898"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39898",
"url": "https://www.suse.com/security/cve/CVE-2025-39898"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-39898",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1250742 for CVE-2025-39898",
"url": "https://bugzilla.suse.com/1250742"
},
{
"category": "external",
"summary": "SUSE Bug 1250744 for CVE-2025-39898",
"url": "https://bugzilla.suse.com/1250744"
},
{
"category": "external",
"summary": "SUSE Bug 1253291 for CVE-2025-39898",
"url": "https://bugzilla.suse.com/1253291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "important"
}
],
"title": "CVE-2025-39898"
},
{
"cve": "CVE-2025-39899",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39899"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/userfaultfd: fix kmap_local LIFO ordering for CONFIG_HIGHPTE\n\nWith CONFIG_HIGHPTE on 32-bit ARM, move_pages_pte() maps PTE pages using\nkmap_local_page(), which requires unmapping in Last-In-First-Out order.\n\nThe current code maps dst_pte first, then src_pte, but unmaps them in the\nsame order (dst_pte, src_pte), violating the LIFO requirement. This\ncauses the warning in kunmap_local_indexed():\n\n WARNING: CPU: 0 PID: 604 at mm/highmem.c:622 kunmap_local_indexed+0x178/0x17c\n addr \\!= __fix_to_virt(FIX_KMAP_BEGIN + idx)\n\nFix this by reversing the unmap order to respect LIFO ordering.\n\nThis issue follows the same pattern as similar fixes:\n- commit eca6828403b8 (\"crypto: skcipher - fix mismatch between mapping and unmapping order\")\n- commit 8cf57c6df818 (\"nilfs2: eliminate staggered calls to kunmap in nilfs_rename\")\n\nBoth of which addressed the same fundamental requirement that kmap_local\noperations must follow LIFO ordering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39899",
"url": "https://www.suse.com/security/cve/CVE-2025-39899"
},
{
"category": "external",
"summary": "SUSE Bug 1250739 for CVE-2025-39899",
"url": "https://bugzilla.suse.com/1250739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39899"
},
{
"cve": "CVE-2025-39900",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39900"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: gen_estimator: fix est_timer() vs CONFIG_PREEMPT_RT=y\n\nsyzbot reported a WARNING in est_timer() [1]\n\nProblem here is that with CONFIG_PREEMPT_RT=y, timer callbacks\ncan be preempted.\n\nAdopt preempt_disable_nested()/preempt_enable_nested() to fix this.\n\n[1]\n WARNING: CPU: 0 PID: 16 at ./include/linux/seqlock.h:221 __seqprop_assert include/linux/seqlock.h:221 [inline]\n WARNING: CPU: 0 PID: 16 at ./include/linux/seqlock.h:221 est_timer+0x6dc/0x9f0 net/core/gen_estimator.c:93\nModules linked in:\nCPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)}\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025\n RIP: 0010:__seqprop_assert include/linux/seqlock.h:221 [inline]\n RIP: 0010:est_timer+0x6dc/0x9f0 net/core/gen_estimator.c:93\nCall Trace:\n \u003cTASK\u003e\n call_timer_fn+0x17e/0x5f0 kernel/time/timer.c:1747\n expire_timers kernel/time/timer.c:1798 [inline]\n __run_timers kernel/time/timer.c:2372 [inline]\n __run_timer_base+0x648/0x970 kernel/time/timer.c:2384\n run_timer_base kernel/time/timer.c:2393 [inline]\n run_timer_softirq+0xb7/0x180 kernel/time/timer.c:2403\n handle_softirqs+0x22c/0x710 kernel/softirq.c:579\n __do_softirq kernel/softirq.c:613 [inline]\n run_ktimerd+0xcf/0x190 kernel/softirq.c:1043\n smpboot_thread_fn+0x53f/0xa60 kernel/smpboot.c:160\n kthread+0x70e/0x8a0 kernel/kthread.c:463\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39900",
"url": "https://www.suse.com/security/cve/CVE-2025-39900"
},
{
"category": "external",
"summary": "SUSE Bug 1250758 for CVE-2025-39900",
"url": "https://bugzilla.suse.com/1250758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39900"
},
{
"cve": "CVE-2025-39902",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39902"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/slub: avoid accessing metadata when pointer is invalid in object_err()\n\nobject_err() reports details of an object for further debugging, such as\nthe freelist pointer, redzone, etc. However, if the pointer is invalid,\nattempting to access object metadata can lead to a crash since it does\nnot point to a valid object.\n\nOne known path to the crash is when alloc_consistency_checks()\ndetermines the pointer to the allocated object is invalid because of a\nfreelist corruption, and calls object_err() to report it. The debug code\nshould report and handle the corruption gracefully and not crash in the\nprocess.\n\nIn case the pointer is NULL or check_valid_pointer() returns false for\nthe pointer, only print the pointer value and skip accessing metadata.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39902",
"url": "https://www.suse.com/security/cve/CVE-2025-39902"
},
{
"category": "external",
"summary": "SUSE Bug 1250702 for CVE-2025-39902",
"url": "https://bugzilla.suse.com/1250702"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39902"
},
{
"cve": "CVE-2025-39907",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39907"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer\n\nAvoid below overlapping mappings by using a contiguous\nnon-cacheable buffer.\n\n[ 4.077708] DMA-API: stm32_fmc2_nfc 48810000.nand-controller: cacheline tracking EEXIST,\noverlapping mappings aren\u0027t supported\n[ 4.089103] WARNING: CPU: 1 PID: 44 at kernel/dma/debug.c:568 add_dma_entry+0x23c/0x300\n[ 4.097071] Modules linked in:\n[ 4.100101] CPU: 1 PID: 44 Comm: kworker/u4:2 Not tainted 6.1.82 #1\n[ 4.106346] Hardware name: STMicroelectronics STM32MP257F VALID1 SNOR / MB1704 (LPDDR4 Power discrete) + MB1703 + MB1708 (SNOR MB1730) (DT)\n[ 4.118824] Workqueue: events_unbound deferred_probe_work_func\n[ 4.124674] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 4.131624] pc : add_dma_entry+0x23c/0x300\n[ 4.135658] lr : add_dma_entry+0x23c/0x300\n[ 4.139792] sp : ffff800009dbb490\n[ 4.143016] x29: ffff800009dbb4a0 x28: 0000000004008022 x27: ffff8000098a6000\n[ 4.150174] x26: 0000000000000000 x25: ffff8000099e7000 x24: ffff8000099e7de8\n[ 4.157231] x23: 00000000ffffffff x22: 0000000000000000 x21: ffff8000098a6a20\n[ 4.164388] x20: ffff000080964180 x19: ffff800009819ba0 x18: 0000000000000006\n[ 4.171545] x17: 6361727420656e69 x16: 6c6568636163203a x15: 72656c6c6f72746e\n[ 4.178602] x14: 6f632d646e616e2e x13: ffff800009832f58 x12: 00000000000004ec\n[ 4.185759] x11: 00000000000001a4 x10: ffff80000988af58 x9 : ffff800009832f58\n[ 4.192916] x8 : 00000000ffffefff x7 : ffff80000988af58 x6 : 80000000fffff000\n[ 4.199972] x5 : 000000000000bff4 x4 : 0000000000000000 x3 : 0000000000000000\n[ 4.207128] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff0000812d2c40\n[ 4.214185] Call trace:\n[ 4.216605] add_dma_entry+0x23c/0x300\n[ 4.220338] debug_dma_map_sg+0x198/0x350\n[ 4.224373] __dma_map_sg_attrs+0xa0/0x110\n[ 4.228411] dma_map_sg_attrs+0x10/0x2c\n[ 4.232247] stm32_fmc2_nfc_xfer.isra.0+0x1c8/0x3fc\n[ 4.237088] stm32_fmc2_nfc_seq_read_page+0xc8/0x174\n[ 4.242127] nand_read_oob+0x1d4/0x8e0\n[ 4.245861] mtd_read_oob_std+0x58/0x84\n[ 4.249596] mtd_read_oob+0x90/0x150\n[ 4.253231] mtd_read+0x68/0xac",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39907",
"url": "https://www.suse.com/security/cve/CVE-2025-39907"
},
{
"category": "external",
"summary": "SUSE Bug 1250713 for CVE-2025-39907",
"url": "https://bugzilla.suse.com/1250713"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39907"
},
{
"cve": "CVE-2025-39909",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39909"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters()\n\nPatch series \"mm/damon: avoid divide-by-zero in DAMON module\u0027s parameters\napplication\".\n\nDAMON\u0027s RECLAIM and LRU_SORT modules perform no validation on\nuser-configured parameters during application, which may lead to\ndivision-by-zero errors.\n\nAvoid the divide-by-zero by adding validation checks when DAMON modules\nattempt to apply the parameters.\n\n\nThis patch (of 2):\n\nDuring the calculation of \u0027hot_thres\u0027 and \u0027cold_thres\u0027, either\n\u0027sample_interval\u0027 or \u0027aggr_interval\u0027 is used as the divisor, which may\nlead to division-by-zero errors. Fix it by directly returning -EINVAL\nwhen such a case occurs. Additionally, since \u0027aggr_interval\u0027 is already\nrequired to be set no smaller than \u0027sample_interval\u0027 in damon_set_attrs(),\nonly the case where \u0027sample_interval\u0027 is zero needs to be checked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39909",
"url": "https://www.suse.com/security/cve/CVE-2025-39909"
},
{
"category": "external",
"summary": "SUSE Bug 1250711 for CVE-2025-39909",
"url": "https://bugzilla.suse.com/1250711"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39909"
},
{
"cve": "CVE-2025-39916",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39916"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/reclaim: avoid divide-by-zero in damon_reclaim_apply_parameters()\n\nWhen creating a new scheme of DAMON_RECLAIM, the calculation of\n\u0027min_age_region\u0027 uses \u0027aggr_interval\u0027 as the divisor, which may lead to\ndivision-by-zero errors. Fix it by directly returning -EINVAL when such a\ncase occurs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39916",
"url": "https://www.suse.com/security/cve/CVE-2025-39916"
},
{
"category": "external",
"summary": "SUSE Bug 1250719 for CVE-2025-39916",
"url": "https://bugzilla.suse.com/1250719"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39916"
},
{
"cve": "CVE-2025-39918",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39918"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: fix linked list corruption\n\nNever leave scheduled wcid entries on the temporary on-stack list",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39918",
"url": "https://www.suse.com/security/cve/CVE-2025-39918"
},
{
"category": "external",
"summary": "SUSE Bug 1250729 for CVE-2025-39918",
"url": "https://bugzilla.suse.com/1250729"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39918"
},
{
"cve": "CVE-2025-39922",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39922"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nixgbe: fix incorrect map used in eee linkmode\n\nincorrectly used ixgbe_lp_map in loops intended to populate the\nsupported and advertised EEE linkmode bitmaps based on ixgbe_ls_map.\nThis results in incorrect bit setting and potential out-of-bounds\naccess, since ixgbe_lp_map and ixgbe_ls_map have different sizes\nand purposes.\n\nixgbe_lp_map[i] -\u003e ixgbe_ls_map[i]\n\nUse ixgbe_ls_map for supported and advertised linkmodes, and keep\nixgbe_lp_map usage only for link partner (lp_advertised) mapping.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39922",
"url": "https://www.suse.com/security/cve/CVE-2025-39922"
},
{
"category": "external",
"summary": "SUSE Bug 1250722 for CVE-2025-39922",
"url": "https://bugzilla.suse.com/1250722"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39922"
},
{
"cve": "CVE-2025-39923",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39923"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees\n\nWhen we don\u0027t have a clock specified in the device tree, we have no way to\nensure the BAM is on. This is often the case for remotely-controlled or\nremotely-powered BAM instances. In this case, we need to read num-channels\nfrom the DT to have all the necessary information to complete probing.\n\nHowever, at the moment invalid device trees without clock and without\nnum-channels still continue probing, because the error handling is missing\nreturn statements. The driver will then later try to read the number of\nchannels from the registers. This is unsafe, because it relies on boot\nfirmware and lucky timing to succeed. Unfortunately, the lack of proper\nerror handling here has been abused for several Qualcomm SoCs upstream,\ncausing early boot crashes in several situations [1, 2].\n\nAvoid these early crashes by erroring out when any of the required DT\nproperties are missing. Note that this will break some of the existing DTs\nupstream (mainly BAM instances related to the crypto engine). However,\nclearly these DTs have never been tested properly, since the error in the\nkernel log was just ignored. It\u0027s safer to disable the crypto engine for\nthese broken DTBs.\n\n[1]: https://lore.kernel.org/r/CY01EKQVWE36.B9X5TDXAREPF@fairphone.com/\n[2]: https://lore.kernel.org/r/20230626145959.646747-1-krzysztof.kozlowski@linaro.org/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39923",
"url": "https://www.suse.com/security/cve/CVE-2025-39923"
},
{
"category": "external",
"summary": "SUSE Bug 1250741 for CVE-2025-39923",
"url": "https://bugzilla.suse.com/1250741"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39923"
},
{
"cve": "CVE-2025-39925",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39925"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: j1939: implement NETDEV_UNREGISTER notification handler\n\nsyzbot is reporting\n\n unregister_netdevice: waiting for vcan0 to become free. Usage count = 2\n\nproblem, for j1939 protocol did not have NETDEV_UNREGISTER notification\nhandler for undoing changes made by j1939_sk_bind().\n\nCommit 25fe97cb7620 (\"can: j1939: move j1939_priv_put() into sk_destruct\ncallback\") expects that a call to j1939_priv_put() can be unconditionally\ndelayed until j1939_sk_sock_destruct() is called. But we need to call\nj1939_priv_put() against an extra ref held by j1939_sk_bind() call\n(as a part of undoing changes made by j1939_sk_bind()) as soon as\nNETDEV_UNREGISTER notification fires (i.e. before j1939_sk_sock_destruct()\nis called via j1939_sk_release()). Otherwise, the extra ref on \"struct\nj1939_priv\" held by j1939_sk_bind() call prevents \"struct net_device\" from\ndropping the usage count to 1; making it impossible for\nunregister_netdevice() to continue.\n\n[mkl: remove space in front of label]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39925",
"url": "https://www.suse.com/security/cve/CVE-2025-39925"
},
{
"category": "external",
"summary": "SUSE Bug 1250736 for CVE-2025-39925",
"url": "https://bugzilla.suse.com/1250736"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39925"
},
{
"cve": "CVE-2025-39926",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39926"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngenetlink: fix genl_bind() invoking bind() after -EPERM\n\nPer family bind/unbind callbacks were introduced to allow families\nto track multicast group consumer presence, e.g. to start or stop\nproducing events depending on listeners.\n\nHowever, in genl_bind() the bind() callback was invoked even if\ncapability checks failed and ret was set to -EPERM. This means that\ncallbacks could run on behalf of unauthorized callers while the\nsyscall still returned failure to user space.\n\nFix this by only invoking bind() after \"if (ret) break;\" check\ni.e. after permission checks have succeeded.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39926",
"url": "https://www.suse.com/security/cve/CVE-2025-39926"
},
{
"category": "external",
"summary": "SUSE Bug 1250737 for CVE-2025-39926",
"url": "https://bugzilla.suse.com/1250737"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39926"
},
{
"cve": "CVE-2025-39931",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39931"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af_alg - Set merge to zero early in af_alg_sendmsg\n\nIf an error causes af_alg_sendmsg to abort, ctx-\u003emerge may contain\na garbage value from the previous loop. This may then trigger a\ncrash on the next entry into af_alg_sendmsg when it attempts to do\na merge that can\u0027t be done.\n\nFix this by setting ctx-\u003emerge to zero near the start of the loop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39931",
"url": "https://www.suse.com/security/cve/CVE-2025-39931"
},
{
"category": "external",
"summary": "SUSE Bug 1251100 for CVE-2025-39931",
"url": "https://bugzilla.suse.com/1251100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39931"
},
{
"cve": "CVE-2025-39934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39934"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: bridge: anx7625: Fix NULL pointer dereference with early IRQ\n\nIf the interrupt occurs before resource initialization is complete, the\ninterrupt handler/worker may access uninitialized data such as the I2C\ntcpc_client device, potentially leading to NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39934",
"url": "https://www.suse.com/security/cve/CVE-2025-39934"
},
{
"category": "external",
"summary": "SUSE Bug 1251146 for CVE-2025-39934",
"url": "https://bugzilla.suse.com/1251146"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39934"
},
{
"cve": "CVE-2025-39937",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39937"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer\n\nSince commit 7d5e9737efda (\"net: rfkill: gpio: get the name and type from\ndevice property\") rfkill_find_type() gets called with the possibly\nuninitialized \"const char *type_name;\" local variable.\n\nOn x86 systems when rfkill-gpio binds to a \"BCM4752\" or \"LNV4752\"\nacpi_device, the rfkill-\u003etype is set based on the ACPI acpi_device_id:\n\n rfkill-\u003etype = (unsigned)id-\u003edriver_data;\n\nand there is no \"type\" property so device_property_read_string() will fail\nand leave type_name uninitialized, leading to a potential crash.\n\nrfkill_find_type() does accept a NULL pointer, fix the potential crash\nby initializing type_name to NULL.\n\nNote likely sofar this has not been caught because:\n\n1. Not many x86 machines actually have a \"BCM4752\"/\"LNV4752\" acpi_device\n2. The stack happened to contain NULL where type_name is stored",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39937",
"url": "https://www.suse.com/security/cve/CVE-2025-39937"
},
{
"category": "external",
"summary": "SUSE Bug 1251143 for CVE-2025-39937",
"url": "https://bugzilla.suse.com/1251143"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39937"
},
{
"cve": "CVE-2025-39938",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39938"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed\n\nIf earlier opening of source graph fails (e.g. ADSP rejects due to\nincorrect audioreach topology), the graph is closed and\n\"dai_data-\u003egraph[dai-\u003eid]\" is assigned NULL. Preparing the DAI for sink\ngraph continues though and next call to q6apm_lpass_dai_prepare()\nreceives dai_data-\u003egraph[dai-\u003eid]=NULL leading to NULL pointer\nexception:\n\n qcom-apm gprsvc:service:2:1: Error (1) Processing 0x01001002 cmd\n qcom-apm gprsvc:service:2:1: DSP returned error[1001002] 1\n q6apm-lpass-dais 30000000.remoteproc:glink-edge:gpr:service@1:bedais: fail to start APM port 78\n q6apm-lpass-dais 30000000.remoteproc:glink-edge:gpr:service@1:bedais: ASoC: error at snd_soc_pcm_dai_prepare on TX_CODEC_DMA_TX_3: -22\n Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a8\n ...\n Call trace:\n q6apm_graph_media_format_pcm+0x48/0x120 (P)\n q6apm_lpass_dai_prepare+0x110/0x1b4\n snd_soc_pcm_dai_prepare+0x74/0x108\n __soc_pcm_prepare+0x44/0x160\n dpcm_be_dai_prepare+0x124/0x1c0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39938",
"url": "https://www.suse.com/security/cve/CVE-2025-39938"
},
{
"category": "external",
"summary": "SUSE Bug 1251134 for CVE-2025-39938",
"url": "https://bugzilla.suse.com/1251134"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39938"
},
{
"cve": "CVE-2025-39945",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39945"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncnic: Fix use-after-free bugs in cnic_delete_task\n\nThe original code uses cancel_delayed_work() in cnic_cm_stop_bnx2x_hw(),\nwhich does not guarantee that the delayed work item \u0027delete_task\u0027 has\nfully completed if it was already running. Additionally, the delayed work\nitem is cyclic, the flush_workqueue() in cnic_cm_stop_bnx2x_hw() only\nblocks and waits for work items that were already queued to the\nworkqueue prior to its invocation. Any work items submitted after\nflush_workqueue() is called are not included in the set of tasks that the\nflush operation awaits. This means that after the cyclic work items have\nfinished executing, a delayed work item may still exist in the workqueue.\nThis leads to use-after-free scenarios where the cnic_dev is deallocated\nby cnic_free_dev(), while delete_task remains active and attempt to\ndereference cnic_dev in cnic_delete_task().\n\nA typical race condition is illustrated below:\n\nCPU 0 (cleanup) | CPU 1 (delayed work callback)\ncnic_netdev_event() |\n cnic_stop_hw() | cnic_delete_task()\n cnic_cm_stop_bnx2x_hw() | ...\n cancel_delayed_work() | /* the queue_delayed_work()\n flush_workqueue() | executes after flush_workqueue()*/\n | queue_delayed_work()\n cnic_free_dev(dev)//free | cnic_delete_task() //new instance\n | dev = cp-\u003edev; //use\n\nReplace cancel_delayed_work() with cancel_delayed_work_sync() to ensure\nthat the cyclic delayed work item is properly canceled and that any\nongoing execution of the work item completes before the cnic_dev is\ndeallocated. Furthermore, since cancel_delayed_work_sync() uses\n__flush_work(work, true) to synchronously wait for any currently\nexecuting instance of the work item to finish, the flush_workqueue()\nbecomes redundant and should be removed.\n\nThis bug was identified through static analysis. To reproduce the issue\nand validate the fix, I simulated the cnic PCI device in QEMU and\nintroduced intentional delays - such as inserting calls to ssleep()\nwithin the cnic_delete_task() function - to increase the likelihood\nof triggering the bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39945",
"url": "https://www.suse.com/security/cve/CVE-2025-39945"
},
{
"category": "external",
"summary": "SUSE Bug 1251230 for CVE-2025-39945",
"url": "https://bugzilla.suse.com/1251230"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39945"
},
{
"cve": "CVE-2025-39946",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39946"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: make sure to abort the stream if headers are bogus\n\nNormally we wait for the socket to buffer up the whole record\nbefore we service it. If the socket has a tiny buffer, however,\nwe read out the data sooner, to prevent connection stalls.\nMake sure that we abort the connection when we find out late\nthat the record is actually invalid. Retrying the parsing is\nfine in itself but since we copy some more data each time\nbefore we parse we can overflow the allocated skb space.\n\nConstructing a scenario in which we\u0027re under pressure without\nenough data in the socket to parse the length upfront is quite\nhard. syzbot figured out a way to do this by serving us the header\nin small OOB sends, and then filling in the recvbuf with a large\nnormal send.\n\nMake sure that tls_rx_msg_size() aborts strp, if we reach\nan invalid record there\u0027s really no way to recover.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39946",
"url": "https://www.suse.com/security/cve/CVE-2025-39946"
},
{
"category": "external",
"summary": "SUSE Bug 1251114 for CVE-2025-39946",
"url": "https://bugzilla.suse.com/1251114"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39946"
},
{
"cve": "CVE-2025-39952",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39952"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wilc1000: avoid buffer overflow in WID string configuration\n\nFix the following copy overflow warning identified by Smatch checker.\n\n drivers/net/wireless/microchip/wilc1000/wlan_cfg.c:184 wilc_wlan_parse_response_frame()\n error: \u0027__memcpy()\u0027 \u0027cfg-\u003es[i]-\u003estr\u0027 copy overflow (512 vs 65537)\n\nThis patch introduces size check before accessing the memory buffer.\nThe checks are base on the WID type of received data from the firmware.\nFor WID string configuration, the size limit is determined by individual\nelement size in \u0027struct wilc_cfg_str_vals\u0027 that is maintained in \u0027len\u0027 field\nof \u0027struct wilc_cfg_str\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39952",
"url": "https://www.suse.com/security/cve/CVE-2025-39952"
},
{
"category": "external",
"summary": "SUSE Bug 1251216 for CVE-2025-39952",
"url": "https://bugzilla.suse.com/1251216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-39952"
},
{
"cve": "CVE-2025-39957",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39957"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: increase scan_ies_len for S1G\n\nCurrently the S1G capability element is not taken into account\nfor the scan_ies_len, which leads to a buffer length validation\nfailure in ieee80211_prep_hw_scan() and subsequent WARN in\n__ieee80211_start_scan(). This prevents hw scanning from functioning.\nTo fix ensure we accommodate for the S1G capability length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39957",
"url": "https://www.suse.com/security/cve/CVE-2025-39957"
},
{
"category": "external",
"summary": "SUSE Bug 1251810 for CVE-2025-39957",
"url": "https://bugzilla.suse.com/1251810"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "low"
}
],
"title": "CVE-2025-39957"
},
{
"cve": "CVE-2025-40300",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40300"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/vmscape: Add conditional IBPB mitigation\n\nVMSCAPE is a vulnerability that exploits insufficient branch predictor\nisolation between a guest and a userspace hypervisor (like QEMU). Existing\nmitigations already protect kernel/KVM from a malicious guest. Userspace\ncan additionally be protected by flushing the branch predictors after a\nVMexit.\n\nSince it is the userspace that consumes the poisoned branch predictors,\nconditionally issue an IBPB after a VMexit and before returning to\nuserspace. Workloads that frequently switch between hypervisor and\nuserspace will incur the most overhead from the new IBPB.\n\nThis new IBPB is not integrated with the existing IBPB sites. For\ninstance, a task can use the existing speculation control prctl() to\nget an IBPB at context switch time. With this implementation, the\nIBPB is doubled up: one at context switch and another before running\nuserspace.\n\nThe intent is to integrate and optimize these cases post-embargo.\n\n[ dhansen: elaborate on suboptimal IBPB solution ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40300",
"url": "https://www.suse.com/security/cve/CVE-2025-40300"
},
{
"category": "external",
"summary": "SUSE Bug 1249561 for CVE-2025-40300",
"url": "https://bugzilla.suse.com/1249561"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-40300"
},
{
"cve": "CVE-2026-38264",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-38264"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-38264",
"url": "https://www.suse.com/security/cve/CVE-2026-38264"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.6.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.6.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:57Z",
"details": "not set"
}
],
"title": "CVE-2026-38264"
}
]
}
SUSE-SU-2025:21179-1
Vulnerability from csaf_suse - Published: 2025-11-25 07:34 - Updated: 2025-11-25 07:34Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise Server 16.0 and SUSE Linux Micro 6.2 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863).
- CVE-2024-57891: sched_ext: Fix invalid irq restore in scx_ops_bypass() (bsc#1235953).
- CVE-2024-57951: hrtimers: Handle CPU state correctly on hotplug (bsc#1237108).
- CVE-2024-57952: Revert "libfs: fix infinite directory reads for offset dir" (bsc#1237131).
- CVE-2024-58090: sched/core: Prevent rescheduling when interrupts are disabled (bsc#1240324).
- CVE-2025-22034: mm/rmap: avoid -EBUSY from make_device_exclusive() (bsc#1241435).
- CVE-2025-22077: Revert "smb: client: fix TCP timers deadlock after rmmod" (bsc#1241403).
- CVE-2025-23141: KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses (bsc#1242782).
- CVE-2025-37821: sched/eevdf: Fix se->slice being set to U64_MAX and resulting (bsc#1242864).
- CVE-2025-37849: KVM: arm64: Tear down vGIC on failed vCPU creation (bsc#1243000).
- CVE-2025-37856: btrfs: harden block_group::bg_list against list_del() races (bsc#1243068).
- CVE-2025-37861: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue (bsc#1243055).
- CVE-2025-37864: net: dsa: clean up FDB, MDB, VLAN entries on unbind (bsc#1242965).
- CVE-2025-38006: net: mctp: Do not access ifa_index when missing (bsc#1244930).
- CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939).
- CVE-2025-38019: mlxsw: spectrum_router: Fix use-after-free when deleting GRE net devices (bsc#1245000).
- CVE-2025-38034: btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref (bsc#1244792).
- CVE-2025-38038: cpufreq: amd-pstate: Remove unnecessary driver_lock in set_boost (bsc#1244812).
- CVE-2025-38058: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock (bsc#1245151).
- CVE-2025-38062: kABI: restore layout of struct msi_desc (bsc#1245216).
- CVE-2025-38075: scsi: target: iscsi: Fix timeout on deleted connection (bsc#1244734).
- CVE-2025-38101: ring-buffer: Fix buffer locking in ring_buffer_subbuf_order_set() (bsc#1245659).
- CVE-2025-38103: HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() (bsc#1245663).
- CVE-2025-38106: io_uring/sqpoll: do not put task_struct on tctx setup failure (bsc#1245664).
- CVE-2025-38117: hci_dev centralize extra lock (bsc#1245695).
- CVE-2025-38119: scsi: core: ufs: Fix a hang in the error handler (bsc#1245700).
- CVE-2025-38125: net: stmmac: make sure that ptp_rate is not 0 before configuring EST (bsc#1245710).
- CVE-2025-38146: net: openvswitch: Fix the dead loop of MPLS parse (bsc#1245767).
- CVE-2025-38160: clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() (bsc#1245780).
- CVE-2025-38168: perf: arm-ni: Unregister PMUs on probe failure (bsc#1245763).
- CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970).
- CVE-2025-38182: ublk: santizize the arguments from userspace when adding a device (bsc#1245937).
- CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956).
- CVE-2025-38185: atm: atmtcp: Free invalid length skb in atmtcp_c_send() (bsc#1246012).
- CVE-2025-38190: atm: Revert atm_account_tx() if copy_from_iter_full() fails (bsc#1245973).
- CVE-2025-38201: netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX (bsc#1245977).
- CVE-2025-38205: drm/amd/display: Avoid divide by zero by initializing dummy pitch to 1 (bsc#1246005).
- CVE-2025-38208: smb: client: add NULL check in automount_fullpath (bsc#1245815).
- CVE-2025-38216: iommu/vt-d: Restore context entry setup order for aliased devices (bsc#1245963).
- CVE-2025-38220: ext4: only dirty folios when data journaling regular files (bsc#1245966).
- CVE-2025-38222: ext4: inline: fix len overflow in ext4_prepare_inline_data (bsc#1245976).
- CVE-2025-38242: mm: userfaultfd: fix race of userfaultfd_move and swap cache (bsc#1246176).
- CVE-2025-38244: smb: client: fix potential deadlock when reconnecting channels (bsc#1246183).
- CVE-2025-38245: atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister() (bsc#1246193).
- CVE-2025-38251: atm: clip: prevent NULL deref in clip_push() (bsc#1246181).
- CVE-2025-38256: io_uring/rsrc: fix folio unpinning (bsc#1246188).
- CVE-2025-38258: mm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter->memcg_path on write (bsc#1246185).
- CVE-2025-38263: bcache: fix NULL pointer in cache_set_flush() (bsc#1246248).
- CVE-2025-38267: ring-buffer: Do not trigger WARN_ON() due to a commit_overrun (bsc#1246245).
- CVE-2025-38270: net: drv: netdevsim: do not napi_complete() from netpoll (bsc#1246252).
- CVE-2025-38272: net: dsa: b53: do not enable EEE on bcm63xx (bsc#1246268).
- CVE-2025-38301: nvmem: zynqmp_nvmem: unbreak driver after cleanup (bsc#1246351).
- CVE-2025-38306: fs/fhandle.c: fix a race in call of has_locked_children() (bsc#1246366).
- CVE-2025-38311: iavf: get rid of the crit lock (bsc#1246376).
- CVE-2025-38318: perf: arm-ni: Fix missing platform_set_drvdata() (bsc#1246444).
- CVE-2025-38322: perf/x86/intel: Fix crash in icl_update_topdown_event() (bsc#1246447).
- CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473).
- CVE-2025-38337: jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() (bsc#1246253).
- CVE-2025-38341: eth: fbnic: avoid double free when failing to DMA-map FW msg (bsc#1246260).
- CVE-2025-38349: eventpoll: do not decrement ep refcount while still holding the ep mutex (bsc#1246777).
- CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781).
- CVE-2025-38351: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush (bsc#1246782).
- CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911).
- CVE-2025-38359: s390/mm: Fix in_atomic() handling in do_secure_storage_access() (bsc#1247076).
- CVE-2025-38360: drm/amd/display: Add more checks for DSC / HUBP ONO guarantees (bsc#1247078).
- CVE-2025-38365: btrfs: fix a race between renames and directory logging (bsc#1247023).
- CVE-2025-38374: optee: ffa: fix sleep in atomic context (bsc#1247024).
- CVE-2025-38382: btrfs: fix iteration of extrefs during log replay (bsc#1247031).
- CVE-2025-38383: mm/vmalloc: fix data race in show_numa_info() (bsc#1247250).
- CVE-2025-38392: idpf: convert control queue mutex to a spinlock (bsc#1247169).
- CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (bsc#1247156).
- CVE-2025-38399: scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() (bsc#1247097).
- CVE-2025-38402: idpf: return 0 size for RSS key if not supported (bsc#1247262).
- CVE-2025-38408: genirq/irq_sim: Initialize work context pointers properly (bsc#1247126).
- CVE-2025-38418: remoteproc: core: Release rproc->clean_table after rproc_attach() fails (bsc#1247137).
- CVE-2025-38419: remoteproc: core: Cleanup acquired resources when
rproc_handle_resources() fails in rproc_attach() (bsc#1247136).
- CVE-2025-38426: drm/amdgpu: Add basic validation for RAS header (bsc#1247252).
- CVE-2025-38439: bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT (bsc#1247155).
- CVE-2025-38440: net/mlx5e: Fix race between DIM disable and net_dim() (bsc#1247290).
- CVE-2025-38441: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() (bsc#1247167).
- CVE-2025-38444: raid10: cleanup memleak at raid10_make_request (bsc#1247162).
- CVE-2025-38445: md/raid1: Fix stack memory use after return in raid1_reshape (bsc#1247229).
- CVE-2025-38451: md/md-bitmap: fix GPF in bitmap_get_stats() (bsc#1247102).
- CVE-2025-38453: kABI: io_uring: msg_ring ensure io_kiocb freeing is deferred (bsc#1247234).
- CVE-2025-38456: ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() (bsc#1247099).
- CVE-2025-38457: net/sched: Abort __tc_modify_qdisc if parent class does not exist (bsc#1247098).
- CVE-2025-38458: atm: clip: Fix NULL pointer dereference in vcc_sendmsg() (bsc#1247116).
- CVE-2025-38459: atm: clip: Fix infinite recursive call of clip_push() (bsc#1247119).
- CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143).
- CVE-2025-38463: tcp: Correct signedness in skb remaining space calculation (bsc#1247113).
- CVE-2025-38464: tipc: Fix use-after-free in tipc_conn_close() (bsc#1247112).
- CVE-2025-38470: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime (bsc#1247288).
- CVE-2025-38472: netfilter: nf_conntrack: fix crash due to removal of uninitialised entry (bsc#1247313).
- CVE-2025-38475: smc: Fix various oops due to inet_sock type confusion (bsc#1247308).
- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239).
- CVE-2025-38490: net: libwx: remove duplicate page_pool_put_full_page() (bsc#1247243).
- CVE-2025-38491: mptcp: make fallback action and fallback decision atomic (bsc#1247280).
- CVE-2025-38493: tracing/osnoise: Fix crash in timerlat_dump_stack() (bsc#1247283).
- CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347).
- CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976).
- CVE-2025-38500: xfrm: interface: fix use-after-free after changing collect_md xfrm interface (bsc#1248088).
- CVE-2025-38508: x86/sev: Use TSC_FACTOR for Secure TSC frequency calculation (bsc#1248190).
- CVE-2025-38514: rxrpc: Fix oops due to non-existence of prealloc backlog struct (bsc#1248202).
- CVE-2025-38524: rxrpc: Fix recv-recv race of completed call (bsc#1248194).
- CVE-2025-38526: ice: add NULL check in eswitch lag check (bsc#1248192).
- CVE-2025-38527: smb: client: fix use-after-free in cifs_oplock_break (bsc#1248199).
- CVE-2025-38533: net: libwx: fix the using of Rx buffer DMA (bsc#1248200).
- CVE-2025-38539: tracing: Add down_write(trace_event_sem) when adding trace event (bsc#1248211).
- CVE-2025-38544: rxrpc: Fix bug due to prealloc collision (bsc#1248225).
- CVE-2025-38545: net: ethernet: ti: am65-cpsw-nuss: Fix skb size by accounting for skb_shared_info (bsc#1248224).
- CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223).
- CVE-2025-38549: efivarfs: Fix memory leak of efivarfs_fs_info in fs_context error paths (bsc#1248235).
- CVE-2025-38554: mm: fix a UAF when vma->mm is freed after vma->vm_refcnt got dropped (bsc#1248299).
- CVE-2025-38556: HID: core: Harden s32ton() against conversion to 0 bits (bsc#1248296).
- CVE-2025-38560: x86/sev: Evict cache lines during SNP memory validation (bsc#1248312).
- CVE-2025-38566: sunrpc: fix handling of server side tls alerts (bsc#1248374).
- CVE-2025-38571: sunrpc: fix client side handling of tls alerts (bsc#1248401).
- CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248399).
- CVE-2025-38574: pptp: ensure minimal skb length in pptp_xmit() (bsc#1248365).
- CVE-2025-38584: padata: Fix pd UAF once and for all (bsc1248343).
- CVE-2025-38588: ipv6: prevent infinite loop in rt6_nlmsg_size() (bsc#1248368).
- CVE-2025-38593: kABI workaround for bluetooth discovery_state change (bsc#1248357).
- CVE-2025-38597: drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port (bsc#1248378).
- CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338).
- CVE-2025-38614: eventpoll: Fix semi-unbounded recursion (bsc#1248392).
- CVE-2025-38616: tls: handle data disappearing from under the TLS ULP (bsc#1248512).
- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511).
- CVE-2025-38622: net: drop UFO packets in udp_rcv_segment() (bsc#1248619).
- CVE-2025-38623: PCI: pnv_php: Fix surprise plug detection and recovery (bsc#1248610).
- CVE-2025-38628: vdpa/mlx5: Fix release of uninitialized resources on error path (bsc#1248616).
- CVE-2025-38639: netfilter: xt_nfacct: do not assume acct name is null-terminated (bsc#1248674).
- CVE-2025-38640: bpf: Disable migration in nf_hook_run_bpf() (bsc#1248622).
- CVE-2025-38643: wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() (bsc#1248681).
- CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248748).
- CVE-2025-38659: gfs2: No more self recovery (bsc#1248639).
- CVE-2025-38660: [ceph] parse_longname(): strrchr() expects NUL-terminated string (bsc#1248634).
- CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628).
- CVE-2025-38676: iommu/amd: Avoid stack buffer overflow from kernel cmdline (bsc#1248775).
- CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249126).
- CVE-2025-38684: net/sched: ets: use old 'nbands' while purging unused classes (bsc#1249156).
- CVE-2025-38686: userfaultfd: fix a crash in UFFDIO_MOVE when PMD is a migration entry (bsc#1249160).
- CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (bsc#1249182).
- CVE-2025-38701: ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr (bsc#1249258).
- CVE-2025-38709: loop: Avoid updating block size under exclusive owner (bsc#1249199).
- CVE-2025-38710: gfs2: Validate i_depth for exhash directories (bsc#1249201).
- CVE-2025-38730: io_uring/net: commit partial buffers on retry (bsc#1249172).
- CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324).
- CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320).
- CVE-2025-39677: net/sched: Fix backlog accounting in qdisc_dequeue_internal (bsc#1249300).
- CVE-2025-39681: x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper (bsc#1249303).
- CVE-2025-39682: tls: fix handling of zero-length records on the rx_list (bsc#1249284).
- CVE-2025-39683: tracing: Limit access to parser->buffer when trace_get_user failed (bsc#1249286).
- CVE-2025-39691: fs/buffer: fix use-after-free when call bh_read() helper (bsc#1249374).
- CVE-2025-39698: io_uring/futex: ensure io_futex_wait() cleans up properly on failure (bsc#1249322).
- CVE-2025-39703: net, hsr: reject HSR frame if skb can't hold tag (bsc#1249315).
- CVE-2025-39723: kABI: netfs: handle new netfs_io_stream flag (bsc#1249314).
- CVE-2025-39744: rcu: Fix rcu_read_unlock() deadloop due to IRQ work (bsc#1249494).
- CVE-2025-39749: rcu: Protect ->defer_qs_iw_pending from data race (bsc#1249533).
- CVE-2025-39754: mm/smaps: fix race between smaps_hugetlb_range and migration (bsc#1249524).
- CVE-2025-39766: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit (bsc#1249510).
- CVE-2025-39770: net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM (bsc#1249508).
- CVE-2025-39773: net: bridge: fix soft lockup in br_multicast_query_expired() (bsc#1249504).
- CVE-2025-39775: mm/mremap: fix WARN with uffd that has remap events disabled (bsc#1249500).
- CVE-2025-39782: jbd2: prevent softlockup in jbd2_log_do_checkpoint() (bsc#1249526).
- CVE-2025-39791: dm: dm-crypt: Do not partially accept write BIOs with zoned targets (bsc#1249550).
- CVE-2025-39792: dm: Always split write BIOs to zoned device limits (bsc#1249618).
- CVE-2025-39797: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI (bsc#1249608).
- CVE-2025-39813: ftrace: Also allocate and copy hash for reading of filter files (bsc#1250032).
- CVE-2025-39816: io_uring/kbuf: always use READ_ONCE() to read ring provided buffer lengths (bsc#1249906).
- CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002).
- CVE-2025-39825: smb: client: fix race with concurrent opens in rename(2) (bsc#1250179).
- CVE-2025-39828: kABI workaround for struct atmdev_ops extension (bsc#1250205).
- CVE-2025-39830: net/mlx5: HWS, Fix memory leak in hws_pool_buddy_init error path (bsc#1249974).
- CVE-2025-39838: cifs: prevent NULL pointer dereference in UTF16 conversion (bsc#1250365).
- CVE-2025-39842: ocfs2: prevent release journal inode after journal shutdown (bsc#1250267).
- CVE-2025-39847: ppp: fix memory leak in pad_compress_skb (bsc#1250292).
- CVE-2025-39850: vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects (bsc#1250276).
- CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296).
- CVE-2025-39852: net/tcp: Fix socket memory leak in TCP-AO failure handling for IPv6 (bsc#1250258).
- CVE-2025-39853: i40e: Fix potential invalid access when MAC list is empty (bsc#1250275).
- CVE-2025-39854: ice: fix NULL access of tx->in_use in ice_ll_ts_intr (bsc#1250297).
- CVE-2025-39857: net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync() (bsc#1250251).
- CVE-2025-39865: tee: fix NULL pointer dereference in tee_shm_put (bsc#1250294).
- CVE-2025-39875: igb: Fix NULL pointer dereference in ethtool loopback test (bsc#1250398).
- CVE-2025-39885: ocfs2: fix recursive semaphore deadlock in fiemap call (bsc#1250407).
- CVE-2025-39898: e1000e: fix heap overflow in e1000_set_eeprom (bsc#1250742).
- CVE-2025-39900: net_sched: gen_estimator: fix est_timer() vs CONFIG_PREEMPT_RT=y (bsc#1250758).
- CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702).
- CVE-2025-39922: ixgbe: fix incorrect map used in eee linkmode (bsc#1250722).
- CVE-2025-39926: genetlink: fix genl_bind() invoking bind() after -EPERM (bsc#1250737).
- CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230).
- CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114).
- CVE-2025-40300: x86/vmscape: Warn when STIBP is disabled with SMT (bsc#1247483).
- CVE-2026-38264: nvme-tcp: sanitize request list handling (bsc#1246387).
The following non-security bugs were fixed:
- ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids() (git-fixes).
- ACPI/processor_idle: Add FFH state handling (jsc#PED-13815).
- ACPI/processor_idle: Export acpi_processor_ffh_play_dead() (jsc#PED-13815).
- ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path (stable-fixes).
- ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered (stable-fixes).
- ACPI: EC: Add device to acpi_ec_no_wakeup[] qurik list (stable-fixes).
- ACPI: LPSS: Remove AudioDSP related ID (git-fixes).
- ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message (git-fixes).
- ACPI: RISC-V: Fix FFH_CPPC_CSR error handling (git-fixes).
- ACPI: Return -ENODEV from acpi_parse_spcr() when SPCR support is disabled (stable-fixes).
- ACPI: Suppress misleading SPCR console message when SPCR table is absent (stable-fixes).
- ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT (git-fixes).
- ACPI: battery: Add synchronization between interface updates (git-fixes).
- ACPI: debug: fix signedness issues in read/write helpers (git-fixes).
- ACPI: pfr_update: Fix the driver update version check (git-fixes).
- ACPI: processor: Rescan "dead" SMT siblings during initialization (jsc#PED-13815).
- ACPI: processor: fix acpi_object initialization (stable-fixes).
- ACPI: processor: idle: Fix memory leak when register cpuidle device failed (git-fixes).
- ACPI: processor: perflib: Fix initial _PPC limit application (git-fixes).
- ACPI: processor: perflib: Move problematic pr->performance check (git-fixes).
- ACPI: property: Fix buffer properties extraction for subnodes (git-fixes).
- ACPICA: Fix largest possible resource descriptor index (git-fixes).
- ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported (stable-fixes).
- ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (stable-fixes).
- ALSA: hda/ca0132: Fix missing error handling in ca0132_alt_select_out() (git-fixes).
- ALSA: hda/cs35l56: Workaround bad dev-index on Lenovo Yoga Book 9i GenX (stable-fixes).
- ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model (stable-fixes).
- ALSA: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx (stable-fixes).
- ALSA: hda/realtek - Add mute LED support for HP Victus 15-fa0xxx (stable-fixes).
- ALSA: hda/realtek - Fix mute LED for HP Victus 16-d1xxx (MB 8A26) (stable-fixes).
- ALSA: hda/realtek - Fix mute LED for HP Victus 16-r0xxx (stable-fixes).
- ALSA: hda/realtek - Fix mute LED for HP Victus 16-r1xxx (stable-fixes).
- ALSA: hda/realtek - Fix mute LED for HP Victus 16-s0xxx (stable-fixes).
- ALSA: hda/realtek: Add ALC295 Dell TAS2781 I2C fixup (git-fixes).
- ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks (stable-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG Strix G712LWS (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS NUC using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6 (stable-fixes).
- ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again (git-fixes).
- ALSA: hda/realtek: Fix headset mic for TongFang X6[AF]R5xxY (stable-fixes).
- ALSA: hda/realtek: Fix headset mic on ASUS Zenbook 14 (git-fixes).
- ALSA: hda/realtek: Fix headset mic on HONOR BRB-X (stable-fixes).
- ALSA: hda/realtek: Fix mute LED mask on HP OMEN 16 laptop (git-fixes).
- ALSA: hda/realtek: Fix mute led for HP Laptop 15-dw4xx (stable-fixes).
- ALSA: hda/realtek: add LG gram 16Z90R-A to alc269 fixup table (stable-fixes).
- ALSA: hda: Disable jack polling at shutdown (stable-fixes).
- ALSA: hda: Handle the jack polling always via a work (stable-fixes).
- ALSA: hda: intel-dsp-config: Prevent SEGFAULT if ACPI_HANDLE() is NULL (git-fixes).
- ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 (stable-fixes).
- ALSA: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe() (git-fixes).
- ALSA: lx_core: use int type to store negative error codes (git-fixes).
- ALSA: pcm: Disable bottom softirqs as part of spin_lock_irq() on PREEMPT_RT (git-fixes).
- ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop (stable-fixes).
- ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() (git-fixes).
- ALSA: timer: fix ida_free call while not allocated (git-fixes).
- ALSA: usb-audio: Add DSD support for Comtrue USB Audio device (stable-fixes).
- ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 (stable-fixes).
- ALSA: usb-audio: Add mute TLV for playback volumes on more devices (stable-fixes).
- ALSA: usb-audio: Add mute TLV for playback volumes on some devices (stable-fixes).
- ALSA: usb-audio: Allow Focusrite devices to use low samplerates (git-fixes).
- ALSA: usb-audio: Avoid multiple assignments in mixer_quirks (stable-fixes).
- ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros (stable-fixes).
- ALSA: usb-audio: Convert comma to semicolon (git-fixes).
- ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks (stable-fixes).
- ALSA: usb-audio: Fix block comments in mixer_quirks (stable-fixes).
- ALSA: usb-audio: Fix build with CONFIG_INPUT=n (git-fixes).
- ALSA: usb-audio: Fix code alignment in mixer_quirks (stable-fixes).
- ALSA: usb-audio: Fix size validation in convert_chmap_v3() (git-fixes).
- ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks (stable-fixes).
- ALSA: usb-audio: Simplify NULL comparison in mixer_quirks (stable-fixes).
- ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation (git-fixes).
- ALSA: usb-audio: Validate UAC3 cluster segment descriptors (git-fixes).
- ALSA: usb-audio: Validate UAC3 power domain descriptors, too (git-fixes).
- ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free (git-fixes).
- ALSA: usb-audio: move mixer_quirks' min_mute into common quirk (stable-fixes).
- ASoC: Intel: avs: Fix uninitialized pointer error in probe() (stable-fixes).
- ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping (git-fixes).
- ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (git-fixes).
- ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (git-fixes).
- ASoC: Intel: catpt: Expose correct bit depth to userspace (git-fixes).
- ASoC: Intel: fix SND_SOC_SOF dependencies (stable-fixes).
- ASoC: Intel: sof_sdw: Prevent jump to NULL add_sidecar callback (git-fixes).
- ASoC: SOF: Intel: Read the LLP via the associated Link DMA channel (git-fixes).
- ASoC: SOF: Intel: hda-pcm: Place the constraint on period time instead of buffer time (git-fixes).
- ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message (git-fixes).
- ASoC: SOF: amd: acp-loader: Use GFP_KERNEL for DMA allocations in resume context (git-fixes).
- ASoC: SOF: ipc3-topology: Fix multi-core and static pipelines tear down (git-fixes).
- ASoC: SOF: ipc4-topology: Account for different ChainDMA host buffer size (git-fixes).
- ASoC: SOF: ipc4-topology: Correct the minimum host DMA buffer size (git-fixes).
- ASoC: SOF: topology: Parse the dapm_widget_tokens in case of DSPless mode (stable-fixes).
- ASoC: amd: acp: Adjust pdm gain value (stable-fixes).
- ASoC: amd: yc: Add DMI entries to support HP 15-fb1xxx (stable-fixes).
- ASoC: amd: yc: Add DMI quirk for HP Laptop 17 cp-2033dx (stable-fixes).
- ASoC: amd: yc: add DMI quirk for ASUS M6501RM (stable-fixes).
- ASoC: codecs: rt5640: Retry DEVICE_ID verification (stable-fixes).
- ASoC: codecs: tx-macro: correct tx_macro_component_drv name (stable-fixes).
- ASoC: codecs: wcd9375: Fix double free of regulator supplies (git-fixes).
- ASoC: codecs: wcd937x: Drop unused buck_supply (git-fixes).
- ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() (stable-fixes).
- ASoC: fsl_sai: replace regmap_write with regmap_update_bits (git-fixes).
- ASoC: fsl_xcvr: get channel status data when PHY is not exists (git-fixes).
- ASoC: hdac_hdmi: Rate limit logging on connection and disconnection (stable-fixes).
- ASoC: imx-hdmi: remove cpu_pdev related code (git-fixes).
- ASoC: mediatek: mt8365-dai-i2s: pass correct size to mt8365_dai_set_priv (git-fixes).
- ASoC: mediatek: use reserved memory or enable buffer pre-allocation (git-fixes).
- ASoC: ops: dynamically allocate struct snd_ctl_elem_value (git-fixes).
- ASoC: qcom: audioreach: Fix lpaif_type configuration for the I2S interface (git-fixes).
- ASoC: qcom: audioreach: fix potential null pointer dereference (git-fixes).
- ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed (git-fixes).
- ASoC: qcom: q6apm-lpass-dais: Fix missing set_fmt DAI op for I2S (git-fixes).
- ASoC: qcom: use drvdata instead of component to keep id (stable-fixes).
- ASoC: rt5682s: Adjust SAR ADC button mode to fix noise issue (stable-fixes).
- ASoC: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask() (git-fixes).
- ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed (stable-fixes).
- ASoC: tas2781: Fix the wrong step for TLV on tas2781 (git-fixes).
- ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() (git-fixes).
- ASoC: wm8940: Correct PLL rate rounding (git-fixes).
- ASoC: wm8940: Correct typo in control name (git-fixes).
- ASoC: wm8974: Correct PLL rate rounding (git-fixes).
- Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (git-fixes).
- Bluetooth: ISO: Fix possible UAF on iso_conn_free (git-fixes).
- Bluetooth: ISO: do not leak skb in ISO_CONT RX (git-fixes).
- Bluetooth: ISO: free rx_skb if not consumed (git-fixes).
- Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO (git-fixes).
- Bluetooth: MGMT: Fix possible UAFs (git-fixes).
- Bluetooth: btmtk: Fix wait_on_bit_timeout interruption during shutdown (git-fixes).
- Bluetooth: btusb: Add USB ID 2001:332a for D-Link AX9U rev. A1 (stable-fixes).
- Bluetooth: btusb: Add USB ID 3625:010b for TP-LINK Archer TX10UB Nano (stable-fixes).
- Bluetooth: btusb: Add new VID/PID 0489/e14e for MT7925 (stable-fixes).
- Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync() (git-fixes).
- Bluetooth: hci_core: Fix using {cis,bis}_capable for current settings (git-fixes).
- Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced (git-fixes).
- Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync (git-fixes).
- Bluetooth: hci_event: Mark connection as closed during suspend disconnect (git-fixes).
- Bluetooth: hci_event: Mask data status from LE ext adv reports (git-fixes).
- Bluetooth: hci_event: Treat UNKNOWN_CONN_ID on disconnect as success (git-fixes).
- Bluetooth: hci_event: fix MTU for BN == 0 in CIS Established (git-fixes).
- Bluetooth: hci_sock: Reset cookie to zero in hci_sock_free_cookie() (stable-fixes).
- Bluetooth: hci_sync: Avoid adding default advertising on startup (stable-fixes).
- Bluetooth: hci_sync: Fix hci_resume_advertising_sync (git-fixes).
- Bluetooth: hci_sync: Fix scan state after PA Sync has been established (git-fixes).
- Bluetooth: hci_sync: Fix using random address for BIG/PA advertisements (git-fixes).
- Bluetooth: hci_sync: Prevent unintended PA sync when SID is 0xFF (git-fixes).
- Bluetooth: hci_sync: fix set_local_name race condition (git-fixes).
- Bluetooth: vhci: Prevent use-after-free by removing debugfs files early (git-fixes).
- CONFIG & no reference -> OK temporarily, must be resolved eventually
- Disable CET before shutdown by tboot (bsc#1247950).
- Docs/ABI: Fix sysfs-kernel-address_bits path (git-fixes).
- Documentation/x86: Document new attack vector controls (git-fixes).
- Documentation: ACPI: Fix parent device references (git-fixes).
- Documentation: KVM: Fix unexpected unindent warning (git-fixes).
- Documentation: KVM: Fix unexpected unindent warnings (git-fixes).
- Documentation: usb: gadget: Wrap remaining usage snippets in literal code block (git-fixes).
- Drop ath12k patch that was reverted in the upstream (git-fixes)
- EDAC/{i10nm,skx,skx_common}: Support UV systems (bsc#1234693).
- Enable CONFIG_CMA_SYSFS This is a generally useful feature for anyone
using CMA or investigating CMA issues, with a small and simple code base
and no runtime overhead.
- Enable MT7925 WiFi drivers for openSUSE Leap 16.0 (bsc#1247325)
- Enable SMC_LO (a.k.a SMC-D) (jsc#PED-13256).
- Fix bogus i915 patch backport (bsc#1238972) It's been already cherry-picked in 6.12 kernel itself.
- Fix dma_unmap_sg() nents value (git-fixes)
- HID: amd_sfh: Add sync across amd sfh work functions (git-fixes).
- HID: apple: avoid setting up battery timer for devices without battery (git-fixes).
- HID: apple: validate feature-report field count to prevent NULL pointer dereference (git-fixes).
- HID: asus: add support for missing PX series fn keys (stable-fixes).
- HID: asus: fix UAF via HID_CLAIMED_INPUT validation (git-fixes).
- HID: core: do not bypass hid_hw_raw_request (stable-fixes).
- HID: core: ensure the allocated report buffer can contain the reserved report ID (stable-fixes).
- HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() (stable-fixes).
- HID: hidraw: tighten ioctl command parsing (git-fixes).
- HID: input: rename hidinput_set_battery_charge_status() (stable-fixes).
- HID: input: report battery status changes immediately (git-fixes).
- HID: intel-ish-ipc: Remove redundant ready check after timeout function (git-fixes).
- HID: logitech: Add ids for G PRO 2 LIGHTSPEED (stable-fixes).
- HID: magicmouse: avoid setting up battery timer when not needed (git-fixes).
- HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() (git-fixes).
- HID: quirks: add support for Legion Go dual dinput modes (stable-fixes).
- HID: wacom: Add a new Art Pen 2 (stable-fixes).
- IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions (git-fixes)
- IB/sa: Fix sa_local_svc_timeout_ms read race (git-fixes)
- Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table (stable-fixes).
- Input: iqs7222 - avoid enabling unused interrupts (stable-fixes).
- Input: psxpad-spi - add a check for the return value of spi_setup() (git-fixes).
- Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak (git-fixes).
- KEYS: X.509: Fix Basic Constraints CA flag parsing (git-fixes).
- KEYS: trusted_tpm1: Compare HMAC values in constant time (git-fixes).
- KVM: Allow CPU to reschedule while setting per-page memory attributes (git-fixes).
- KVM: Bail from the dirty ring reset flow if a signal is pending (git-fixes).
- KVM: Bound the number of dirty ring entries in a single reset at INT_MAX (git-fixes).
- KVM: Conditionally reschedule when resetting the dirty ring (git-fixes).
- KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199).
- KVM: SVM: Disable interception of SPEC_CTRL iff the MSR exists for the guest (git-fixes).
- KVM: SVM: Fix SNP AP destroy race with VMRUN (git-fixes).
- KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight (git-fixes).
- KVM: TDX: Add new TDVMCALL status code for unsupported subfuncs (jsc#PED-13302).
- KVM: TDX: Do not report base TDVMCALLs (git-fixes).
- KVM: TDX: Exit to userspace for GetTdVmCallInfo (jsc#PED-13302).
- KVM: TDX: Exit to userspace for SetupEventNotifyInterrupt (jsc#PED-13302).
- KVM: TDX: Handle TDG.VP.VMCALL<GetQuote> (jsc#PED-13302).
- KVM: TDX: Report supported optional TDVMCALLs in TDX capabilities (jsc#PED-13302).
- KVM: TDX: Use kvm_arch_vcpu.host_debugctl to restore the host's DEBUGCTL (git-fixes).
- KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest (git-fixes).
- KVM: VMX: Ensure unused kvm_tdx_capabilities fields are zeroed out (jsc#PED-13302).
- KVM: arm64: Adjust range correctly during host stage-2 faults (git-fixes).
- KVM: arm64: Do not free hyp pages with pKVM on GICv2 (git-fixes).
- KVM: arm64: Fix error path in init_hyp_mode() (git-fixes).
- KVM: arm64: Mark freed S2 MMUs as invalid (git-fixes).
- KVM: arm64: vgic: fix incorrect spinlock API usage (git-fixes).
- KVM: s390: Fix access to unavailable adapter indicator pages during postcopy (git-fixes bsc#1250124).
- KVM: s390: Fix incorrect usage of mmu_notifier_register() (git-fixes bsc#1250123).
- KVM: x86/mmu: Locally cache whether a PFN is host MMIO when making a SPTE (git-fixes).
- KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table (git-fixes).
- KVM: x86: Avoid calling kvm_is_mmio_pfn() when kvm_x86_ops.get_mt_mask is NULL (git-fixes).
- KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap (git-fixes).
- KVM: x86: Drop pending_smi vs. INIT_RECEIVED check when setting MP_STATE (git-fixes).
- KVM: x86: Reject KVM_SET_TSC_KHZ vCPU ioctl for TSC protected guest (git-fixes).
- KVM: x86: avoid underflow when scaling TSC frequency (git-fixes).
- Limit patch filenames to 100 characters (bsc#1249604).
- Move upstreamed SPI patch into sorted section
- NFS: Fix a race when updating an existing write (git-fixes).
- NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (git-fixes).
- NFS: Fix the setting of capabilities when automounting a new filesystem (git-fixes).
- NFS: Fix wakeup of __nfs_lookup_revalidate() in unblock_revalidate() (git-fixes).
- NFS: Fixup allocation flags for nfsiod's __GFP_NORETRY (git-fixes).
- NFS: nfs_invalidate_folio() must observe the offset and size arguments (git-fixes).
- NFSD: Define a proc_layoutcommit for the FlexFiles layout type (git-fixes).
- NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() (git-fixes).
- NFSD: detect mismatch of file handle and delegation stateid in OPEN op (git-fixes).
- NFSv4.1: fix backchannel max_resp_sz verification check (git-fixes).
- NFSv4.2: another fix for listxattr (git-fixes).
- NFSv4/flexfiles: Fix layout merge mirror check (git-fixes).
- NFSv4: Clear NFS_CAP_OPEN_XOR and NFS_CAP_DELEGTIME if not supported (git-fixes).
- NFSv4: Clear the NFS_CAP_FS_LOCATIONS flag if it is not set (git-fixes).
- NFSv4: Clear the NFS_CAP_XATTR flag if not supported by the server (git-fixes).
- NFSv4: Do not clear capabilities that won't be reset (git-fixes).
- Octeontx2-af: Skip overlap check for SPI field (git-fixes).
- PCI/ACPI: Fix pci_acpi_preserve_config() memory leak (git-fixes).
- PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (git-fixes).
- PCI/AER: Fix missing uevent on recovery when a reset is requested (git-fixes).
- PCI/ERR: Fix uevent on failure to recover (git-fixes).
- PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV (git-fixes).
- PCI/MSI: Export pci_msix_prepare_desc() for dynamic MSI-X allocations (bsc#1245457).
- PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge (git-fixes).
- PCI/pwrctrl: Fix device leak at registration (git-fixes).
- PCI/sysfs: Ensure devices are powered for config reads (git-fixes).
- PCI: Extend isolated function probing to LoongArch (git-fixes).
- PCI: Rename PCIE_RESET_CONFIG_DEVICE_WAIT_MS to PCIE_RESET_CONFIG_WAIT_MS (git-fixes).
- PCI: Support Immediate Readiness on devices without PM capabilities (git-fixes).
- PCI: dw-rockchip: Replace PERST# sleep time with proper macro (git-fixes).
- PCI: dw-rockchip: Wait PCIE_RESET_CONFIG_WAIT_MS after link-up IRQ (git-fixes).
- PCI: dwc: Ensure that dw_pcie_wait_for_link() waits 100 ms after link up (stable-fixes).
- PCI: endpoint: Fix configfs group list head handling (git-fixes).
- PCI: endpoint: Fix configfs group removal on driver teardown (git-fixes).
- PCI: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem attribute (git-fixes).
- PCI: endpoint: pci-epf-vntb: Return -ENOENT if pci_epc_get_next_free_bar() fails (git-fixes).
- PCI: hv: Allow dynamic MSI-X vector allocation (bsc#1245457).
- PCI: imx6: Add IMX8MM_EP and IMX8MP_EP fixed 256-byte BAR 4 in epc_features (git-fixes).
- PCI: imx6: Add IMX8MQ_EP third 64-bit BAR in epc_features (git-fixes).
- PCI: imx6: Add i.MX8Q PCIe Endpoint (EP) support (git-fixes).
- PCI: imx6: Delay link start until configfs 'start' written (git-fixes).
- PCI: imx6: Remove apps_reset toggling from imx_pcie_{assert/deassert}_core_reset (git-fixes).
- PCI: j721e: Fix incorrect error message in probe() (git-fixes).
- PCI: j721e: Fix programming sequence of "strap" settings (git-fixes).
- PCI: keystone: Use devm_request_irq() to free "ks-pcie-error-irq" on exit (git-fixes).
- PCI: pnv_php: Clean up allocated IRQs on unplug (bsc#1215199).
- PCI: pnv_php: Work around switches with broken presence detection (bsc#1215199).
- PCI: qcom: Wait PCIE_RESET_CONFIG_WAIT_MS after link-up IRQ (git-fixes).
- PCI: rcar-gen4: Add missing 1ms delay after PWR reset assertion (git-fixes).
- PCI: rcar-gen4: Assure reset occurs before DBI access (git-fixes).
- PCI: rcar-gen4: Fix PHY initialization (git-fixes).
- PCI: rcar-gen4: Fix inverted break condition in PHY initialization (git-fixes).
- PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock (git-fixes).
- PCI: rcar-host: Drop PMSR spinlock (git-fixes).
- PCI: rockchip-host: Fix "Unexpected Completion" log message (git-fixes).
- PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining (git-fixes).
- PCI: rockchip: Use standard PCIe definitions (git-fixes).
- PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq() (git-fixes).
- PCI: tegra194: Fix duplicate PLL disable in pex_ep_event_pex_rst_assert() (git-fixes).
- PCI: tegra194: Handle errors in BPMP response (git-fixes).
- PCI: tegra194: Reset BARs when running in PCIe endpoint mode (git-fixes).
- PCI: tegra: Convert struct tegra_msi mask_lock into raw spinlock (git-fixes).
- PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation (git-fixes).
- PCI: xilinx-nwl: Fix ECAM programming (git-fixes).
- PM / devfreq: Check governor before using governor->name (git-fixes).
- PM / devfreq: Fix a index typo in trans_stat (git-fixes).
- PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() (stable-fixes).
- PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() (git-fixes).
- PM / devfreq: rockchip-dfi: double count on RK3588 (git-fixes).
- PM: EM: use kfree_rcu() to simplify the code (stable-fixes).
- PM: cpufreq: powernv/tracing: Move powernv_throttle trace event (git-fixes).
- PM: hibernate: Add pm_hibernation_mode_is_suspend() (bsc#1243112).
- PM: hibernate: Add stub for pm_hibernate_is_recovering() (bsc#1243112).
- PM: hibernate: Fix pm_hibernation_mode_is_suspend() build breakage (bsc#1243112).
- PM: hibernate: add new api pm_hibernate_is_recovering() (bsc#1243112).
- PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() (stable-fixes).
- PM: runtime: Take active children into account in pm_runtime_get_if_in_use() (git-fixes).
- PM: sleep: console: Fix the black screen issue (stable-fixes).
- PM: sleep: core: Clear power.must_resume in noirq suspend error path (git-fixes).
- RAS/AMD/ATL: Include row bit in row retirement (bsc#1242034).
- RAS/AMD/FMPM: Get masked address (bsc#1242034).
- RDMA/bnxt_re: Fix a possible memory leak in the driver (git-fixes)
- RDMA/bnxt_re: Fix size of uverbs_copy_to() in BNXT_RE_METHOD_GET_TOGGLE_MEM (git-fixes)
- RDMA/bnxt_re: Fix to do SRQ armena by default (git-fixes)
- RDMA/bnxt_re: Fix to initialize the PBL array (git-fixes)
- RDMA/bnxt_re: Fix to remove workload check in SRQ limit path (git-fixes)
- RDMA/cm: Rate limit destroy CM ID timeout error message (git-fixes)
- RDMA/core: Rate limit GID cache warning messages (git-fixes)
- RDMA/core: Resolve MAC of next-hop device without ARP support (git-fixes)
- RDMA/core: reduce stack using in nldev_stat_get_doit() (git-fixes)
- RDMA/counter: Check CAP_NET_RAW check in user namespace for RDMA counters (git-fixes)
- RDMA/erdma: Fix ignored return value of init_kernel_qp (git-fixes)
- RDMA/hns: Drop GFP_NOWARN (git-fixes)
- RDMA/hns: Fix -Wframe-larger-than issue (git-fixes)
- RDMA/hns: Fix HW configurations not cleared in error flow (git-fixes)
- RDMA/hns: Fix accessing uninitialized resources (git-fixes)
- RDMA/hns: Fix dip entries leak on devices newer than hip09 (git-fixes)
- RDMA/hns: Fix double destruction of rsv_qp (git-fixes)
- RDMA/hns: Fix querying wrong SCC context for DIP algorithm (git-fixes)
- RDMA/hns: Get message length of ack_req from FW (git-fixes)
- RDMA/mana_ib: Add device statistics support (bsc#1246651).
- RDMA/mana_ib: Drain send wrs of GSI QP (bsc#1251135).
- RDMA/mana_ib: Extend modify QP (bsc#1251135).
- RDMA/mana_ib: Fix DSCP value in modify QP (git-fixes).
- RDMA/mana_ib: add additional port counters (git-fixes).
- RDMA/mana_ib: add support of multiple ports (git-fixes).
- RDMA/mlx5: Better estimate max_qp_wr to reflect WQE count (git-fixes)
- RDMA/mlx5: Check CAP_NET_RAW in user namespace for anchor create (git-fixes)
- RDMA/mlx5: Check CAP_NET_RAW in user namespace for devx create (git-fixes)
- RDMA/mlx5: Check CAP_NET_RAW in user namespace for flow create (git-fixes)
- RDMA/mlx5: Fix UMR modifying of mkey page size (git-fixes)
- RDMA/mlx5: Fix compilation warning when USER_ACCESS isn't set (git-fixes)
- RDMA/mlx5: Fix vport loopback forcing for MPV device (git-fixes)
- RDMA/nldev: Check CAP_NET_RAW in user namespace for QP modify (git-fixes)
- RDMA/rxe: Fix race in do_task() when draining (git-fixes)
- RDMA/rxe: Flush delayed SKBs while releasing RXE resources (git-fixes)
- RDMA/siw: Always report immediate post SQ errors (git-fixes)
- RDMA/siw: Fix the sendmsg byte count in siw_tcp_sendpages (git-fixes)
- RDMA/uverbs: Add empty rdma_uattrs_has_raw_cap() declaration (git-fixes)
- RDMA/uverbs: Check CAP_NET_RAW in user namespace for QP create (git-fixes)
- RDMA/uverbs: Check CAP_NET_RAW in user namespace for RAW QP create (git-fixes)
- RDMA/uverbs: Check CAP_NET_RAW in user namespace for flow create (git-fixes)
- RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (git-fixes)
- README.BRANCH: mfranc@suse.cz leaving SUSE
- RISC-V: Add defines for the SBI nested acceleration extension (jsc#PED-348).
- Reapply "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" (git-fixes).
- Reapply "x86/smp: Eliminate mwait_play_dead_cpuid_hint()" (jsc#PED-13815).
- Revert "SUNRPC: Do not allow waiting for exiting tasks" (git-fixes).
- Revert "drm/amdgpu: fix incorrect vm flags to map bo" (stable-fixes).
- Revert "drm/nouveau: check ioctl command codes better" (git-fixes).
- Revert "gpio: mlxbf3: only get IRQ for device instance 0" (git-fixes).
- Revert "leds: trigger: netdev: Configure LED blink interval for HW offload" (git-fixes).
- Revert "mac80211: Dynamically set CoDel parameters per station" (stable-fixes).
- Revert "usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running" (git-fixes).
- Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()" (stable-fixes).
- Revert "wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO" (git-fixes).
- SUNRPC: call xs_sock_process_cmsg for all cmsg (git-fixes).
- Squashfs: add additional inode sanity checking (git-fixes).
- Squashfs: fix uninit-value in squashfs_get_parent (git-fixes).
- Squashfs: reject negative file sizes in squashfs_read_inode() (git-fixes).
- USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels (git-fixes).
- USB: gadget: f_hid: Fix memory leak in hidg_bind error path (git-fixes).
- USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI (stable-fixes).
- USB: serial: option: add Foxconn T99W640 (stable-fixes).
- USB: serial: option: add Foxconn T99W709 (stable-fixes).
- USB: serial: option: add SIMCom 8230C compositions (stable-fixes).
- USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition (stable-fixes).
- USB: serial: option: add Telit Cinterion FN990A w/audio compositions (stable-fixes).
- USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions (stable-fixes).
- USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera (stable-fixes).
- USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles (stable-fixes).
- Update config files. (bsc#1249186) Enable where we define KABI refs + rely on Kconfig deps.
- Update config files: revive pwc driver for Leap (bsc#1249060)
- accel/habanalabs/gaudi2: Use kvfree() for memory allocated with kvcalloc() (git-fixes).
- accel/ivpu: Correct DCT interrupt handling (git-fixes).
- accel/ivpu: Fix reset_engine debugfs file logic (stable-fixes).
- accel/ivpu: Fix warning in ivpu_gem_bo_free() (git-fixes).
- accel/ivpu: Prevent recovery work from being queued during device removal (git-fixes).
- amdgpu/amdgpu_discovery: increase timeout limit for IFWI init (stable-fixes).
- aoe: defer rexmit timer downdev work to workqueue (git-fixes).
- arch/powerpc: Remove .interp section in vmlinux (bsc#1215199).
- arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() (git-fixes)
- arm64/mm: Check PUD_TYPE_TABLE in pud_bad() (git-fixes)
- arm64/mm: Check pmd_table() in pmd_trans_huge() (git-fixes)
- arm64/mm: Close theoretical race where stale TLB entry remains valid (git-fixes)
- arm64/mm: Drop wrong writes into TCR2_EL1 (git-fixes)
- arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes)
- arm64/sysreg: Add register fields for HDFGRTR2_EL2 (git-fixes)
- arm64/sysreg: Add register fields for HDFGWTR2_EL2 (git-fixes)
- arm64/sysreg: Add register fields for HFGITR2_EL2 (git-fixes)
- arm64/sysreg: Add register fields for HFGRTR2_EL2 (git-fixes)
- arm64/sysreg: Add register fields for HFGWTR2_EL2 (git-fixes)
- arm64/sysreg: Update register fields for ID_AA64MMFR0_EL1 (git-fixes)
- arm64: Filter out SME hwcaps when FEAT_SME isn't implemented (git-fixes)
- arm64: Handle KCOV __init vs inline mismatches (git-fixes)
- arm64: Mark kernel as tainted on SAE and SError panic (git-fixes)
- arm64: Restrict pagetable teardown to avoid false warning (git-fixes)
- arm64: config: Make tpm_tis_spi module build-in (bsc#1246896)
- arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD (git-fixes)
- arm64: dts: add big-endian property back into watchdog node (git-fixes)
- arm64: dts: apple: Add ethernet0 alias for J375 template (git-fixes)
- arm64: dts: apple: t8103-j457: Fix PCIe ethernet iommu-map (git-fixes)
- arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename (git-fixes)
- arm64: dts: exynos: gs101: Add 'local-timer-stop' to cpuidle nodes (git-fixes)
- arm64: dts: exynos: gs101: ufs: add dma-coherent property (git-fixes)
- arm64: dts: freescale: imx8mm-verdin: Keep LDO5 always on (git-fixes)
- arm64: dts: freescale: imx93-tqma9352: Limit BUCK2 to 600mV (git-fixes)
- arm64: dts: imx8mm-beacon: Fix HS400 USDHC clock speed (git-fixes)
- arm64: dts: imx8mm-beacon: Fix RTC capacitive load (git-fixes)
- arm64: dts: imx8mm-beacon: Set SAI5 MCLK direction to output for HDMI (git-fixes)
- arm64: dts: imx8mm-venice-gw700x: Increase HS400 USDHC clock speed (git-fixes)
- arm64: dts: imx8mm-venice-gw7901: Increase HS400 USDHC clock speed (git-fixes)
- arm64: dts: imx8mm-venice-gw7902: Increase HS400 USDHC clock speed (git-fixes)
- arm64: dts: imx8mm-venice-gw7903: Increase HS400 USDHC clock speed (git-fixes)
- arm64: dts: imx8mm-venice-gw7904: Increase HS400 USDHC clock speed (git-fixes)
- arm64: dts: imx8mn-beacon: Fix HS400 USDHC clock speed (git-fixes)
- arm64: dts: imx8mn-beacon: Fix RTC capacitive load (git-fixes)
- arm64: dts: imx8mn-beacon: Set SAI5 MCLK direction to output for HDMI (git-fixes)
- arm64: dts: imx8mn-venice-gw7902: Increase HS400 USDHC clock speed (git-fixes)
- arm64: dts: imx8mp-beacon: Fix RTC capacitive load (git-fixes)
- arm64: dts: imx8mp-tqma8mpql: fix LDO5 power off (git-fixes)
- arm64: dts: imx8mp-venice-gw702x: Increase HS400 USDHC clock speed (git-fixes)
- arm64: dts: imx8mp-venice-gw71xx: fix TPM SPI frequency (git-fixes)
- arm64: dts: imx8mp-venice-gw72xx: fix TPM SPI frequency (git-fixes)
- arm64: dts: imx8mp-venice-gw73xx: fix TPM SPI frequency (git-fixes)
- arm64: dts: imx8mp-venice-gw74xx: fix TPM SPI frequency (git-fixes)
- arm64: dts: imx8mp: Correct thermal sensor index (git-fixes)
- arm64: dts: imx8mp: Fix missing microSD slot vqmmc on DH electronics (git-fixes)
- arm64: dts: imx8mp: Fix missing microSD slot vqmmc on Data Modul (git-fixes)
- arm64: dts: imx93-kontron: Fix GPIO for panel regulator (git-fixes)
- arm64: dts: imx93-kontron: Fix USB port assignment (git-fixes)
- arm64: dts: imx95: Correct the DMA interrupter number of pcie0_ep (git-fixes)
- arm64: dts: imx95: Correct the lpuart7 and lpuart8 srcid (git-fixes)
- arm64: dts: marvell: cn9132-clearfog: disable eMMC high-speed modes (git-fixes)
- arm64: dts: marvell: cn9132-clearfog: fix multi-lane pci x2 and x4 (git-fixes)
- arm64: dts: rockchip: Add cd-gpios for sdcard detect on Cool Pi 4B (git-fixes).
- arm64: dts: rockchip: Add cd-gpios for sdcard detect on Cool Pi CM5 (git-fixes)
- arm64: dts: rockchip: Add vcc-supply to SPI flash on (git-fixes)
- arm64: dts: rockchip: Add vcc-supply to SPI flash on rk3566-rock3c (git-fixes)
- arm64: dts: rockchip: Fix Bluetooth interrupts flag on Neardi LBA3368 (git-fixes)
- arm64: dts: rockchip: Fix the headphone detection on the orangepi 5 (git-fixes)
- arm64: dts: rockchip: Move SHMEM memory to reserved memory on rk3588 (git-fixes)
- arm64: dts: rockchip: Update eMMC for NanoPi R5 series (git-fixes)
- arm64: dts: rockchip: disable unrouted USB controllers and PHY on (git-fixes)
- arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma (git-fixes)
- arm64: dts: rockchip: fix endpoint dtc warning for PX30 ISP (git-fixes)
- arm64: dts: rockchip: fix internal USB hub instability on RK3399 Puma (git-fixes)
- arm64: dts: rockchip: use cs-gpios for spi1 on ringneck (git-fixes)
- arm64: dts: st: fix timer used for ticks (git-fixes)
- arm64: ftrace: fix unreachable PLT for ftrace_caller in init_module (git-fixes)
- arm64: map [_text, _stext) virtual address range (git-fixes)
- arm64: mte: Do not flag the zero page as PG_mte_tagged (git-fixes)
- arm64: poe: Handle spurious Overlay faults (git-fixes)
- arm64: rust: clean Rust 1.85.0 warning using softfloat target (git-fixes)
- arm64: stacktrace: Check kretprobe_find_ret_addr() return value (git-fixes)
- arm64: tegra: Add uartd serial alias for Jetson TX1 module (git-fixes)
- arm64: tegra: Drop remaining serial clock-names and reset-names (git-fixes)
- arm64: tegra: Resize aperture for the IGX PCIe C5 slot (git-fixes)
- arm64: tegra: p2597: Fix gpio for vdd-1v8-dis regulator (git-fixes)
- arm64: zynqmp: add clock-output-names property in clock nodes (git-fixes)
- ata: ahci: Disable DIPM if host lacks support (stable-fixes).
- ata: ahci: Disallow LPM policy control if not supported (stable-fixes).
- ata: libata-sata: Add link_power_management_supported sysfs attribute (git-fixes).
- ata: libata-sata: Disallow changing LPM state if not supported (stable-fixes).
- ata: libata-scsi: Fix CDL control (git-fixes).
- audit,module: restore audit logging in load failure case (git-fixes).
- ax25: properly unshare skbs in ax25_kiss_rcv() (git-fixes).
- batman-adv: fix OOB read/write in network-coding decode (git-fixes).
- benet: fix BUG when creating VFs (git-fixes).
- block: Introduce bio_needs_zone_write_plugging() (git-fixes).
- block: Make REQ_OP_ZONE_FINISH a write operation (git-fixes, bsc#1249552).
- block: ensure discard_granularity is zero when discard is not supported (git-fixes).
- block: fix kobject leak in blk_unregister_queue (git-fixes).
- block: mtip32xx: Fix usage of dma_map_sg() (git-fixes).
- block: sanitize chunk_sectors for atomic write limits (git-fixes).
- bnxt_en: Add a helper function to configure MRU and RSS (git-fixes).
- bnxt_en: Adjust TX rings if reservation is less than requested (git-fixes).
- bnxt_en: Fix DCB ETS validation (git-fixes).
- bnxt_en: Fix memory corruption when FW resources change during ifdown (git-fixes).
- bnxt_en: Fix stats context reservation logic (git-fixes).
- bnxt_en: Flush FW trace before copying to the coredump (git-fixes).
- bnxt_en: Update MRU and RSS table of RSS contexts on queue reset (git-fixes).
- bnxt_en: eliminate the compile warning in bnxt_request_irq due to CONFIG_RFS_ACCEL (git-fixes).
- bpf, arm64: Call bpf_jit_binary_pack_finalize() in bpf_jit_free() (git-fixes)
- bpf, arm64: Fix fp initialization for exception boundary (git-fixes)
- bpf, docs: Fix broken link to renamed bpf_iter_task_vmas.c (git-fixes).
- bpf, sockmap: Fix psock incorrectly pointing to sk (git-fixes).
- bpf: Adjust free target to avoid global starvation of LRU map (git-fixes).
- bpf: Allow XDP dev-bound programs to perform XDP_REDIRECT into maps (git-fixes).
- bpf: Avoid RCU context warning when unpinning htab with internal structs (git-fixes).
- bpf: Check link_create.flags parameter for multi_kprobe (git-fixes).
- bpf: Check link_create.flags parameter for multi_uprobe (git-fixes).
- bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} (git-fixes).
- bpf: Fix uninitialized values in BPF_{CORE,PROBE}_READ (git-fixes).
- bpf: Forget ranges when refining tnum after JSET (git-fixes).
- bpf: Make reg_not_null() true for CONST_PTR_TO_MAP (git-fixes).
- bpf: Only fails the busy counter check in bpf_cgrp_storage_get if it creates storage (git-fixes).
- bpf: Reject %p% format string in bprintf-like helpers (git-fixes).
- bpf: Reject attaching fexit/fmod_ret to __noreturn functions (git-fixes).
- bpf: Reject narrower access to pointer ctx fields (git-fixes).
- bpf: Return prog btf_id without capable check (git-fixes).
- bpf: Use preempt_count() directly in bpf_send_signal_common() (git-fixes).
- bpf: Use proper type to calculate bpf_raw_tp_null_args.mask index (git-fixes).
- bpf: fix possible endless loop in BPF map iteration (git-fixes).
- btrfs: abort transaction during log replay if walk_log_tree() failed (git-fixes).
- btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() (git-fixes).
- btrfs: add assertions and comment about path expectations to btrfs_cross_ref_exist() (git-fixes).
- btrfs: add debug build only WARN (bsc#1249038).
- btrfs: add function comment for check_committed_ref() (git-fixes).
- btrfs: always abort transaction on failure to add block group to free space tree (git-fixes).
- btrfs: avoid load/store tearing races when checking if an inode was logged (git-fixes).
- btrfs: avoid redundant call to get inline ref type at check_committed_ref() (git-fixes).
- btrfs: avoid starting new transaction when cleaning qgroup during subvolume drop (git-fixes).
- btrfs: clear dirty status from extent buffer on error at insert_new_root() (git-fixes).
- btrfs: codify pattern for adding block_group to bg_list (git-fixes).
- btrfs: convert ASSERT(0) with handled errors to DEBUG_WARN() (bsc#1249038).
- btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling (git-fixes).
- btrfs: correctly escape subvol in btrfs_show_options() (git-fixes).
- btrfs: do not allow relocation of partially dropped subvolumes (bsc#1249540).
- btrfs: do not ignore inode missing when replaying log tree (git-fixes).
- btrfs: do not output error message if a qgroup has been already cleaned up (git-fixes).
- btrfs: do not return VM_FAULT_SIGBUS on failure to set delalloc for mmap write (bsc#1247949).
- btrfs: do not silently ignore unexpected extent type when replaying log (git-fixes).
- btrfs: do not skip remaining extrefs if dir not found during log replay (git-fixes).
- btrfs: enhance ASSERT() to take optional format string (bsc#1249038).
- btrfs: error on missing block group when unaccounting log tree extent buffers (git-fixes).
- btrfs: exit after state split error at set_extent_bit() (git-fixes).
- btrfs: explicitly ref count block_group on new_bgs list (bsc#1243068)
- btrfs: fix -ENOSPC mmap write failure on NOCOW files/extents (bsc#1247949).
- btrfs: fix assertion when building free space tree (git-fixes).
- btrfs: fix corruption reading compressed range when block size is smaller than page size (git-fixes).
- btrfs: fix data overwriting bug during buffered write when block size < page size (git-fixes).
- btrfs: fix data race when accessing the inode's disk_i_size at btrfs_drop_extents() (git-fixes).
- btrfs: fix incorrect log message for nobarrier mount option (git-fixes).
- btrfs: fix inode lookup error handling during log replay (git-fixes).
- btrfs: fix invalid extref key setup when replaying dentry (git-fixes).
- btrfs: fix invalid inode pointer after failure to create reloc inode (git-fixes).
- btrfs: fix invalid inode pointer dereferences during log replay (git-fixes).
- btrfs: fix iteration bug in __qgroup_excl_accounting() (git-fixes).
- btrfs: fix log tree replay failure due to file with 0 links and extents (git-fixes).
- btrfs: fix missing error handling when searching for inode refs during log replay (git-fixes).
- btrfs: fix non-empty delayed iputs list on unmount due to async workers (git-fixes).
- btrfs: fix printing of mount info messages for NODATACOW/NODATASUM (git-fixes).
- btrfs: fix race between logging inode and checking if it was logged before (git-fixes).
- btrfs: fix race between setting last_dir_index_offset and inode logging (git-fixes).
- btrfs: fix squota compressed stats leak (git-fixes).
- btrfs: fix ssd_spread overallocation (git-fixes).
- btrfs: fix subvolume deletion lockup caused by inodes xarray race (git-fixes).
- btrfs: fix the inode leak in btrfs_iget() (git-fixes).
- btrfs: fix two misuses of folio_shift() (git-fixes).
- btrfs: fix wrong length parameter for btrfs_cleanup_ordered_extents() (git-fixes).
- btrfs: handle unaligned EOF truncation correctly for subpage cases (bsc#1249038).
- btrfs: initialize inode::file_extent_tree after i_mode has been set (git-fixes).
- btrfs: make btrfs_discard_workfn() block_group ref explicit (bsc#1243068)
- btrfs: make btrfs_iget() return a btrfs inode instead (git-fixes).
- btrfs: make btrfs_iget_path() return a btrfs inode instead (git-fixes).
- btrfs: move transaction aborts to the error site in add_block_group_free_space() (git-fixes).
- btrfs: pass a btrfs_inode to fixup_inode_link_count() (git-fixes).
- btrfs: pass struct btrfs_inode to btrfs_defrag_file() (git-fixes).
- btrfs: pass struct btrfs_inode to btrfs_double_mmap_lock() (git-fixes).
- btrfs: pass struct btrfs_inode to btrfs_double_mmap_unlock() (git-fixes).
- btrfs: pass struct btrfs_inode to btrfs_extent_same_range() (git-fixes).
- btrfs: pass struct btrfs_inode to btrfs_fill_inode() (git-fixes).
- btrfs: pass struct btrfs_inode to btrfs_iget_locked() (git-fixes).
- btrfs: pass struct btrfs_inode to btrfs_inode_inherit_props() (git-fixes).
- btrfs: pass struct btrfs_inode to btrfs_inode_type() (git-fixes).
- btrfs: pass struct btrfs_inode to btrfs_load_inode_props() (git-fixes).
- btrfs: pass struct btrfs_inode to btrfs_read_locked_inode() (git-fixes).
- btrfs: pass struct btrfs_inode to can_nocow_extent() (git-fixes).
- btrfs: pass struct btrfs_inode to clone_copy_inline_extent() (git-fixes).
- btrfs: pass struct btrfs_inode to extent_range_clear_dirty_for_io() (git-fixes).
- btrfs: pass struct btrfs_inode to fill_stack_inode_item() (git-fixes).
- btrfs: pass struct btrfs_inode to new_simple_dir() (git-fixes).
- btrfs: pass true to btrfs_delalloc_release_space() at btrfs_page_mkwrite() (bsc#1247949).
- btrfs: propagate last_unlink_trans earlier when doing a rmdir (git-fixes).
- btrfs: props: switch prop_handler::apply to struct btrfs_inode (git-fixes).
- btrfs: props: switch prop_handler::extract to struct btrfs_inode (git-fixes).
- btrfs: push cleanup into btrfs_read_locked_inode() (git-fixes).
- btrfs: qgroup: fix qgroup create ioctl returning success after quotas disabled (git-fixes).
- btrfs: qgroup: fix race between quota disable and quota rescan ioctl (git-fixes).
- btrfs: qgroup: remove no longer used fs_info->qgroup_ulist (git-fixes).
- btrfs: qgroup: set quota enabled bit if quota disable fails flushing reservations (git-fixes).
- btrfs: record new subvolume in parent dir earlier to avoid dir logging races (git-fixes).
- btrfs: remove conditional path allocation in btrfs_read_locked_inode() (git-fixes).
- btrfs: remove no longer needed strict argument from can_nocow_extent() (git-fixes).
- btrfs: remove redundant path release when replaying a log tree (git-fixes).
- btrfs: remove the snapshot check from check_committed_ref() (git-fixes).
- btrfs: restore mount option info messages during mount (git-fixes).
- btrfs: return a btrfs_inode from btrfs_iget_logging() (git-fixes).
- btrfs: return a btrfs_inode from read_one_inode() (git-fixes).
- btrfs: return any hit error from extent_writepage_io() (git-fixes).
- btrfs: send: remove unnecessary inode lookup at send_encoded_inline_extent() (git-fixes).
- btrfs: simplify arguments for btrfs_cross_ref_exist() (git-fixes).
- btrfs: simplify early error checking in btrfs_page_mkwrite() (bsc#1247949).
- btrfs: simplify error detection flow during log replay (git-fixes).
- btrfs: simplify return logic at check_committed_ref() (git-fixes).
- btrfs: subpage: fix the bitmap dump of the locked flags (git-fixes).
- btrfs: tests: fix chunk map leak after failure to add it to the tree (git-fixes).
- btrfs: tree-checker: fix the incorrect inode ref size check (git-fixes).
- btrfs: unfold transaction aborts when replaying log trees (git-fixes).
- btrfs: unify ordering of btrfs_key initializations (git-fixes).
- btrfs: update superblock's device bytes_used when dropping chunk (git-fixes).
- btrfs: use a single variable to track return value at btrfs_page_mkwrite() (bsc#1247949).
- btrfs: use btrfs_record_snapshot_destroy() during rmdir (git-fixes).
- btrfs: use filemap_get_folio() helper (git-fixes).
- btrfs: use struct btrfs_inode inside btrfs_get_name() (git-fixes).
- btrfs: use struct btrfs_inode inside btrfs_get_parent() (git-fixes).
- btrfs: use struct btrfs_inode inside btrfs_remap_file_range() (git-fixes).
- btrfs: use struct btrfs_inode inside btrfs_remap_file_range_prep() (git-fixes).
- btrfs: use struct btrfs_inode inside create_pending_snapshot() (git-fixes).
- btrfs: use verbose ASSERT() in volumes.c (bsc#1249038).
- build_bug.h: Add KABI assert (bsc#1249186).
- bus: firewall: Fix missing static inline annotations for stubs (git-fixes).
- bus: fsl-mc: Check return value of platform_get_resource() (git-fixes).
- bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint() (git-fixes).
- bus: mhi: ep: Fix chained transfer handling in read path (git-fixes).
- bus: mhi: host: Detect events pointing to unexpected TREs (git-fixes).
- bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() (git-fixes).
- bus: mhi: host: pci_generic: Fix the modem name of Foxconn T99W640 (git-fixes).
- can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes).
- can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled (stable-fixes).
- can: hi311x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes).
- can: j1939: implement NETDEV_UNREGISTER notification handler (git-fixes).
- can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails (git-fixes).
- can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed (git-fixes).
- can: kvaser_pciefd: Store device channel index (git-fixes).
- can: kvaser_usb: Assign netdev.dev_port based on device channel index (git-fixes).
- can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow (git-fixes).
- can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode (git-fixes).
- can: peak_usb: fix USB FD devices potential malfunction (git-fixes).
- can: peak_usb: fix shift-out-of-bounds issue (git-fixes).
- can: rcar_can: rcar_can_resume(): fix s2ram with PSCI (stable-fixes).
- can: rcar_canfd: Fix controller mode setting (stable-fixes).
- can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow (git-fixes).
- can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB (git-fixes).
- cdc-acm: fix race between initial clearing halt and open (git-fixes).
- cdc_ncm: Flag Intel OEM version of Fibocom L850-GL as WWAN (stable-fixes).
- cdx: Fix off-by-one error in cdx_rpmsg_probe() (git-fixes).
- cgroup/cpuset: Fix a partition error with CPU hotplug (bsc#1241166).
- cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key (bsc#1241166).
- cgroup: Add compatibility option for content of /proc/cgroups (jsc#PED-12405).
- cgroup: Print message when /proc/cgroups is read on v2-only system (jsc#PED-12405).
- cgroup: llist: avoid memory tears for llist_node (bsc#1247963).
- cgroup: make css_rstat_updated nmi safe (bsc#1247963).
- cgroup: remove per-cpu per-subsystem locks (bsc#1247963).
- cgroup: support to enable nmi-safe css_rstat_updated (bsc#1247963).
- char: misc: Fix improper and inaccurate error code returned by misc_init() (stable-fixes).
- clk: at91: peripheral: fix return value (git-fixes).
- clk: at91: sam9x7: update pll clk ranges (git-fixes).
- clk: clk-axi-clkgen: fix fpfd_max frequency for zynq (git-fixes).
- clk: davinci: Add NULL check in davinci_lpsc_clk_register() (git-fixes).
- clk: imx95-blk-ctl: Fix synchronous abort (git-fixes).
- clk: mediatek: clk-mux: Do not pass flags to clk_mux_determine_rate_flags() (git-fixes).
- clk: mediatek: mt8195-infra_ao: Fix parent for infra_ao_hdmi_26m (git-fixes).
- clk: qcom: common: Fix NULL vs IS_ERR() check in qcom_cc_icc_register() (git-fixes).
- clk: qcom: gcc-ipq8074: fix broken freq table for nss_port6_tx_clk_src (git-fixes).
- clk: qcom: tcsrcc-x1e80100: Set the bi_tcxo as parent to eDP refclk (git-fixes).
- clk: renesas: cpg-mssr: Fix memory leak in cpg_mssr_reserved_init() (git-fixes).
- clk: renesas: rzv2h: Fix missing CLK_SET_RATE_PARENT flag for ddiv clocks (git-fixes).
- clk: samsung: exynos850: fix a comment (git-fixes).
- clk: samsung: gs101: fix CLK_DOUT_CMU_G3D_BUSD (git-fixes).
- clk: samsung: gs101: fix alternate mout_hsi0_usb20_ref parent clock (git-fixes).
- clk: sunxi-ng: v3s: Fix de clock definition (git-fixes).
- clk: tegra: do not overallocate memory for bpmp clocks (git-fixes).
- clk: thead: th1520-ap: Correctly refer the parent of osc_12m (git-fixes).
- clk: xilinx: vcu: unregister pll_post only if registered correctly (git-fixes).
- comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() (git-fixes).
- comedi: Make insn_rw_emulate_bits() do insn->n samples (git-fixes).
- comedi: fix race between polling and detaching (git-fixes).
- comedi: pcl726: Prevent invalid irq number (git-fixes).
- compiler-clang.h: define __SANITIZE_*__ macros only when undefined (stable-fixes).
- compiler: remove __ADDRESSABLE_ASM{_STR,}() again (git-fixes).
- config.sh: SLFO 1.2 branched in IBS
- config: arm64: default: enable mtu3 dual-role support for MediaTek platforms (bsc#1245206)
- coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes).
- cpu: Define attack vectors (git-fixes).
- cpufreq/amd-pstate: Fix a regression leading to EPP 0 after resume (git-fixes).
- cpufreq/amd-pstate: Fix setting of CPPC.min_perf in active mode for performance governor (git-fixes).
- cpufreq/sched: Explicitly synchronize limits_changed flag (git-fixes)
- cpufreq/sched: Fix the usage of CPUFREQ_NEED_UPDATE_LIMITS (git-fixes)
- cpufreq: Add SM8650 to cpufreq-dt-platdev blocklist (stable-fixes).
- cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay (stable-fixes).
- cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag (stable-fixes).
- cpufreq: Exit governor when failed to start old governor (stable-fixes).
- cpufreq: Init policy->rwsem before it may be possibly used (git-fixes).
- cpufreq: Initialize cpufreq-based frequency-invariance later (git-fixes).
- cpufreq: Initialize cpufreq-based invariance before subsys (git-fixes).
- cpufreq: Make drivers using CPUFREQ_ETERNAL specify transition latency (stable-fixes git-fixes).
- cpufreq: Reference count policy in cpufreq_update_limits() (git-fixes).
- cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() (stable-fixes).
- cpufreq: armada-8k: make both cpu masks static (git-fixes).
- cpufreq: cppc: Fix invalid return value in .get() callback (git-fixes).
- cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() (git-fixes).
- cpufreq: intel_pstate: Add Granite Rapids support in no-HWP mode (stable-fixes).
- cpufreq: intel_pstate: Always use HWP_DESIRED_PERF in passive mode (git-fixes).
- cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (git-fixes).
- cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode (git-fixes).
- cpufreq: mediatek: fix device leak on probe failure (git-fixes).
- cpufreq: scmi: Account for malformed DT in scmi_dev_used_by_cpus() (git-fixes).
- cpufreq: scmi: Skip SCMI devices that are not used by the CPUs (stable-fixes).
- cpufreq: scpi: compare kHz instead of Hz (git-fixes).
- cpufreq: sun50i: prevent out-of-bounds access (git-fixes).
- cpufreq: tegra186: Set target frequency for all cpus in policy (git-fixes).
- cpufreq: tegra186: Share policy per cluster (stable-fixes).
- cpupower: Fix a bug where the -t option of the set subcommand was not working (stable-fixes).
- crypto: af_alg - Set merge to zero early in af_alg_sendmsg (git-fixes).
- crypto: arm/aes-neonbs - work around gcc-15 warning (git-fixes).
- crypto: aspeed - Fix dma_unmap_sg() direction (git-fixes).
- crypto: atmel - Fix dma_unmap_sg() direction (git-fixes).
- crypto: caam - Prevent crash on suspend with iMX8QM / iMX8ULP (git-fixes).
- crypto: ccp - Add missing bootloader info reg for pspv6 (stable-fixes).
- crypto: ccp - Fix crash when rebind ccp device for ccp.ko (git-fixes).
- crypto: ccp - Fix locking on alloc failure handling (git-fixes).
- crypto: essiv - Check ssize for decryption and in-place encryption (git-fixes).
- crypto: hisilicon - re-enable address prefetch after device resuming (git-fixes).
- crypto: hisilicon/hpre - fix dma unmap sequence (stable-fixes).
- crypto: hisilicon/qm - check whether the input function and PF are on the same device (git-fixes).
- crypto: hisilicon/qm - set NULL to qm->debug.qm_diff_regs (git-fixes).
- crypto: hisilicon/zip - remove unnecessary validation for high-performance mode configurations (git-fixes).
- crypto: img-hash - Fix dma_unmap_sg() nents value (git-fixes).
- crypto: inside-secure - Fix `dma_unmap_sg()` nents value (git-fixes).
- crypto: jitter - fix intermediary handling (stable-fixes).
- crypto: keembay - Add missing check after sg_nents_for_len() (git-fixes).
- crypto: keembay - Fix dma_unmap_sg() nents value (git-fixes).
- crypto: marvell/cesa - Fix engine load inaccuracy (git-fixes).
- crypto: octeontx2 - Call strscpy() with correct size argument (git-fixes).
- crypto: octeontx2 - Fix address alignment issue on ucode loading (stable-fixes).
- crypto: octeontx2 - Fix address alignment on CN10K A0/A1 and OcteonTX2 (stable-fixes).
- crypto: octeontx2 - Fix address alignment on CN10KB and CN10KA-B0 (stable-fixes).
- crypto: octeontx2 - add timeout for load_fvc completion poll (stable-fixes).
- crypto: qat - allow enabling VFs in the absence of IOMMU (git-fixes).
- crypto: qat - disable ZUC-256 capability for QAT GEN5 (git-fixes).
- crypto: qat - fix DMA direction for compression on GEN2 devices (git-fixes).
- crypto: qat - fix seq_file position update in adf_ring_next() (git-fixes).
- crypto: qat - fix state restore for banks with exceptions (git-fixes).
- crypto: qat - flush misc workqueue during device shutdown (git-fixes).
- crypto: qat - lower priority for skcipher and aead algorithms (stable-fixes).
- crypto: qat - use unmanaged allocation for dc_data (git-fixes).
- crypto: rng - Ensure set_ent is always present (git-fixes).
- crypto: rockchip - Fix dma_unmap_sg() nents value (git-fixes).
- crypto: sun8i-ce - fix nents passed to dma_unmap_sg() (git-fixes).
- devlink: Add support for u64 parameters (jsc#PED-13331).
- devlink: avoid param type value translations (jsc#PED-13331).
- devlink: define enum for attr types of dynamic attributes (jsc#PED-13331).
- devlink: introduce devlink_nl_put_u64() (jsc#PED-13331).
- devlink: let driver opt out of automatic phys_port_name generation (git-fixes).
- dm-mpath: do not print the "loaded" message if registering fails (git-fixes).
- dm-stripe: limit chunk_sectors to the stripe size (git-fixes).
- dm-table: fix checking for rq stackable devices (git-fixes).
- dm: Check for forbidden splitting of zone write operations (git-fixes).
- dm: split write BIOs on zone boundaries when zone append is not emulated (git-fixes).
- dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted (stable-fixes).
- dmaengine: Fix dma_async_tx_descriptor->tx_submit documentation (git-fixes).
- dmaengine: dw-edma: Drop unused dchan2dev() and chan2dev() (git-fixes).
- dmaengine: dw: dmamux: Fix device reference leak in rzn1_dmamux_route_allocate (git-fixes).
- dmaengine: fsl-dpaa2-qdma: Drop unused mc_enc() (git-fixes).
- dmaengine: idxd: Fix double free in idxd_setup_wqs() (git-fixes).
- dmaengine: idxd: Fix refcount underflow on module unload (git-fixes).
- dmaengine: idxd: Remove improper idxd_free (git-fixes).
- dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status() (git-fixes).
- dmaengine: mmp: Fix again Wvoid-pointer-to-enum-cast warning (git-fixes).
- dmaengine: mv_xor: Fix missing check after DMA map and missing unmap (git-fixes).
- dmaengine: nbpfaxi: Add missing check after DMA map (git-fixes).
- dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees (git-fixes).
- dmaengine: qcom: gpi: Drop unused gpi_write_reg_field() (git-fixes).
- dmaengine: stm32-dma: configure next sg only if there are more than 2 sgs (stable-fixes).
- dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (git-fixes).
- docs: admin-guide: update to current minimum pipe size default (git-fixes).
- dpll: Add basic Microchip ZL3073x support (jsc#PED-13331).
- dpll: Make ZL3073X invisible (jsc#PED-13331).
- dpll: zl3073x: Add support to get/set frequency on pins (jsc#PED-13331).
- dpll: zl3073x: Add support to get/set priority on input pins (jsc#PED-13331).
- dpll: zl3073x: Fetch invariants during probe (jsc#PED-13331).
- dpll: zl3073x: Fix build failure (jsc#PED-13331).
- dpll: zl3073x: Implement input pin selection in manual mode (jsc#PED-13331).
- dpll: zl3073x: Implement input pin state setting in automatic mode (jsc#PED-13331).
- dpll: zl3073x: Read DPLL types and pin properties from system firmware (jsc#PED-13331).
- dpll: zl3073x: Register DPLL devices and pins (jsc#PED-13331).
- dpll: zl3073x: ZL3073X_I2C and ZL3073X_SPI should depend on NET (jsc#PED-13331).
- driver core/PM: Set power.no_callbacks along with power.no_pm (stable-fixes).
- drivers/base/node: fix double free in register_one_node() (git-fixes).
- drivers/base/node: handle error properly in register_one_node() (git-fixes).
- drivers: base: handle module_kobject creation (git-fixes).
- drm/amd : Update MES API header file for v11 & v12 (stable-fixes).
- drm/amd/amdgpu: Declare isp firmware binary file (stable-fixes).
- drm/amd/amdgpu: Fix missing error return on kzalloc failure (git-fixes).
- drm/amd/amdgpu: Implement MES suspend/resume gang functionality for v12 (bsc#1243112).
- drm/amd/amdgpu: disable hwmon power1_cap* for gfx 11.0.3 on vf mode (stable-fixes).
- drm/amd/display: Add NULL check for stream before dereference in 'dm_vupdate_high_irq' (bsc#1243112).
- drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs (git-fixes).
- drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() (git-fixes).
- drm/amd/display: Add primary plane to commits for correct VRR handling (stable-fixes).
- drm/amd/display: Adjust DCE 8-10 clock, do not overclock by 15% (git-fixes).
- drm/amd/display: Allow DCN301 to clear update flags (git-fixes).
- drm/amd/display: Allow RX6xxx & RX7700 to invoke amdgpu_irq_get/put (git-fixes).
- drm/amd/display: Avoid a NULL pointer dereference (stable-fixes).
- drm/amd/display: Avoid configuring PSR granularity if PSR-SU not supported (stable-fixes).
- drm/amd/display: Avoid trying AUX transactions on disconnected ports (stable-fixes).
- drm/amd/display: Clear the CUR_ENABLE register on DCN314 w/out DPP PG (stable-fixes).
- drm/amd/display: Default IPS to RCG_IN_ACTIVE_IPS2_IN_OFF (git-fixes).
- drm/amd/display: Disable CRTC degamma LUT for DCN401 (stable-fixes).
- drm/amd/display: Disable DPCD Probe Quirk (bsc#1248121).
- drm/amd/display: Disable dsc_power_gate for dcn314 by default (stable-fixes).
- drm/amd/display: Disable scaling on DCE6 for now (git-fixes).
- drm/amd/display: Do not check for NULL divisor in fixpt code (git-fixes).
- drm/amd/display: Do not overclock DCE 6 by 15% (git-fixes).
- drm/amd/display: Do not overwrite dce60_clk_mgr (git-fixes).
- drm/amd/display: Do not print errors for nonexistent connectors (git-fixes).
- drm/amd/display: Do not warn when missing DCE encoder caps (stable-fixes).
- drm/amd/display: Enable Dynamic DTBCLK Switch (bsc#1243112).
- drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs (stable-fixes).
- drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs (stable-fixes).
- drm/amd/display: Fix 'failed to blank crtc!' (stable-fixes).
- drm/amd/display: Fix DP audio DTO1 clock source on DCE 6 (stable-fixes).
- drm/amd/display: Fix Xorg desktop unresponsive on Replay panel (stable-fixes).
- drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 (git-fixes).
- drm/amd/display: Fix mismatch type comparison (stable-fixes).
- drm/amd/display: Fix vupdate_offload_work doc (bsc#1243112).
- drm/amd/display: Free memory allocation (stable-fixes).
- drm/amd/display: Init DCN35 clocks from pre-os HW values (git-fixes).
- drm/amd/display: Initialize mode_select to 0 (stable-fixes).
- drm/amd/display: Only finalize atomic_obj if it was initialized (stable-fixes).
- drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 (git-fixes).
- drm/amd/display: Properly disable scaling on DCE6 (git-fixes).
- drm/amd/display: Remove redundant semicolons (git-fixes).
- drm/amd/display: Separate set_gsl from set_gsl_source_select (stable-fixes).
- drm/amd/display: Update DMCUB loading sequence for DCN3.5 (stable-fixes).
- drm/amd/display: add workaround flag to link to force FFE preset (stable-fixes).
- drm/amd/display: fix a Null pointer dereference vulnerability (stable-fixes).
- drm/amd/display: fix dmub access race condition (bsc#1243112).
- drm/amd/display: fix initial backlight brightness calculation (git-fixes).
- drm/amd/display: limit clear_update_flags to dcn32 and above (stable-fixes).
- drm/amd/display: more liberal vmin/vmax update for freesync (bsc#1243112).
- drm/amd/display: remove output_tf_change flag (git-fixes).
- drm/amd/display: use udelay rather than fsleep (git-fixes).
- drm/amd/include : MES v11 and v12 API header update (stable-fixes).
- drm/amd/include : Update MES v12 API for fence update (stable-fixes).
- drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value (git-fixes).
- drm/amd/pm: Adjust si_upload_smc_data register programming (v3) (git-fixes).
- drm/amd/pm: Disable MCLK switching with non-DC at 120 Hz+ (v2) (git-fixes).
- drm/amd/pm: Disable SCLK switching on Oland with high pixel clocks (v3) (git-fixes).
- drm/amd/pm: Disable ULV even if unsupported (v3) (git-fixes).
- drm/amd/pm: Fix si_upload_smc_data (v3) (git-fixes).
- drm/amd/pm: Treat zero vblank time as too short in si_dpm (v3) (git-fixes).
- drm/amd/pm: fix null pointer access (stable-fixes).
- drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual (stable-fixes).
- drm/amd: Avoid evicting resources at S5 (bsc#1243112).
- drm/amd: Check whether secure display TA loaded successfully (bsc#1243112).
- drm/amd: Fix hybrid sleep (bsc#1243112).
- drm/amd: Only restore cached manual clock settings in restore if OD enabled (bsc#1243112).
- drm/amd: Restore cached manual clock settings during resume (bsc#1243112).
- drm/amd: Restore cached power limit during resume (stable-fixes).
- drm/amdgpu/discovery: fix fw based ip discovery (git-fixes).
- drm/amdgpu/discovery: optionally use fw based ip discovery (stable-fixes).
- drm/amdgpu/gfx10: fix KGQ reset sequence (git-fixes).
- drm/amdgpu/gfx10: fix kiq locking in KCQ reset (git-fixes).
- drm/amdgpu/gfx9.4.3: fix kiq locking in KCQ reset (git-fixes).
- drm/amdgpu/gfx9: fix kiq locking in KCQ reset (git-fixes).
- drm/amdgpu/mes11: implement detect and reset callback (bsc#1243112).
- drm/amdgpu/mes12: implement detect and reset callback (bsc#1243112).
- drm/amdgpu/mes: add front end for detect and reset hung queue (bsc#1243112).
- drm/amdgpu/mes: add missing locking in helper functions (stable-fixes).
- drm/amdgpu/mes: enable compute pipes across all MEC (git-fixes).
- drm/amdgpu/mes: optimize compute loop handling (stable-fixes).
- drm/amdgpu/swm14: Update power limit logic (stable-fixes).
- drm/amdgpu/vcn4: Fix IB parsing with multiple engine info packages (stable-fixes).
- drm/amdgpu/vcn: Allow limiting ctx to instance 0 for AV1 at any time (stable-fixes).
- drm/amdgpu/vcn: fix ref counting for ring based profile handling (git-fixes).
- drm/amdgpu/vpe: cancel delayed work in hw_fini (bsc#1243112).
- drm/amdgpu: Add additional DCE6 SCL registers (git-fixes).
- drm/amdgpu: Avoid extra evict-restore process (stable-fixes).
- drm/amdgpu: Avoid rma causes GPU duplicate reset (bsc#1243112).
- drm/amdgpu: Enable MES lr_compute_wa by default (stable-fixes).
- drm/amdgpu: Fix allocating extra dwords for rings (v2) (git-fixes).
- drm/amdgpu: Fix for GPU reset being blocked by KIQ I/O (bsc#1243112).
- drm/amdgpu: Increase reset counter only on success (stable-fixes).
- drm/amdgpu: Initialize data to NULL in imu_v12_0_program_rlc_ram() (git-fixes).
- drm/amdgpu: Power up UVD 3 for FW validation (v2) (git-fixes).
- drm/amdgpu: Remove nbiov7.9 replay count reporting (git-fixes).
- drm/amdgpu: Report individual reset error (bsc#1243112).
- drm/amdgpu: Reset the clear flag in buddy during resume (git-fixes).
- drm/amdgpu: Update external revid for GC v9.5.0 (stable-fixes).
- drm/amdgpu: VCN v5_0_1 to prevent FW checking RB during DPG pause (stable-fixes).
- drm/amdgpu: add kicker fws loading for gfx11/smu13/psp13 (stable-fixes).
- drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities (stable-fixes).
- drm/amdgpu: do not resume device in thaw for normal hibernation (bsc#1243112).
- drm/amdgpu: drop hw access in non-DC audio fini (stable-fixes).
- drm/amdgpu: fix a memory leak in fence cleanup when unloading (git-fixes).
- drm/amdgpu: fix incorrect vm flags to map bo (git-fixes).
- drm/amdgpu: fix link error for !PM_SLEEP (bsc#1243112).
- drm/amdgpu: fix task hang from failed job submission during process kill (git-fixes).
- drm/amdgpu: fix vram reservation issue (git-fixes).
- drm/amdgpu: remove the redeclaration of variable i (git-fixes).
- drm/amdgpu: update mmhub 3.0.1 client id mappings (stable-fixes).
- drm/amdgpu: update mmhub 4.1.0 client id mappings (stable-fixes).
- drm/amdkfd: Destroy KFD debugfs after destroy KFD wq (stable-fixes).
- drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl() (git-fixes).
- drm/amdkfd: Fix mmap write lock not release (bsc#1243112).
- drm/ast: Use msleep instead of mdelay for edid read (git-fixes).
- drm/bridge: fix OF node leak (git-fixes).
- drm/bridge: it6505: select REGMAP_I2C (git-fixes).
- drm/bridge: ti-sn65dsi86: Remove extra semicolon in ti_sn_bridge_probe() (git-fixes).
- drm/bridge: ti-sn65dsi86: fix REFCLK setting (git-fixes).
- drm/cirrus-qemu: Fix pitch programming (git-fixes).
- drm/connector: hdmi: Evaluate limited range after computing format (git-fixes).
- drm/dp: Add an EDID quirk for the DPCD register access probe (bsc#1248121).
- drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS (stable-fixes).
- drm/dp: Change AUX DPCD probe address from LANE0_1_STATUS to TRAINING_PATTERN_SET (bsc#1248121).
- drm/edid: Add support for quirks visible to DRM core and drivers (bsc#1248121).
- drm/edid: Define the quirks in an enum list (bsc#1248121).
- drm/format-helper: Add conversion from XRGB8888 to BGR888 (stable-fixes).
- drm/gem: Internally test import_attach for imported objects (git-fixes).
- drm/gem: Test for imported GEM buffers with helper (stable-fixes).
- drm/gma500: Fix null dereference in hdmi teardown (git-fixes).
- drm/hisilicon/hibmc: fix the hibmc loaded failed bug (git-fixes).
- drm/hisilicon/hibmc: fix the i2c device resource leak when vdac init failed (git-fixes).
- drm/hisilicon/hibmc: refactored struct hibmc_drm_private (stable-fixes).
- drm/i915/backlight: Return immediately when scale() finds invalid parameters (stable-fixes).
- drm/i915/ddi: change intel_ddi_init_{dp, hdmi}_connector() return type (stable-fixes).
- drm/i915/ddi: gracefully handle errors from intel_ddi_init_hdmi_connector() (stable-fixes).
- drm/i915/ddi: only call shutdown hooks for valid encoders (stable-fixes).
- drm/i915/display: Fix dma_fence_wait_timeout() return value handling (git-fixes).
- drm/i915/display: add intel_encoder_is_hdmi() (stable-fixes).
- drm/i915/dp: Fix 2.7 Gbps DP_LINK_BW value on g4x (git-fixes).
- drm/i915/dp_mst: Work around Thunderbolt sink disconnect after SINK_COUNT_ESI read (stable-fixes).
- drm/i915/hdmi: add error handling in g4x_hdmi_init() (stable-fixes).
- drm/i915/hdmi: propagate errors from intel_hdmi_init_connector() (stable-fixes).
- drm/i915/icl+/tc: Cache the max lane count value (stable-fixes).
- drm/i915/icl+/tc: Convert AUX powered WARN to a debug message (stable-fixes).
- drm/i915/power: fix size for for_each_set_bit() in abox iteration (git-fixes).
- drm/imagination: Clear runtime PM errors while resetting the GPU (stable-fixes).
- drm/mediatek: Add error handling for old state CRTC in atomic_disable (git-fixes).
- drm/mediatek: Fix device/node reference count leaks in mtk_drm_get_all_drm_priv (git-fixes).
- drm/mediatek: fix potential OF node use-after-free (git-fixes).
- drm/msm/dp: account for widebus and yuv420 during mode validation (git-fixes).
- drm/msm/dpu: Fill in min_prefill_lines for SC8180X (git-fixes).
- drm/msm/dpu: fix incorrect type for ret (git-fixes).
- drm/msm/kms: move snapshot init earlier in KMS init (git-fixes).
- drm/msm: Add error handling for krealloc in metadata setup (stable-fixes).
- drm/msm: Defer fd_install in SUBMIT ioctl (git-fixes).
- drm/msm: update the high bitfield of certain DSI registers (git-fixes).
- drm/msm: use trylock for debugfs (stable-fixes).
- drm/nouveau/disp: Always accept linear modifier (git-fixes).
- drm/nouveau/gsp: fix potential leak of memory used during acpi init (git-fixes).
- drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor() (git-fixes).
- drm/nouveau: fix bad ret code in nouveau_bo_move_prep (git-fixes).
- drm/nouveau: fix error path in nvkm_gsp_fwsec_v2 (git-fixes).
- drm/nouveau: fix typos in comments (git-fixes).
- drm/nouveau: remove unused increment in gm200_flcn_pio_imem_wr (git-fixes).
- drm/nouveau: remove unused memory target test (git-fixes).
- drm/panel: novatek-nt35560: Fix invalid return value (git-fixes).
- drm/panfrost: Fix panfrost device variable name in devfreq (git-fixes).
- drm/panthor: Add missing explicit padding in drm_panthor_gpu_info (git-fixes).
- drm/panthor: Defer scheduler entitiy destruction to queue release (git-fixes).
- drm/panthor: Fix memory leak in panthor_ioctl_group_create() (git-fixes).
- drm/panthor: validate group queue count (git-fixes).
- drm/radeon/r600_cs: clean up of dead code in r600_cs (git-fixes).
- drm/rcar-du: dsi: Fix 1/2/3 lane support (git-fixes).
- drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed (git-fixes).
- drm/sched: Remove optimization that causes hang when killing dependent jobs (git-fixes).
- drm/simpledrm: Do not upcast in release helpers (git-fixes).
- drm/tests: Fix endian warning (git-fixes).
- drm/ttm: Respect the shrinker core free target (stable-fixes).
- drm/ttm: Should to return the evict error (stable-fixes).
- drm/vmwgfx: Fix Host-Backed userspace on Guest-Backed kernel (git-fixes).
- drm/vmwgfx: Fix Use-after-free in validation (git-fixes).
- drm/vmwgfx: Fix a null-ptr access in the cursor snooper (git-fixes).
- drm/vmwgfx: Fix copy-paste typo in validation (git-fixes).
- drm/xe/bmg: Add new PCI IDs (stable-fixes).
- drm/xe/bmg: Add one additional PCI ID (stable-fixes).
- drm/xe/bmg: Update Wa_22019338487 (git-fixes).
- drm/xe/gsc: do not flush the GSC worker from the reset path (git-fixes).
- drm/xe/hw_engine_group: Fix double write lock release in error path (git-fixes).
- drm/xe/mocs: Initialize MOCS index early (stable-fixes).
- drm/xe/pf: Move VFs reprovisioning to worker (stable-fixes).
- drm/xe/pf: Prepare to stop SR-IOV support prior GT reset (git-fixes).
- drm/xe/pf: Sanitize VF scratch registers on FLR (stable-fixes).
- drm/xe/tile: Release kobject for the failure path (git-fixes).
- drm/xe/uapi: Correct sync type definition in comments (git-fixes).
- drm/xe/uapi: loosen used tracking restriction (git-fixes).
- drm/xe/vf: Disable CSC support on VF (git-fixes).
- drm/xe/vm: Clear the scratch_pt pointer on error (git-fixes).
- drm/xe/xe_query: Use separate iterator while filling GT list (stable-fixes).
- drm/xe/xe_sync: avoid race during ufence signaling (git-fixes).
- drm/xe: Allow dropping kunit dependency as built-in (git-fixes).
- drm/xe: Attempt to bring bos back to VRAM after eviction (git-fixes).
- drm/xe: Carve out wopcm portion from the stolen memory (git-fixes).
- drm/xe: Do not trigger rebind on initial dma-buf validation (git-fixes).
- drm/xe: Ensure fixed_slice_mode gets set after ccs_mode change (git-fixes).
- drm/xe: Fix a NULL vs IS_ERR() in xe_vm_add_compute_exec_queue() (git-fixes).
- drm/xe: Fix build without debugfs (git-fixes).
- drm/xe: Make dma-fences compliant with the safe access rules (stable-fixes).
- drm/xe: Move page fault init after topology init (git-fixes).
- drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ (git-fixes).
- drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path (git-fixes).
- drm: renesas: rz-du: mipi_dsi: Add min check for VCLK range (stable-fixes).
- dt-bindings: dpll: Add DPLL device and pin (jsc#PED-13331).
- dt-bindings: dpll: Add support for Microchip Azurite chip family (jsc#PED-13331).
- e1000e: disregard NVM checksum on tgp when valid checksum bit is not set (git-fixes).
- e1000e: ignore uninitialized checksum word on tgp (git-fixes).
- efi: stmm: Fix incorrect buffer allocation method (git-fixes).
- erofs: avoid reading more for fragment maps (git-fixes).
- erofs: fix atomic context detection when !CONFIG_DEBUG_LOCK_ALLOC (git-fixes).
- execmem: enforce allocation size aligment to PAGE_SIZE (git-fixes).
- exfat: add cluster chain loop check for dir (git-fixes).
- exfat: fdatasync flag should be same like generic_write_sync() (git-fixes).
- ext4: fix checks for orphan inodes (bsc#1250119).
- ext4: remove writable userspace mappings before truncating page cache (bsc#1247223).
- fbcon: Fix OOB access in font allocation (git-fixes).
- fbcon: Fix outdated registered_fb reference in comment (git-fixes).
- fbcon: fix integer overflow in fbcon_do_set_font (git-fixes).
- fbdev: Fix logic error in "offb" name match (git-fixes).
- fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (stable-fixes).
- fbdev: fix potential buffer overflow in do_register_framebuffer() (stable-fixes).
- fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref (git-fixes).
- fbdev: simplefb: Fix use after free in simplefb_detach_genpds() (git-fixes).
- fgraph: Fix set_graph_notrace with setting TRACE_GRAPH_NOTRACE_BIT (git-fixes).
- firewire: core: fix overlooked update of subsystem ABI version (git-fixes).
- firewire: ohci: correct code comments about bus_reset tasklet (git-fixes).
- firmware: arm_ffa: Change initcall level of ffa_init() to rootfs_initcall (stable-fixes).
- firmware: arm_scmi: Convert to SYSTEM_SLEEP_PM_OPS (git-fixes).
- firmware: arm_scmi: Fix up turbo frequencies selection (git-fixes).
- firmware: arm_scmi: Mark VirtIO ready before registering scmi_virtio_driver (git-fixes).
- firmware: arm_scmi: power_control: Ensure SCMI_SYSPOWER_IDLE is set early during resume (stable-fixes).
- firmware: firmware: meson-sm: fix compile-test default (git-fixes).
- firmware: meson_sm: fix device leak at probe (git-fixes).
- firmware: tegra: Fix IVC dependency problems (stable-fixes).
- flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read (git-fixes).
- fs/nfs/io: make nfs_start_io_*() killable (git-fixes).
- fs/proc/task_mmu: check p->vec_buf for NULL (git-fixes).
- fs/proc: Use inode_get_dev() for device numbers in procmap_query References: bsc#1246450
- ftrace: Fix function profiler's filtering functionality (git-fixes).
- ftrace: fix incorrect hash size in register_ftrace_direct() (git-fixes).
- gfs2: Call gfs2_queue_verify_delete from gfs2_evict_inode (bsc#1247220).
- gfs2: Clean up delete work processing (bsc#1247220).
- gfs2: Faster gfs2_upgrade_iopen_glock wakeups (bsc#1247220).
- gfs2: Initialize gl_no_formal_ino earlier (bsc#1247220).
- gfs2: Minor delete_work_func cleanup (bsc#1247220).
- gfs2: Only defer deletes when we have an iopen glock (bsc#1247220).
- gfs2: Prevent inode creation race (2) (bsc#1247220).
- gfs2: Prevent inode creation race (bsc#1247220).
- gfs2: Randomize GLF_VERIFY_DELETE work delay (bsc#1247220).
- gfs2: Rename GIF_{DEFERRED -> DEFER}_DELETE (bsc#1247220).
- gfs2: Rename dinode_demise to evict_behavior (bsc#1247220).
- gfs2: Replace GIF_DEFER_DELETE with GLF_DEFER_DELETE (bsc#1247220).
- gfs2: Return enum evict_behavior from gfs2_upgrade_iopen_glock (bsc#1247220).
- gfs2: Simplify DLM_LKF_QUECVT use (bsc#1247220).
- gfs2: Update to the evict / remote delete documentation (bsc#1247220).
- gfs2: Use mod_delayed_work in gfs2_queue_try_to_evict (bsc#1247220).
- gfs2: gfs2_evict_inode clarification (bsc#1247220).
- gfs2: minor evict fix (bsc#1247220).
- gfs2: skip if we cannot defer delete (bsc#1247220).
- gpio: mlxbf2: use platform_get_irq_optional() (git-fixes).
- gpio: mlxbf3: use platform_get_irq_optional() (git-fixes).
- gpio: tps65912: check the return value of regmap_update_bits() (stable-fixes).
- gpio: virtio: Fix config space reading (git-fixes).
- gpio: wcd934x: check the return value of regmap_update_bits() (stable-fixes).
- gpio: wcd934x: mark the GPIO controller as sleeping (git-fixes).
- gpiolib: Extend software-node support to support secondary software-nodes (git-fixes).
- gve: Fix stuck TX queue for DQ queue format (git-fixes).
- gve: prevent ethtool ops after shutdown (git-fixes).
- habanalabs: fix UAF in export_dmabuf() (git-fixes).
- hid: fix I2C read buffer overflow in raw_event() for mcp2221 (stable-fixes).
- hv_netvsc: Fix panic during namespace deletion with VF (bsc#1248111).
- hv_netvsc: Link queues to NAPIs (git-fixes).
- hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state (stable-fixes).
- hwmon: (gsc-hwmon) fix fan pwm setpoint show functions (git-fixes).
- hwmon: (mlxreg-fan) Separate methods of fan setting coming from different subsystems (git-fixes).
- hwmon: mlxreg-fan: Prevent fans from getting stuck at 0 RPM (git-fixes).
- hwrng: ks-sa - fix division by zero in ks_sa_rng_init (git-fixes).
- hwrng: mtk - handle devm_pm_runtime_enable errors (git-fixes).
- hwrng: nomadik - add ARM_AMBA dependency (git-fixes).
- i2c: Force DLL0945 touchpad i2c freq to 100khz (stable-fixes).
- i2c: designware: Add disabling clocks when probe fails (git-fixes).
- i2c: designware: Add quirk for Intel Xe (stable-fixes).
- i2c: designware: Fix clock issue when PM is disabled (git-fixes).
- i2c: designware: Use temporary variable for struct device (stable-fixes).
- i2c: i801: Hide Intel Birch Stream SoC TCO WDT (git-fixes).
- i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD (git-fixes).
- i2c: muxes: mule: Fix an error handling path in mule_i2c_mux_probe() (git-fixes).
- i2c: omap: Add support for setting mux (stable-fixes).
- i2c: omap: Fix an error handling path in omap_i2c_probe() (git-fixes).
- i2c: omap: Handle omap_i2c_init() errors in omap_i2c_probe() (git-fixes).
- i2c: omap: fix deprecated of_property_read_bool() use (git-fixes).
- i2c: qup: jump out of the loop in case of timeout (git-fixes).
- i2c: riic: Allow setting frequencies lower than 50KHz (git-fixes).
- i2c: tegra: Fix reset error handling with ACPI (git-fixes).
- i2c: tegra: Use internal reset when reset property is not available (bsc#1249143)
- i2c: virtio: Avoid hang by using interruptible completion wait (git-fixes).
- i3c: Fix default I2C adapter timeout value (git-fixes).
- i3c: add missing include to internal header (stable-fixes).
- i3c: do not fail if GETHDRCAP is unsupported (stable-fixes).
- i3c: fix module_i3c_i2c_driver() with I3C=n (git-fixes).
- i3c: master: Initialize ret in i3c_i2c_notifier_call() (stable-fixes).
- i3c: master: svc: Recycle unused IBI slot (git-fixes).
- i3c: master: svc: Use manual response for IBI events (git-fixes).
- i40e: When removing VF MAC filters, only check PF-set MAC (git-fixes).
- i40e: report VF tx_dropped with tx_errors instead of tx_discards (git-fixes).
- ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof (git-fixes).
- ice, irdma: fix an off by one in error handling code (bsc#1247712).
- ice, irdma: move interrupts code to irdma (bsc#1247712).
- ice/ptp: fix crosstimestamp reporting (git-fixes).
- ice: Fix signedness bug in ice_init_interrupt_scheme() (bsc#1247712).
- ice: Replace ice specific DSCP mapping num with a kernel define (jsc#PED-13728 jsc#PED-13762).
- ice: check correct pointer in fwlog debugfs (git-fixes).
- ice: count combined queues using Rx/Tx count (bsc#1247712).
- ice: devlink PF MSI-X max and min parameter (bsc#1247712).
- ice: do not leave device non-functional if Tx scheduler config fails (git-fixes).
- ice: enable_rdma devlink param (bsc#1247712).
- ice: fix NULL pointer dereference in ice_unplug_aux_dev() on reset (jsc#PED-13728).
- ice: fix incorrect counter for buffer allocation failures (git-fixes).
- ice: get rid of num_lan_msix field (bsc#1247712).
- ice: init flow director before RDMA (bsc#1247712).
- ice: remove splitting MSI-X between features (bsc#1247712).
- ice: simplify VF MSI-X managing (bsc#1247712).
- ice: treat dyn_allowed only as suggestion (bsc#1247712).
- ice: use fixed adapter index for E825C embedded devices (git-fixes).
- idpf: add PTP clock configuration (jsc#PED-13728 jsc#PED-13762).
- idpf: add Tx timestamp capabilities negotiation (jsc#PED-13728 jsc#PED-13762).
- idpf: add Tx timestamp flows (jsc#PED-13728 jsc#PED-13762).
- idpf: add cross timestamping (jsc#PED-13728).
- idpf: add flow steering support (jsc#PED-13728).
- idpf: add initial PTP support (jsc#PED-13728 jsc#PED-13762).
- idpf: add mailbox access to read PTP clock time (jsc#PED-13728 jsc#PED-13762).
- idpf: add support for Rx timestamping (jsc#PED-13728 jsc#PED-13762).
- idpf: add support for Tx refillqs in flow scheduling mode (jsc#PED-13728).
- idpf: assign extracted ptype to struct libeth_rqe_info field (jsc#PED-13728 jsc#PED-13762).
- idpf: change the method for mailbox workqueue allocation (jsc#PED-13728 jsc#PED-13762).
- idpf: fix UAF in RDMA core aux dev deinitialization (jsc#PED-13728).
- idpf: implement IDC vport aux driver MTU change handler (jsc#PED-13728 jsc#PED-13762).
- idpf: implement RDMA vport auxiliary dev create, init, and destroy (jsc#PED-13728 jsc#PED-13762).
- idpf: implement core RDMA auxiliary dev create, init, and destroy (jsc#PED-13728 jsc#PED-13762).
- idpf: implement get LAN MMIO memory regions (jsc#PED-13728 jsc#PED-13762).
- idpf: implement remaining IDC RDMA core callbacks and handlers (jsc#PED-13728 jsc#PED-13762).
- idpf: improve when to set RE bit logic (jsc#PED-13728).
- idpf: move virtchnl structures to the header file (jsc#PED-13728 jsc#PED-13762).
- idpf: negotiate PTP capabilities and get PTP clock (jsc#PED-13728 jsc#PED-13762).
- idpf: preserve coalescing settings across resets (jsc#PED-13728).
- idpf: remove obsolete stashing code (jsc#PED-13728).
- idpf: remove unreachable code from setting mailbox (jsc#PED-13728 jsc#PED-13762).
- idpf: replace flow scheduling buffer ring with buffer pool (jsc#PED-13728).
- idpf: set mac type when adding and removing MAC filters (jsc#PED-13728).
- idpf: simplify and fix splitq Tx packet rollback error path (jsc#PED-13728).
- idpf: stop Tx if there are insufficient buffer resources (jsc#PED-13728).
- idpf: use reserved RDMA vectors from control plane (jsc#PED-13728 jsc#PED-13762).
- igb: xsk: solve negative overflow of nb_pkts in zerocopy mode (git-fixes).
- igc: disable L1.2 PCI-E link substate to avoid performance issue (git-fixes).
- igc: fix disabling L1.2 PCI-E link substate on I226 on init (git-fixes).
- iidc/ice/irdma: Break iidc.h into two headers (jsc#PED-13728 jsc#PED-13762).
- iidc/ice/irdma: Rename IDC header file (jsc#PED-13728 jsc#PED-13762).
- iidc/ice/irdma: Rename to iidc_* convention (jsc#PED-13728 jsc#PED-13762).
- iidc/ice/irdma: Update IDC to support multiple consumers (jsc#PED-13728 jsc#PED-13762).
- iio/adc/pac1934: fix channel disable configuration (git-fixes).
- iio: accel: adxl355: Make timestamp 64-bit aligned using aligned_s64 (git-fixes).
- iio: accel: fxls8962af: Fix temperature calculation (git-fixes).
- iio: adc: ad7173: fix setting ODR in probe (git-fixes).
- iio: adc: ad7266: Fix potential timestamp alignment issue (git-fixes).
- iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement (stable-fixes).
- iio: adc: ad7768-1: Fix insufficient alignment of timestamp (git-fixes).
- iio: adc: ad_sigma_delta: change to buffer predisable (git-fixes).
- iio: adc: ad_sigma_delta: do not overallocate scan buffer (stable-fixes).
- iio: adc: dln2: Use aligned_s64 for timestamp (git-fixes).
- iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] (stable-fixes).
- iio: adc: max1363: Reorder mode_list[] entries (stable-fixes).
- iio: chemical: pms7003: use aligned_s64 for timestamp (git-fixes).
- iio: chemical: sps30: use aligned_s64 for timestamp (git-fixes).
- iio: common: st_sensors: Fix use of uninitialize device structs (stable-fixes).
- iio: consumers: Fix handling of negative channel scale in iio_convert_raw_to_processed() (git-fixes).
- iio: consumers: Fix offset handling in iio_convert_raw_to_processed() (git-fixes).
- iio: dac: ad5360: use int type to store negative error codes (git-fixes).
- iio: dac: ad5421: use int type to store negative error codes (git-fixes).
- iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE (git-fixes).
- iio: frequency: adf4350: Fix prescaler usage (git-fixes).
- iio: hid-sensor-prox: Fix incorrect OFFSET calculation (git-fixes).
- iio: hid-sensor-prox: Restore lost scale assignments (git-fixes).
- iio: imu: bno055: fix OOB access of hw_xlate array (git-fixes).
- iio: imu: inv_icm42600: Convert to uXX and sXX integer types (stable-fixes).
- iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume (git-fixes).
- iio: imu: inv_icm42600: change invalid data error to -EBUSY (git-fixes).
- iio: imu: inv_icm42600: fix spi burst write not supported (git-fixes).
- iio: imu: inv_icm42600: switch timestamp type from int64_t __aligned(8) to aligned_s64 (stable-fixes).
- iio: imu: inv_icm42600: use = { } instead of memset() (stable-fixes).
- iio: light: Use aligned_s64 instead of open coding alignment (stable-fixes).
- iio: light: as73211: Ensure buffer holes are zeroed (git-fixes).
- iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe() (git-fixes).
- iio: pressure: mprls0025pa: use aligned_s64 for timestamp (git-fixes).
- iio: proximity: isl29501: fix buffered read on big-endian systems (git-fixes).
- iio: temperature: maxim_thermocouple: use DMA-safe buffer for spi_read() (git-fixes).
- iio: xilinx-ams: Fix AMS_ALARM_THR_DIRECT_MASK (git-fixes).
- iio: xilinx-ams: Unmask interrupts after updating alarms (git-fixes).
- integrity/platform_certs: Allow loading of keys in the static key management mode (jsc#PED-13345 jsc#PED-13343).
- intel_idle: Provide the default enter_dead() handler (jsc#PED-13815).
- intel_idle: Rescan "dead" SMT siblings during initialization (jsc#PED-13815).
- intel_idle: Use subsys_initcall_sync() for initialization (jsc#PED-13815).
- interconnect: qcom: sc8180x: specify num_nodes (git-fixes).
- interconnect: qcom: sc8280xp: specify num_links for qnm_a1noc_cfg (git-fixes).
- io_uring/rw: do not mask in f_iocb_flags (jsc#PED-12882 bsc#1237542). Drop blacklisting.
- io_uring: expose read/write attribute capability (jsc#PED-12882 bsc#1237542).
- io_uring: fix potential page leak in io_sqe_buffer_register() (git-fixes).
- iommu/amd: Enable PASID and ATS capabilities in the correct order (git-fixes).
- iommu/amd: Fix alias device DTE setting (git-fixes).
- iommu/amd: Fix geometry.aperture_end for V2 tables (git-fixes).
- iommu/arm-smmu-qcom: Add SM6115 MDSS compatible (git-fixes).
- iommu/arm-smmu-v3: Fix smmu_domain->nr_ats_masters decrement (git-fixes).
- iommu/tegra241-cmdqv: Read SMMU IDR1.CMDQS instead of hardcoding (git-fixes).
- iommu/vt-d: Disallow dirty tracking if incoherent page walk (git-fixes).
- iommu/vt-d: Fix __domain_mapping()'s usage of switch_to_super_page() (git-fixes).
- iommu/vt-d: Fix missing PASID in dev TLB flush with cache_tag_flush_all (git-fixes).
- iommu/vt-d: Fix possible circular locking dependency (git-fixes).
- iommu/vt-d: Fix system hang on reboot -f (git-fixes).
- iommu/vt-d: PRS isn't usable if PDS isn't supported (git-fixes).
- iommu: Handle race with default domain setup (git-fixes).
- iosys-map: Fix undefined behavior in iosys_map_clear() (git-fixes).
- ipmi: Fix strcpy source and destination the same (stable-fixes).
- ipmi: Use dev_warn_ratelimited() for incorrect message warnings (stable-fixes).
- ipv6: annotate data-races around rt->fib6_nsiblings (git-fixes).
- ipv6: fix possible infinite loop in fib6_info_uses_dev() (git-fixes).
- ipv6: prevent infinite loop in rt6_nlmsg_size() (git-fixes).
- ipv6: reject malicious packets in ipv6_gso_segment() (git-fixes).
- ipvs: Fix clamp() of ip_vs_conn_tab on small memory systems (git-fixes).
- irdma: free iwdev->rf after removing MSI-X (bsc#1247712).
- isolcpus: add missing hunk back (bsc#1236897 bsc#1249206).
- iwlwifi: Add missing check for alloc_ordered_workqueue (git-fixes).
- ixgbe: fix ixgbe_orom_civd_info struct layout (bsc#1245410).
- ixgbe: prevent from unwanted interface name changes (git-fixes).
- ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc (git-fixes).
- kABI fix after Add TDX support for vSphere (jsc#PED-13302).
- kABI fix after KVM: SVM: Fix SNP AP destroy race with VMRUN (git-fixes).
- kABI fix after KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest (git-fixes).
- kABI fix after KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap (git-fixes).
- kABI fix after vhost: Reintroduce kthread API and add mode selection (git-fixes).
- kABI workaround for "drm/dp: Add an EDID quirk for the DPCD register access probe" (bsc#1248121).
- kABI workaround for amd_sfh (git-fixes).
- kABI workaround for drm_gem.h (git-fixes).
- kABI workaround for struct mtk_base_afe changes (git-fixes).
- kABI: Fix the module::name type in audit_context (git-fixes).
- kABI: PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (git-fixes).
- kABI: arm64: ftrace: Restore struct mod_arch_specific layout (git-fixes).
- kABI: fix for struct devlink_port_attrs: move new member to the end (git-fixes).
- kABI: netfilter: supress warnings for nft_set_ops (git-fixes).
- kABI: x86/sev: Use TSC_FACTOR for Secure TSC frequency calculation (git-fixes).
- kabi/severities: ignore kABI compatibility in iio inv_icm42600 drivers They are used only locally
- kabi/severities: ignore two unused/dropped symbols from MEI
- kabi: Hide adding of u64 to devlink_param_type (jsc#PED-12745).
- kabi: Restore layout of parallel_data (bsc1248343).
- kabi: restore layout of struct cgroup_rstat_cpu (bsc#1247963).
- kasan: use vmalloc_dump_obj() for vmalloc error reports (git-fixes).
- kbuild/modpost: Continue processing all unresolved symbols when KLP_SYM_RELA is found (bsc#1218644, bsc#1250655).
- kbuild: rust: add rustc-min-version support function (git-fixes)
- kernel-binary: Another installation ordering fix (bsc#1241353).
- kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346)
- kernel: globalize lookup_or_create_module_kobject() (stable-fixes).
- kernel: param: rename locate_module_kobject (stable-fixes).
- leds: flash: leds-qcom-flash: Fix registry access after re-bind (git-fixes).
- leds: flash: leds-qcom-flash: Update torch current clamp setting (git-fixes).
- leds: leds-lp50xx: Handle reg to get correct multi_index (stable-fixes).
- leds: leds-lp55xx: Use correct address for memory programming (git-fixes).
- lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() (bsc#1236897).
- libbpf: Add identical pointer detection to btf_dedup_is_equiv() (git-fixes).
- libeth: move idpf_rx_csum_decoded and idpf_rx_extracted (jsc#PED-13728 jsc#PED-13762).
- livepatch: Add stack_order sysfs attribute (poo#187320).
- loop: use kiocb helpers to fix lockdep warning (git-fixes).
- lpfc: do not use file->f_path.dentry for comparisons (bsc#1250519).
- mISDN: Fix memory leak in dsp_hwec_enable() (git-fixes).
- mISDN: hfcpci: Fix warning when deleting uninitialized timer (git-fixes).
- mailbox: Not protect module_put with spin_lock_irqsave (stable-fixes).
- mailbox: mtk-cmdq: Remove pm_runtime APIs from cmdq_mbox_send_data() (git-fixes).
- mailbox: pcc: Always clear the platform ack interrupt first (stable-fixes).
- mailbox: pcc: Fix the possible race in updation of chan_in_use flag (stable-fixes).
- mailbox: pcc: Use acpi_os_ioremap() instead of ioremap() (stable-fixes).
- mailbox: zynqmp-ipi: Fix SGI cleanup on unbind (git-fixes).
- mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop (git-fixes).
- mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes (git-fixes).
- mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call (git-fixes).
- maple_tree: fix MAPLE_PARENT_RANGE32 and parent pointer docs (git-fixes).
- maple_tree: fix status setup on restore to active (git-fixes).
- maple_tree: fix testing for 32 bit builds (git-fixes).
- mctp: no longer rely on net->dev_index_head (git-fixes).
- md/raid1,raid10: strip REQ_NOWAIT from member bios (git-fixes).
- md: allow removing faulty rdev during resync (git-fixes).
- md: dm-zoned-target: Initialize return variable r to avoid uninitialized use (git-fixes).
- md: make rdev_addable usable for rcu mode (git-fixes).
- media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove (git-fixes).
- media: cec: extron-da-hd-4k-plus: drop external-module make commands (git-fixes).
- media: cx18: Add missing check after DMA map (git-fixes).
- media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() (stable-fixes).
- media: dvb-frontends: w7090p: fix null-ptr-deref in
w7090p_tuner_write_serpar and w7090p_tuner_read_serpar (stable-fixes).
- media: gspca: Add bounds checking to firmware parser (git-fixes).
- media: hi556: Fix reset GPIO timings (stable-fixes).
- media: hi556: correct the test pattern configuration (git-fixes).
- media: i2c: mt9v111: fix incorrect type for ret (git-fixes).
- media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe (git-fixes).
- media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() (git-fixes).
- media: ipu-bridge: Add _HID for OV5670 (stable-fixes).
- media: ipu6: isys: Use correct pads for xlate_streams() (git-fixes).
- media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls (git-fixes).
- media: lirc: Fix error handling in lirc_register() (git-fixes).
- media: mc: Fix MUST_CONNECT handling for pads with no links (git-fixes).
- media: mt9m114: Fix deadlock in get_frame_interval/set_frame_interval (git-fixes).
- media: ov2659: Fix memory leaks in ov2659_probe() (git-fixes).
- media: pci: ivtv: Add missing check after DMA map (git-fixes).
- media: pci: mg4b: fix uninitialized iio scan data (git-fixes).
- media: pisp_be: Fix pm_runtime underrun in probe (git-fixes).
- media: qcom: camss: cleanup media device allocated resource on error path (git-fixes).
- media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() (git-fixes).
- media: rc: fix races with imon_disconnect() (git-fixes).
- media: rj54n1cb0c: Fix memleak in rj54n1_probe() (git-fixes).
- media: s5p-mfc: remove an unused/uninitialized variable (git-fixes).
- media: st-delta: avoid excessive stack usage (git-fixes).
- media: tc358743: Check I2C succeeded during probe (stable-fixes).
- media: tc358743: Increase FIFO trigger level to 374 (stable-fixes).
- media: tc358743: Return an appropriate colorspace from tc358743_set_fmt (stable-fixes).
- media: ti: j721e-csi2rx: Fix source subdev link creation (git-fixes).
- media: ti: j721e-csi2rx: Use devm_of_platform_populate (git-fixes).
- media: ti: j721e-csi2rx: fix list_del corruption (git-fixes).
- media: tuner: xc5000: Fix use-after-free in xc5000_release (git-fixes).
- media: usb: hdpvr: disable zero-length read messages (stable-fixes).
- media: usbtv: Lock resolution while streaming (git-fixes).
- media: uvcvideo: Add quirk for HP Webcam HD 2300 (stable-fixes).
- media: uvcvideo: Do not mark valid metadata as invalid (git-fixes).
- media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() (git-fixes).
- media: uvcvideo: Fix bandwidth issue for Alcor camera (stable-fixes).
- media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID (git-fixes).
- media: uvcvideo: Rollback non processed entities on error (git-fixes).
- media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control (stable-fixes).
- media: v4l2-ctrls: Do not reset handler's error in v4l2_ctrl_handler_free() (git-fixes).
- media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check (git-fixes).
- media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() (git-fixes).
- media: v4l2: Add support for NV12M tiled variants to v4l2_format_info() (git-fixes).
- media: venus: Add a check for packet size after reading from shared memory (git-fixes).
- media: venus: Fix MSM8998 frequency table (git-fixes).
- media: venus: Fix OOB read due to missing payload bound check (git-fixes).
- media: venus: firmware: Use correct reset sequence for IRIS2 (git-fixes).
- media: venus: hfi: explicitly release IRQ during teardown (git-fixes).
- media: venus: protect against spurious interrupts during probe (git-fixes).
- media: venus: vdec: Clamp param smaller than 1fps and bigger than 240 (git-fixes).
- media: venus: venc: Clamp param smaller than 1fps and bigger than 240 (git-fixes).
- media: verisilicon: Fix AV1 decoder clock frequency (git-fixes).
- media: vivid: fix wrong pixel_array control size (git-fixes).
- media: zoran: Remove zoran_fh structure (git-fixes).
- mei: bus: Check for still connected devices in mei_cl_bus_dev_release() (stable-fixes).
- mei: vsc: Destroy mutex after freeing the IRQ (git-fixes).
- mei: vsc: Do not re-init VSC from mei_vsc_hw_reset() on stop (git-fixes).
- mei: vsc: Drop unused vsc_tp_request_irq() and vsc_tp_free_irq() (stable-fixes).
- mei: vsc: Event notifier fixes (git-fixes).
- mei: vsc: Fix "BUG: Invalid wait context" lockdep error (git-fixes).
- mei: vsc: Run event callback from a workqueue (git-fixes).
- mei: vsc: Unset the event callback on remove and probe errors (git-fixes).
- memory: mtk-smi: Add ostd setting for mt8186 (git-fixes).
- memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe (git-fixes).
- memstick: Fix deadlock by moving removing flag earlier (git-fixes).
- mfd: axp20x: Set explicit ID for AXP313 regulator (stable-fixes).
- mfd: cros_ec: Separate charge-control probing from USB-PD (git-fixes).
- mfd: exynos-lpass: Fix another error handling path in exynos_lpass_probe() (git-fixes).
- mfd: rz-mtu3: Fix MTU5 NFCR register offset (git-fixes).
- mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() (git-fixes).
- microchip: lan865x: Fix LAN8651 autoloading (git-fixes).
- microchip: lan865x: Fix module autoloading (git-fixes).
- microchip: lan865x: fix missing Timer Increment config for Rev.B0/B1 (git-fixes).
- microchip: lan865x: fix missing netif_start_queue() call on device open (git-fixes).
- misc: fastrpc: Fix fastrpc_map_lookup operation (git-fixes).
- misc: fastrpc: Save actual DMA size in fastrpc_map structure (git-fixes).
- misc: fastrpc: Skip reference for DMA handles (git-fixes).
- misc: fastrpc: fix possible map leak in fastrpc_put_args (git-fixes).
- misc: genwqe: Fix incorrect cmd field being reported in error (git-fixes).
- misc: pci_endpoint_test: Fix 'irq_type' to convey the correct type (git-fixes).
- misc: pci_endpoint_test: Give disabled BARs a distinct error code (stable-fixes).
- misc: rtsx: usb: Ensure mmc child device is active when card is present (git-fixes).
- mm/damon/core: avoid destroyed target reference from DAMOS quota (git-fixes).
- mm/damon/core: prevent unnecessary overflow in damos_set_effective_quota() (git-fixes).
- mm/damon/core: set quota->charged_from to jiffies at first charge window (git-fixes).
- mm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters() (git-fixes).
- mm/damon/ops-common: ignore migration request to invalid nodes (git-fixes).
- mm/damon/reclaim: avoid divide-by-zero in damon_reclaim_apply_parameters() (git-fixes).
- mm/damon/sysfs: fix use-after-free in state_show() (git-fixes).
- mm/memory-failure: fix redundant updates for already poisoned pages (bsc#1250087).
- mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() (git-fixes)
- mm/userfaultfd: fix kmap_local LIFO ordering for CONFIG_HIGHPTE (git-fixes).
- mm: close theoretical race where stale TLB entries could linger (git-fixes).
- mm: fault in complete folios instead of individual pages for tmpfs (git-fixes).
- mm: fix the inaccurate memory statistics issue for users (bsc#1244723).
- mm: introduce and use {pgd,p4d}_populate_kernel() (git-fixes).
- mm: khugepaged: fix call hpage_collapse_scan_file() for anonymous vma (git-fixes).
- mm: memory-tiering: fix PGPROMOTE_CANDIDATE counting (bsc#1245630).
- mm: memory-tiering: fix PGPROMOTE_CANDIDATE counting - kabi (bsc#1245630).
- mm: move page table sync declarations to linux/pgtable.h (git-fixes).
- mm: swap: fix potential buffer overflow in setup_clusters() (git-fixes).
- mmc: core: Fix variable shadowing in mmc_route_rpmb_frames() (git-fixes).
- mmc: mvsdio: Fix dma_unmap_sg() nents value (git-fixes).
- mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() (stable-fixes).
- mmc: sdhci-cadence: add Mobileye eyeQ support (stable-fixes).
- mmc: sdhci-msm: Ensure SD card power isn't ON when card removed (stable-fixes).
- mmc: sdhci-of-arasan: Ensure CD logic stabilization before power-up (stable-fixes).
- mmc: sdhci-of-arasan: Support for emmc hardware reset (stable-fixes).
- mmc: sdhci-pci-gli: Add a new function to simplify the code (git-fixes).
- mmc: sdhci-pci-gli: GL9763e: Mask the replay timer timeout of AER (git-fixes).
- mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency (git-fixes).
- mmc: sdhci_am654: Disable HS400 for AM62P SR1.0 and SR1.1 (git-fixes).
- module: Fix memory deallocation on error path in move_module() (git-fixes).
- module: Prevent silent truncation of module name in delete_module(2) (git-fixes).
- module: Remove unnecessary +1 from last_unloaded_module::name size (git-fixes).
- module: Restore the moduleparam prefix length check (git-fixes).
- most: core: Drop device reference after usage in get_channel() (git-fixes).
- mptcp: fix spurious wake-up on under memory pressure (git-fixes).
- mtd: fix possible integer overflow in erase_xfer() (git-fixes).
- mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing (git-fixes).
- mtd: rawnand: atmel: Fix dma_mapping_error() address (git-fixes).
- mtd: rawnand: atmel: Fix error handling path in atmel_nand_controller_add_nands (git-fixes).
- mtd: rawnand: atmel: set pmecc data setup time (git-fixes).
- mtd: rawnand: fsmc: Add missing check after DMA map (git-fixes).
- mtd: rawnand: omap2: fix device leak on probe failure (git-fixes).
- mtd: rawnand: qcom: Fix last codeword read in qcom_param_page_type_exec() (git-fixes).
- mtd: rawnand: renesas: Add missing check after DMA map (git-fixes).
- mtd: rawnand: rockchip: Add missing check after DMA map (git-fixes).
- mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer (git-fixes).
- mtd: rawnand: stm32_fmc2: fix ECC overwrite (git-fixes).
- mtd: spi-nor: Fix spi_nor_try_unlock_all() (git-fixes).
- mtd: spi-nor: spansion: Fixup params->set_4byte_addr_mode for SEMPER (git-fixes).
- mtd: spinand: propagate spinand_wait() errors from spinand_write_page() (git-fixes).
- mwl8k: Add missing check after DMA map (git-fixes).
- neighbour: Fix null-ptr-deref in neigh_flush_dev() (git-fixes).
- net/mlx5: Base ECVF devlink port attrs from 0 (git-fixes).
- net/mlx5: CT: Use the correct counter offset (git-fixes).
- net/mlx5: Check device memory pointer before usage (git-fixes).
- net/mlx5: Correctly set gso_segs when LRO is used (git-fixes).
- net/mlx5: Correctly set gso_size when LRO is used (git-fixes).
- net/mlx5: E-Switch, Fix peer miss rules to use peer eswitch (git-fixes).
- net/mlx5: Fix lockdep assertion on sync reset unload event (git-fixes).
- net/mlx5: Fix memory leak in cmd_exec() (git-fixes).
- net/mlx5: HWS, Fix memory leak in hws_action_get_shared_stc_nic error flow (git-fixes).
- net/mlx5: HWS, Fix pattern destruction in mlx5hws_pat_get_pattern error path (git-fixes).
- net/mlx5: HWS, fix bad parameter in CQ creation (git-fixes).
- net/mlx5: Nack sync reset when SFs are present (git-fixes).
- net/mlx5: Prevent flow steering mode changes in switchdev mode (git-fixes).
- net/mlx5: Reload auxiliary drivers on fw_activate (git-fixes).
- net/mlx5e: Add new prio for promiscuous mode (git-fixes).
- net/mlx5e: Clear Read-Only port buffer size in PBMC before update (git-fixes).
- net/mlx5e: Preserve shared buffer capacity during headroom updates (git-fixes).
- net/mlx5e: Remove skb secpath if xfrm state is not found (git-fixes).
- net/mlx5e: Set local Xoff after FW update (git-fixes).
- net/mlx5e: Update and set Xon/Xoff upon MTU set (git-fixes).
- net/mlx5e: Update and set Xon/Xoff upon port speed set (git-fixes).
- net/packet: fix a race in packet_set_ring() and packet_notifier() (git-fixes).
- net/sched: Restrict conditions for adding duplicating netems to qdisc tree (git-fixes).
- net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing (git-fixes).
- net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (git-fixes).
- net/sched: taprio: enforce minimum value for picos_per_byte (git-fixes).
- net/smc: check sndbuf_space again after NOSPACE flag is set in smc_poll (git-fixes).
- net: 802: LLC+SNAP OID:PID lookup on start of skb data (git-fixes).
- net: dsa: restore dsa_software_vlan_untag() ability to operate on VLAN-untagged traffic (git-fixes).
- net: dsa: tag_ocelot_8021q: fix broken reception (git-fixes).
- net: hsr: fix fill_frame_info() regression vs VLAN packets (git-fixes).
- net: hsr: fix hsr_init_sk() vs network/transport headers (git-fixes).
- net: hv_netvsc: fix loss of early receive events from host during channel open (git-fixes).
- net: ieee8021q: fix insufficient table-size assertion (stable-fixes).
- net: llc: reset skb->transport_header (git-fixes).
- net: mana: Add handler for hardware servicing events (bsc#1245730).
- net: mana: Add speed support in mana_get_link_ksettings (bsc#1245726).
- net: mana: Add support for net_shaper_ops (bsc#1245726).
- net: mana: Allocate MSI-X vectors dynamically (bsc#1245457).
- net: mana: Allow irq_setup() to skip cpus for affinity (bsc#1245457).
- net: mana: Expose additional hardware counters for drop and TC via ethtool (bsc#1245729).
- net: mana: Fix build errors when CONFIG_NET_SHAPER is disabled (gix-fixes).
- net: mana: Fix potential deadlocks in mana napi ops (bsc#1245726).
- net: mana: Handle Reset Request from MANA NIC (bsc#1245728).
- net: mana: Handle unsupported HWC commands (bsc#1245726).
- net: mana: Set tx_packets to post gso processing packet count (bsc#1245731).
- net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754).
- net: mana: explain irq_setup() algorithm (bsc#1245457).
- net: mana: fix spelling for mana_gd_deregiser_irq() (git-fixes).
- net: mctp: handle skb cleanup on sock_queue failures (git-fixes).
- net: mdio: mdio-bcm-unimac: Correct rate fallback logic (git-fixes).
- net: nfc: nci: Add parameter validation for packet data (git-fixes).
- net: page_pool: allow enabling recycling late, fix false positive warning (git-fixes).
- net: phy: bcm54811: PHY initialization (stable-fixes).
- net: phy: fix phy_uses_state_machine() (git-fixes).
- net: phy: micrel: Add ksz9131_resume() (stable-fixes).
- net: phy: micrel: fix KSZ8081/KSZ8091 cable test (git-fixes).
- net: phy: smsc: add proper reset flags for LAN8710A (stable-fixes).
- net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer (git-fixes).
- net: rose: convert 'use' field to refcount_t (git-fixes).
- net: rose: fix a typo in rose_clear_routes() (git-fixes).
- net: rose: include node references in rose_neigh refcount (git-fixes).
- net: rose: split remove and free operations in rose_remove_neigh() (stable-fixes).
- net: thunderbolt: Enable end-to-end flow control also in transmit (stable-fixes).
- net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths() (stable-fixes).
- net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast (git-fixes).
- net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock (git-fixes).
- net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization (git-fixes).
- net: usb: asix_devices: add phy_mask for ax88772 mdio bus (git-fixes).
- net: usb: cdc-ncm: check for filtering capability (git-fixes).
- net: usb: qmi_wwan: add Telit Cinterion FN990A w/audio composition (stable-fixes).
- net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions (git-fixes).
- net: usb: qmi_wwan: fix Telit Cinterion FE990A name (stable-fixes).
- net: usb: qmi_wwan: fix Telit Cinterion FN990A name (stable-fixes).
- net: usbnet: Avoid potential RCU stall on LINK_CHANGE event (git-fixes).
- net: usbnet: Fix the wrong netif_carrier_on() call (git-fixes).
- netfilter: ctnetlink: fix refcount leak on table dump (git-fixes).
- netfilter: ctnetlink: remove refcounting in expectation dumpers (git-fixes).
- netfilter: nf_conncount: garbage collection is not skipped when jiffies wrap around (git-fixes).
- netfilter: nf_nat: also check reverse tuple to obtain clashing entry (git-fixes).
- netfilter: nf_reject: do not leak dst refcount for loopback packets (git-fixes).
- netfilter: nf_tables: Drop dead code from fill_*_info routines (git-fixes).
- netfilter: nf_tables: adjust lockdep assertions handling (git-fixes).
- netfilter: nf_tables: fix set size with rbtree backend (git-fixes).
- netfilter: nf_tables: imbalance in flowtable binding (git-fixes).
- netfilter: nft_ct: Use __refcount_inc() for per-CPU nft_ct_pcpu_template (git-fixes).
- netfilter: nft_flow_offload: update tcp state flags under lock (git-fixes).
- netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237).
- netfilter: nft_set_hash: skip duplicated elements pending gc run (git-fixes).
- netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext (git-fixes).
- netfilter: nft_set_pipapo: prefer kvmalloc for scratch maps (git-fixes).
- netfilter: nft_tunnel: fix geneve_opt dump (git-fixes).
- netfilter: xtables: support arpt_mark and ipv6 optstrip for iptables-nft only builds (git-fixes).
- netlink: fix policy dump for int with validation callback (jsc#PED-13331).
- netlink: specs: devlink: replace underscores with dashes in names (jsc#PED-13331).
- netpoll: prevent hanging NAPI when netcons gets enabled (git-fixes).
- nfs/localio: add direct IO enablement with sync and async IO support (git-fixes).
- nfs/localio: remove extra indirect nfs_to call to check {read,write}_iter (git-fixes).
- nfsd: Fix NFSD_MAY_BYPASS_GSS and NFSD_MAY_BYPASS_GSS_ON_ROOT (git-fixes).
- nfsd: fix access checking for NLM under XPRTSEC policies (git-fixes).
- nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (git-fixes).
- nouveau: fix disabling the nonstall irq due to storm code (git-fixes).
- nvme-auth: update bi_directional flag (git-fixes).
- nvme-fc: use lock accessing port_state and rport state (bsc#1245193 bsc#1247500).
- nvme-pci: try function level reset on init failure (git-fixes).
- nvme-tcp: log TLS handshake failures at error level (git-fixes).
- nvme-tcp: send only permitted commands for secure concat (git-fixes).
- nvme: fix PI insert on write (git-fixes).
- nvme: fix endianness of command word prints in nvme_log_err_passthru() (git-fixes).
- nvme: fix inconsistent RCU list manipulation in nvme_ns_add_to_ctrl_list() (git-fixes).
- nvme: fix misaccounting of nvme-mpath inflight I/O (git-fixes).
- nvmet-fc: avoid scheduling association deletion twice (bsc#1245193 bsc#1247500).
- nvmet-fc: move lsop put work to nvmet_fc_ls_req_op (bsc#1245193 bsc#1247500).
- nvmet-fcloop: call done callback even when remote port is gone (bsc#1245193 bsc#1247500).
- nvmet-tcp: fix callback lock for TLS handshake (git-fixes).
- nvmet: exit debugfs after discovery subsystem exits (git-fixes).
- nvmet: initialize discovery subsys after debugfs is initialized (git-fixes).
- nvmet: pci-epf: Do not complete commands twice if nvmet_req_init() fails (git-fixes).
- objtool, ASoC: codecs: wcd934x: Remove potential undefined behavior in wcd934x_slim_irq_handler() (stable-fixes).
- objtool, lkdtm: Obfuscate the do_nothing() pointer (stable-fixes).
- objtool, regulator: rk808: Remove potential undefined behavior in rk806_set_mode_dcdc() (stable-fixes).
- of: dynamic: Fix memleak when of_pci_add_properties() failed (git-fixes).
- of: dynamic: Fix use after free in of_changeset_add_prop_helper() (git-fixes).
- of: resolver: Fix device node refcount leakage in of_resolve_phandles() (git-fixes).
- of: resolver: Simplify of_resolve_phandles() using __free() (stable-fixes).
- of: unittest: Fix device reference count leak in of_unittest_pci_node_verify (git-fixes).
- of: unittest: Unlock on error in unittest_data_add() (git-fixes).
- pNFS/flexfiles: do not attempt pnfs on fatal DS errors (git-fixes).
- pNFS: Fix disk addr range check in block/scsi layout (git-fixes).
- pNFS: Fix stripe mapping in block/scsi layout (git-fixes).
- pNFS: Fix uninited ptr deref in block/scsi layout (git-fixes).
- pNFS: Handle RPC size limit for layoutcommits (git-fixes).
- percpu: fix race on alloc failed warning limit (git-fixes).
- perf bpf-event: Fix use-after-free in synthesis (git-fixes).
- perf bpf-utils: Constify bpil_array_desc (git-fixes).
- perf bpf-utils: Harden get_bpf_prog_info_linear (git-fixes).
- perf dso: Add missed dso__put to dso__load_kcore (git-fixes).
- perf hwmon_pmu: Avoid shortening hwmon PMU name (git-fixes).
- perf parse-events: Set default GH modifier properly (git-fixes).
- perf record: Cache build-ID of hit DSOs only (git-fixes).
- perf sched: Fix memory leaks for evsel->priv in timehist (git-fixes).
- perf sched: Fix memory leaks in 'perf sched latency' (git-fixes).
- perf sched: Fix memory leaks in 'perf sched map' (git-fixes).
- perf sched: Fix thread leaks in 'perf sched timehist' (git-fixes).
- perf sched: Free thread->priv using priv_destructor (git-fixes).
- perf sched: Make sure it frees the usage string (git-fixes).
- perf sched: Use RC_CHK_EQUAL() to compare pointers (git-fixes).
- perf symbol-minimal: Fix ehdr reading in filename__read_build_id (git-fixes).
- perf test: Fix a build error in x86 topdown test (git-fixes).
- perf tests bp_account: Fix leaked file descriptor (git-fixes).
- perf tools: Remove libtraceevent in .gitignore (git-fixes).
- perf topdown: Use attribute to see an event is a topdown metic or slots (git-fixes).
- perf trace: Remove --map-dump documentation (git-fixes).
- phy: fsl-imx8mq-usb: fix phy_tx_vboost_level_from_property() (git-fixes).
- phy: mscc: Fix parsing of unicast frames (git-fixes).
- phy: mscc: Fix timestamping for vsc8584 (git-fixes).
- phy: qcom: phy-qcom-m31: Update IPQ5332 M31 USB phy initialization sequence (git-fixes).
- phy: qualcomm: phy-qcom-eusb2-repeater: Do not zero-out registers (git-fixes).
- phy: qualcomm: phy-qcom-eusb2-repeater: fix override properties (git-fixes).
- phy: rockchip-pcie: Properly disable TEST_WRITE strobe signal (stable-fixes).
- phy: rockchip: naneng-combphy: Enable U3 OTG port for RK3568 (git-fixes).
- phy: rockchip: samsung-hdptx: Do no set rk_hdptx_phy->rate in case of errors (git-fixes).
- phy: rockchip: samsung-hdptx: Fix clock ratio setup (git-fixes).
- phy: tegra: xusb: fix device and OF node leak at probe (git-fixes).
- phy: ti-pipe3: fix device leak at unbind (git-fixes).
- phy: ti: omap-usb2: fix device leak at unbind (git-fixes).
- pidfs: Fix memory leak in pidfd_info() (jsc#PED-13113).
- pidfs: raise SB_I_NODEV and SB_I_NOEXEC (bsc#1249562).
- pinctrl: STMFX: add missing HAS_IOMEM dependency (git-fixes).
- pinctrl: berlin: fix memory leak in berlin_pinctrl_build_state() (git-fixes).
- pinctrl: equilibrium: Remove redundant semicolons (git-fixes).
- pinctrl: meson-gxl: add missing i2c_d pinmux (git-fixes).
- pinctrl: renesas: Use int type to store negative error codes (git-fixes).
- pinctrl: renesas: rzg2l: Fix invalid unsigned return in rzg3s_oen_read() (git-fixes).
- pinctrl: samsung: Drop unused S3C24xx driver data (git-fixes).
- pinctrl: stm32: Manage irq affinity settings (stable-fixes).
- pinctrl: sunxi: Fix memory leak on krealloc failure (git-fixes).
- pinmux: fix race causing mux_owner NULL with active mux_usecount (git-fixes).
- platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() (git-fixes).
- platform/chrome: cros_ec_sensorhub: Retries when a sensor is not ready (stable-fixes).
- platform/chrome: cros_ec_typec: Defer probe on missing EC parent (stable-fixes).
- platform/mellanox: mlxbf-pmc: Remove newline char from event name input (git-fixes).
- platform/mellanox: mlxbf-pmc: Use kstrtobool() to check 0/1 input (git-fixes).
- platform/mellanox: mlxbf-pmc: Validate event/enable input (git-fixes).
- platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL (git-fixes).
- platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042 list (stable-fixes).
- platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious 8042 quirks list (stable-fixes).
- platform/x86/amd/pmc: Add TUXEDO IB Pro Gen10 AMD to spurious 8042 quirks list (stable-fixes).
- platform/x86/amd/pmf: Support new ACPI ID AMDI0108 (stable-fixes).
- platform/x86/amd: pmc: Add Lenovo Yoga 6 13ALC6 to pmc quirk list (stable-fixes).
- platform/x86/intel-uncore-freq: Check write blocked for ELC (git-fixes).
- platform/x86/intel: power-domains: Use topology_logical_package_id() for package ID (git-fixes).
- platform/x86: Fix initialization order for firmware_attributes_class (git-fixes).
- platform/x86: asus-nb-wmi: add DMI quirk for ASUS Zenbook Duo UX8406CA (stable-fixes).
- platform/x86: asus-wmi: Fix ROG button mapping, tablet mode on ASUS ROG Z13 (stable-fixes).
- platform/x86: asus-wmi: Re-add extra keys to ignore_key_wlan quirk (git-fixes).
- platform/x86: asus-wmi: Remove extra keys from ignore_key_wlan quirk (git-fixes).
- platform/x86: ideapad-laptop: Fix FnLock not remembered among boots (git-fixes).
- platform/x86: ideapad-laptop: Fix kbd backlight not remembered among boots (git-fixes).
- platform/x86: lg-laptop: Fix WMAB call in fan_mode_store() (git-fixes).
- pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() (stable-fixes).
- pm: cpupower: bench: Prevent NULL dereference on malloc failure (stable-fixes).
- power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery (git-fixes).
- power: supply: bq27xxx: restrict no-battery detection to bq27000 (git-fixes).
- power: supply: cpcap-charger: Fix null check for power_supply_get_by_name (git-fixes).
- power: supply: cw2015: Fix a alignment coding style issue (git-fixes).
- power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set (git-fixes).
- power: supply: max77976_charger: fix constant current reporting (git-fixes).
- power: supply: qcom_battmgr: Add lithium-polymer entry (stable-fixes).
- powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() (git-fixes).
- powerpc/eeh: Export eeh_unfreeze_pe() (bsc#1215199).
- powerpc/eeh: Make EEH driver device hotplug safe (bsc#1215199).
- powerpc/ftrace: ensure ftrace record ops are always set for NOPs (git-fixes).
- powerpc/ftrace: ensure ftrace record ops are always set for NOPs (jsc#PED-10909 git-fixes).
- powerpc/kernel: Fix ppc_save_regs inclusion in build (bsc#1215199).
- powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199).
- powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199).
- powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199).
- powerpc/pseries: Correct secvar format representation for static key management (jsc#PED-13345 jsc#PED-13343).
- powerpc/secvar: Expose secvars relevant to the key management mode (jsc#PED-13345 jsc#PED-13343).
- powerpc64/modules: correctly iterate over stubs in setup_ftrace_ool_stubs (jsc#PED-10909 git-fixes).
- powerpc: do not build ppc_save_regs.o always (bsc#1215199).
- powerpc: floppy: Add missing checks after DMA map (bsc#1215199).
- pptp: fix pptp_xmit() error path (git-fixes).
- printk: nbcon: Allow reacquire during panic (bsc#1246688).
- psample: adjust size if rate_as_probability is set (git-fixes).
- ptp: fix breakage after ptp_vclock_in_use() rework (git-fixes).
- pwm: berlin: Fix wrong register in suspend/resume (git-fixes).
- pwm: imx-tpm: Reset counter if CMOD is 0 (git-fixes).
- pwm: mediatek: Fix duty and period setting (git-fixes).
- pwm: mediatek: Handle hardware enable and clock enable separately (stable-fixes).
- pwm: rockchip: Round period/duty down on apply, up on get (git-fixes).
- pwm: tiehrpwm: Do not drop runtime PM reference in .free() (git-fixes).
- pwm: tiehrpwm: Fix corner case in clock divisor calculation (git-fixes).
- pwm: tiehrpwm: Fix various off-by-one errors in duty-cycle calculation (git-fixes).
- pwm: tiehrpwm: Make code comment in .free() more useful (git-fixes).
- r8169: add support for RTL8125D (stable-fixes).
- r8169: disable RTL8126 ZRX-DC timeout (stable-fixes).
- r8169: do not scan PHY addresses > 0 (stable-fixes).
- rcu: Fix racy re-initialization of irq_work causing hangs (git-fixes)
- regmap: Remove superfluous check for !config in __regmap_init() (git-fixes).
- regulator: core: fix NULL dereference on unbind due to stale coupling data (stable-fixes).
- regulator: scmi: Use int type to store negative error codes (git-fixes).
- regulator: sy7636a: fix lifecycle of power good gpio (git-fixes).
- reset: brcmstb: Enable reset drivers for ARCH_BCM2835 (stable-fixes).
- reset: eyeq: fix OF node leak (git-fixes).
- resource: Add resource set range and size helpers (jsc#PED-13728 jsc#PED-13762).
- resource: fix false warning in __request_region() (git-fixes).
- ring-buffer: Do not allow events in NMI with generic atomic64 cmpxchg() (git-fixes).
- ring-buffer: Make reading page consistent with the code logic (git-fixes).
- rpm/config.sh: SLFO 1.2 is now synced to OBS as well
- rtc: ds1307: fix incorrect maximum clock rate handling (git-fixes).
- rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 (stable-fixes).
- rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe (stable-fixes).
- rtc: hym8563: fix incorrect maximum clock rate handling (git-fixes).
- rtc: nct3018y: fix incorrect maximum clock rate handling (git-fixes).
- rtc: optee: fix memory leak on driver removal (git-fixes).
- rtc: pcf85063: fix incorrect maximum clock rate handling (git-fixes).
- rtc: pcf8563: fix incorrect maximum clock rate handling (git-fixes).
- rtc: rv3028: fix incorrect maximum clock rate handling (git-fixes).
- rtc: x1205: Fix Xicor X1205 vendor prefix (git-fixes).
- s390/ap: Unmask SLCF bit in card and queue ap functions sysfs (git-fixes bsc#1247837).
- s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again (git-fixes bsc#1246868).
- s390/cpum_cf: Deny all sampling events by counter PMU (git-fixes bsc#1249477).
- s390/early: Copy last breaking event address to pt_regs (git-fixes bsc#1249061).
- s390/hypfs: Avoid unnecessary ioctl registration in debugfs (bsc#1248727 git-fixes).
- s390/hypfs: Enable limited access during lockdown (bsc#1248727 git-fixes).
- s390/ism: fix concurrency management in ism_cmd() (git-fixes bsc#1247372).
- s390/mm: Allocate page table with PAGE_SIZE granularity (git-fixes bsc#1247838).
- s390/mm: Do not map lowcore with identity mapping (git-fixes bsc#1249066).
- s390/mm: Remove possible false-positive warning in pte_free_defer() (git-fixes bsc#1247366).
- s390/pai: Deny all events not handled by this PMU (git-fixes bsc#1249478).
- s390/pci: Allow automatic recovery with minimal driver support (bsc#1248728 git-fixes).
- s390/sclp: Fix SCCB present check (git-fixes bsc#1249065).
- s390/stp: Remove udelay from stp_sync_clock() (git-fixes bsc#1249062).
- s390/time: Use monotonic clock in get_cycles() (git-fixes bsc#1249064).
- samples/bpf: Fix compilation failure for samples/bpf on LoongArch Fedora (git-fixes).
- samples: mei: Fix building on musl libc (git-fixes).
- sched/deadline: Always stop dl-server before changing parameters (bsc#1247936).
- sched/deadline: Do not count nr_running for dl_server proxy tasks (git-fixes, bsc#1247936).
- sched/deadline: Fix RT task potential starvation when expiry time passed (git-fixes, bsc#1247936).
- sched/deadline: Fix dl_server_stopped() (bsc#1247936).
- sched/deadline: Initialize dl_servers after SMP (git-fixes)
- sched_ext, sched/core: Do not call scx_group_set_weight() (git-fixes)
- scsi: Revert "scsi: iscsi: Fix HW conn removal use after free" (git-fixes).
- scsi: core: Fix kernel doc for scsi_track_queue_full() (git-fixes).
- scsi: elx: efct: Fix dma_unmap_sg() nents value (git-fixes).
- scsi: fc: Avoid -Wflex-array-member-not-at-end warnings (bsc#1250519).
- scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value (git-fixes).
- scsi: isci: Fix dma_unmap_sg() nents value (git-fixes).
- scsi: lpfc: Abort outstanding ELS WQEs regardless of if rmmod is in progress (bsc#1250519).
- scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET (bsc#1250519).
- scsi: lpfc: Clean up allocated queues when queue setup mbox commands fail (bsc#1250519).
- scsi: lpfc: Clean up extraneous phba dentries (bsc#1250519).
- scsi: lpfc: Convert debugfs directory counts from atomic to unsigned int (bsc#1250519).
- scsi: lpfc: Copyright updates for 14.4.0.11 patches (bsc#1250519).
- scsi: lpfc: Decrement ndlp kref after FDISC retries exhausted (bsc#1250519).
- scsi: lpfc: Define size of debugfs entry for xri rebalancing (bsc#1250519).
- scsi: lpfc: Ensure PLOGI_ACC is sent prior to PRLI in Point to Point topology (bsc#1250519).
- scsi: lpfc: Fix buffer free/clear order in deferred receive path (bsc#1250519).
- scsi: lpfc: Fix wrong function reference in a comment (bsc#1250519).
- scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup (bsc#1250519).
- scsi: lpfc: Remove redundant assignment to avoid memory leak (bsc#1250519).
- scsi: lpfc: Remove unused member variables in struct lpfc_hba and lpfc_vport (bsc#1250519).
- scsi: lpfc: Update lpfc version to 14.4.0.11 (bsc#1250519).
- scsi: lpfc: Use int type to store negative error codes (bsc#1250519).
- scsi: lpfc: Use switch case statements in DIF debugfs handlers (bsc#1250519).
- scsi: lpfc: use min() to improve code (bsc#1250519).
- scsi: mpi3mr: Event processing debug improvement (bsc#1251186).
- scsi: mpi3mr: Fix I/O failures during controller reset (bsc#1251186).
- scsi: mpi3mr: Fix controller init failure on fault during queue creation (bsc#1251186).
- scsi: mpi3mr: Fix device loss during enclosure reboot due to zero link speed (bsc#1251186).
- scsi: mpi3mr: Fix kernel-doc issues in mpi3mr_app.c (git-fixes).
- scsi: mpi3mr: Fix premature TM timeouts on virtual drives (bsc#1251186).
- scsi: mpi3mr: Fix race between config read submit and interrupt completion (git-fixes).
- scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems (git-fixes).
- scsi: mpi3mr: Update MPI headers to revision 37 (bsc#1251186).
- scsi: mpi3mr: Update driver version to 8.15.0.5.50 (bsc#1251186).
- scsi: mpt3sas: Fix a fw_event memory leak (git-fixes).
- scsi: mvsas: Fix dma_unmap_sg() nents value (git-fixes).
- scsi: qla2xxx: Avoid stack frame size warning in qla_dfs (git-fixes).
- scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES() (git-fixes).
- scsi: qla2xxx: Fix incorrect sign of error code in qla_nvme_xmt_ls_rsp() (git-fixes).
- scsi: qla2xxx: Remove firmware URL (git-fixes).
- scsi: qla2xxx: Use secs_to_jiffies() instead of msecs_to_jiffies() (git-fixes).
- scsi: qla2xxx: edif: Fix incorrect sign of error code (git-fixes).
- scsi: sd: Make sd shutdown issue START STOP UNIT appropriately (git-fixes).
- scsi: smartpqi: Enhance WWID logging logic (bsc#1246631).
- scsi: smartpqi: Take drives offline when controller is offline (bsc#1246631).
- scsi: smartpqi: Update driver version to 2.1.34-035 (bsc#1246631).
- scsi: ufs: Fix toggling of clk_gating.state when clock gating is not allowed (git-fixes).
- scsi: ufs: Introduce quirk to extend PA_HIBERN8TIME for UFS devices (git-fixes).
- scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails (git-fixes).
- scsi: ufs: core: Add missing post notify for power mode change (git-fixes).
- scsi: ufs: core: Add ufshcd_send_bsg_uic_cmd() for UFS BSG (git-fixes).
- scsi: ufs: core: Always initialize the UIC done completion (git-fixes).
- scsi: ufs: core: Do not perform UFS clkscaling during host async scan (git-fixes).
- scsi: ufs: core: Fix clk scaling to be conditional in reset and restore (git-fixes).
- scsi: ufs: core: Fix error return with query response (git-fixes).
- scsi: ufs: core: Fix spelling of a sysfs attribute name (git-fixes).
- scsi: ufs: core: Fix ufshcd_is_ufs_dev_busy() and ufshcd_eh_timed_out() (git-fixes).
- scsi: ufs: core: Honor runtime/system PM levels if set by host controller drivers (git-fixes).
- scsi: ufs: core: Improve ufshcd_mcq_sq_cleanup() (git-fixes).
- scsi: ufs: core: Introduce ufshcd_has_pending_tasks() (git-fixes).
- scsi: ufs: core: Prepare to introduce a new clock_gating lock (git-fixes).
- scsi: ufs: core: Remove redundant query_complete trace (git-fixes).
- scsi: ufs: core: Set default runtime/system PM levels before ufshcd_hba_init() (git-fixes).
- scsi: ufs: core: Update compl_time_stamp_local_clock after completing a cqe (git-fixes).
- scsi: ufs: core: Use link recovery when h8 exit fails during runtime resume (git-fixes).
- scsi: ufs: exynos: Add check inside exynos_ufs_config_smu() (git-fixes).
- scsi: ufs: exynos: Add gs101_ufs_drv_init() hook and enable WriteBooster (git-fixes).
- scsi: ufs: exynos: Enable PRDT pre-fetching with UFSHCD_CAP_CRYPTO (git-fixes).
- scsi: ufs: exynos: Ensure consistent phy reference counts (git-fixes).
- scsi: ufs: exynos: Ensure pre_link() executes before exynos_ufs_phy_init() (git-fixes).
- scsi: ufs: exynos: Fix hibern8 notify callbacks (git-fixes).
- scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE (git-fixes).
- scsi: ufs: exynos: Move UFS shareability value to drvdata (git-fixes).
- scsi: ufs: exynos: Move phy calls to .exit() callback (git-fixes).
- scsi: ufs: exynos: Remove empty drv_init method (git-fixes).
- scsi: ufs: exynos: Remove superfluous function parameter (git-fixes).
- scsi: ufs: exynos: gs101: Put UFS device in reset on .suspend() (git-fixes).
- scsi: ufs: mcq: Delete ufshcd_release_scsi_cmd() in ufshcd_mcq_abort() (git-fixes).
- scsi: ufs: pltfrm: Disable runtime PM during removal of glue drivers (git-fixes).
- scsi: ufs: pltfrm: Drop PM runtime reference count after ufshcd_remove() (git-fixes).
- scsi: ufs: qcom: Fix crypto key eviction (git-fixes).
- scsi: ufs: qcom: fix dev reference leaked through of_qcom_ice_get (git-fixes).
- scsi: ufs: ufs-pci: Fix default runtime and system PM levels (git-fixes).
- scsi: ufs: ufs-pci: Fix hibernate state transition for Intel MTL-like host controllers (git-fixes).
- seccomp: Fix a race with WAIT_KILLABLE_RECV if the tracer replies too fast (git-fixes bsc#1250671).
- selftest/livepatch: Only run test-kprobe with CONFIG_KPROBES_ON_FTRACE (poo#187320).
- selftests/cpufreq: Fix cpufreq basic read and update testcases (bsc#1250344).
- selftests/livepatch: Ignore NO_SUPPORT line in dmesg (poo#187320).
- selftests/livepatch: Replace hardcoded module name with variable in test-callbacks.sh (poo#187320).
- selftests/run_kselftest.sh: Fix help string for --per-test-log (poo#187320).
- selftests/run_kselftest.sh: Use readlink if realpath is not available (poo#187320).
- selftests/tracing: Fix false failure of subsystem event test (git-fixes).
- selftests: ALSA: fix memory leak in utimer test (git-fixes).
- selftests: livepatch: add new ftrace helpers functions (poo#187320).
- selftests: livepatch: add test cases of stack_order sysfs interface (poo#187320).
- selftests: livepatch: handle PRINTK_CALLER in check_result() (poo#187320).
- selftests: livepatch: rename KLP_SYSFS_DIR to SYSFS_KLP_DIR (poo#187320).
- selftests: livepatch: save and restore kprobe state (poo#187320).
- selftests: livepatch: test if ftrace can trace a livepatched function (poo#187320).
- selftests: livepatch: test livepatching a kprobed function (poo#187320).
- selftests: ncdevmem: Move ncdevmem under drivers/net/hw (poo#187443).
- selinux: change security_compute_sid to return the ssid or tsid on match (git-fixes).
- selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len (stable-fixes).
- serial: 8250: Touch watchdogs in write_atomic() (bsc#1246688).
- serial: 8250: fix panic due to PSLVERR (git-fixes).
- serial: max310x: Add error checking in probe() (git-fixes).
- serial: sc16is7xx: fix bug in flow control levels init (git-fixes).
- skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650).
- slab: Decouple slab_debug and no_hash_pointers (bsc#1249022).
- smb: client: fix crypto buffers in non-linear memory (bsc#1250491, boo#1239206).
- smb: client: fix netns refcount leak after net_passive changes (git-fixes).
- soc/tegra: cbb: Clear ERR_FORCE register with ERR_STATUS (git-fixes).
- soc/tegra: pmc: Ensure power-domains are in a known state (git-fixes).
- soc: mediatek: mtk-svs: fix device leaks on mt8183 probe failure (git-fixes).
- soc: mediatek: mtk-svs: fix device leaks on mt8192 probe failure (git-fixes).
- soc: qcom: QMI encoding/decoding for big endian (git-fixes).
- soc: qcom: fix endianness for QMI header (git-fixes).
- soc: qcom: mdt_loader: Actually use the e_phoff (stable-fixes).
- soc: qcom: mdt_loader: Deal with zero e_shentsize (git-fixes).
- soc: qcom: mdt_loader: Ensure we do not read past the ELF header (git-fixes).
- soc: qcom: mdt_loader: Fix error return values in mdt_header_valid() (git-fixes).
- soc: qcom: pmic_glink: fix OF node leak (git-fixes).
- soc: qcom: rpmh-rsc: Add RSC version 4 support (stable-fixes).
- soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS (git-fixes).
- soundwire: Move handle_nested_irq outside of sdw_dev_lock (stable-fixes).
- soundwire: amd: cancel pending slave status handling workqueue during remove sequence (stable-fixes).
- soundwire: amd: fix for handling slave alerts after link is down (git-fixes).
- soundwire: amd: serialize amd manager resume sequence during pm_prepare (stable-fixes).
- soundwire: stream: restore params when prepare ports fail (git-fixes).
- spi: bcm2835: Remove redundant semicolons (git-fixes).
- spi: cadence-quadspi: Fix cqspi_setup_flash() (git-fixes).
- spi: cadence-quadspi: Flush posted register writes before DAC access (git-fixes).
- spi: cadence-quadspi: Flush posted register writes before INDAC access (git-fixes).
- spi: cadence-quadspi: fix cleanup of rx_chan on failure paths (stable-fixes).
- spi: cs42l43: Property entry should be a null-terminated array (bsc#1246979).
- spi: fix return code when spi device has too many chipselects (git-fixes).
- spi: mtk-snfi: Remove redundant semicolons (git-fixes).
- spi: spi-fsl-lpspi: Clamp too high speed_hz (git-fixes).
- spi: spi-fsl-lpspi: Clear status register after disabling the module (git-fixes).
- spi: spi-fsl-lpspi: Fix transmissions when using CONT (git-fixes).
- spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort (git-fixes).
- spi: spi-fsl-lpspi: Set correct chip-select polarity bit (git-fixes).
- spi: stm32: Check for cfg availability in stm32_spi_probe (git-fixes).
- sprintf.h requires stdarg.h (git-fixes).
- sprintf.h: mask additional include (git-fixes).
- squashfs: fix memory leak in squashfs_fill_super (git-fixes).
- staging: axis-fifo: fix TX handling on copy_from_user() failure (git-fixes).
- staging: axis-fifo: fix maximum TX packet length check (git-fixes).
- staging: axis-fifo: flush RX FIFO on read errors (git-fixes).
- staging: axis-fifo: remove sysfs interface (git-fixes).
- staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() (git-fixes).
- staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int() (git-fixes).
- staging: nvec: Fix incorrect null termination of battery manufacturer (git-fixes).
- staging: vchiq_arm: Make vchiq_shutdown never fail (git-fixes).
- struct cdc_ncm_ctx: move new member to end (git-fixes).
- sunrpc: fix client side handling of tls alerts (git-fixes).
- sunrpc: fix handling of server side tls alerts (git-fixes).
- sunrpc: fix null pointer dereference on zero-length checksum (git-fixes).
- sunvdc: Balance device refcount in vdc_port_mpgroup_check (git-fixes).
- supported.conf: Mark ZL3073X modules supported
- supported.conf: mark hyperv_drm as external
- tcp: call tcp_measure_rcv_mss() for ooo packets (git-fixes).
- tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650).
- thermal/drivers/mediatek/lvts_thermal: Add lvts commands and their sizes to driver data (stable-fixes).
- thermal/drivers/mediatek/lvts_thermal: Add mt7988 lvts commands (stable-fixes).
- thermal/drivers/mediatek/lvts_thermal: Change lvts commands array to static const (stable-fixes).
- thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required (stable-fixes).
- thermal/drivers/qcom/lmh: Add missing IRQ includes (git-fixes).
- thermal: sysfs: Return ENODATA instead of EAGAIN for reads (stable-fixes).
- thunderbolt: Compare HMAC values in constant time (git-fixes).
- thunderbolt: Fix copy+paste error in match_service_id() (git-fixes).
- tools/power turbostat: Clustered Uncore MHz counters should honor show/hide options (stable-fixes).
- tools/power turbostat: Fix bogus SysWatt for forked program (git-fixes).
- tools/power turbostat: Fix build with musl (stable-fixes).
- tools/power turbostat: Handle cap_get_proc() ENOSYS (stable-fixes).
- tools/power turbostat: Handle non-root legacy-uncore sysfs permissions (stable-fixes).
- tools/resolve_btfids: Fix build when cross compiling kernel with clang (git-fixes).
- tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single (git-fixes).
- trace/fgraph: Fix error handling (git-fixes).
- trace/ring-buffer: Do not use TP_printk() formatting for boot mapped buffers (git-fixes).
- tracepoint: Print the function symbol when tracepoint_debug is set (jsc#PED-13631).
- tracing/kprobe: Make trace_kprobe's module callback called after jump_label update (git-fixes).
- tracing/kprobes: Fix to free objects when failed to copy a symbol (git-fixes).
- tracing: Correct the refcount if the hist/hist_debug file fails to open (git-fixes).
- tracing: Fix filter string testing (git-fixes).
- tracing: Fix using ret variable in tracing_set_tracer() (git-fixes).
- tracing: Remove unneeded goto out logic (bsc#1249286).
- tracing: Switch trace.c code over to use guard() (git-fixes).
- tracing: Switch trace_events_hist.c code over to use guard() (git-fixes).
- tracing: fprobe events: Fix possible UAF on modules (git-fixes).
- tracing: tprobe-events: Fix leakage of module refcount (git-fixes).
- tty: hvc_console: Call hvc_kick in hvc_write unconditionally (bsc#1230062).
- tty: n_gsm: Do not block input queue by waiting MSC (git-fixes).
- tty: serial: fix print format specifiers (stable-fixes).
- ublk: sanity check add_dev input for underflow (git-fixes).
- ublk: use vmalloc for ublk_device's __queues (git-fixes).
- ucount: fix atomic_long_inc_below() argument type (git-fixes).
- uio: uio_pdrv_genirq: Remove MODULE_DEVICE_TABLE (git-fixes).
- usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() (git-fixes).
- usb: cdns3: cdnsp-pci: remove redundant pci_disable_device() call (git-fixes).
- usb: core: Add 0x prefix to quirks debug output (stable-fixes).
- usb: core: config: Prevent OOB read in SS endpoint companion parsing (stable-fixes).
- usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test (git-fixes).
- usb: core: usb_submit_urb: downgrade type check (stable-fixes).
- usb: dwc3: Ignore late xferNotReady event to prevent halt timeout (git-fixes).
- usb: dwc3: Remove WARN_ON for device endpoint command timeouts (stable-fixes).
- usb: dwc3: imx8mp: fix device leak at unbind (git-fixes).
- usb: dwc3: meson-g12a: fix device leaks at unbind (git-fixes).
- usb: dwc3: pci: add support for the Intel Wildcat Lake (stable-fixes).
- usb: dwc3: qcom: Do not leave BCR asserted (git-fixes).
- usb: early: xhci-dbc: Fix early_ioremap leak (git-fixes).
- usb: gadget : fix use-after-free in composite_dev_cleanup() (git-fixes).
- usb: gadget: configfs: Correctly set use_os_string at bind (git-fixes).
- usb: gadget: midi2: Fix MIDI2 IN EP max packet size (git-fixes).
- usb: gadget: midi2: Fix missing UMP group attributes initialization (git-fixes).
- usb: gadget: udc: renesas_usb3: fix device leak at unbind (git-fixes).
- usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup (git-fixes).
- usb: host: xhci-plat: fix incorrect type for of_match variable in xhci_plat_probe() (git-fixes).
- usb: misc: apple-mfi-fastcharge: Make power supply names unique (git-fixes).
- usb: misc: qcom_eud: Access EUD_MODE_MANAGER2 through secure calls (git-fixes).
- usb: musb: omap2430: fix device leak at unbind (git-fixes).
- usb: phy: twl6030: Fix incorrect type for ret (git-fixes).
- usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive (stable-fixes).
- usb: renesas-xhci: Fix External ROM access timeouts (git-fixes).
- usb: storage: realtek_cr: Use correct byte order for bcs->Residue (git-fixes).
- usb: typec: fusb302: cache PD RX state (git-fixes).
- usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present (stable-fixes).
- usb: typec: maxim_contaminant: disable low power mode when reading comparator values (git-fixes).
- usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean (git-fixes).
- usb: typec: tcpm/tcpci_maxim: fix irq wake usage (stable-fixes).
- usb: typec: tcpm: allow switching to mode accessory to mux properly (stable-fixes).
- usb: typec: tcpm: allow to use sink in accessory mode (stable-fixes).
- usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach (git-fixes).
- usb: typec: tcpm: properly deliver cable vdms to altmode drivers (git-fixes).
- usb: typec: tipd: Clear interrupts first (git-fixes).
- usb: typec: ucsi: Update power_supply on power role change (git-fixes).
- usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default (stable-fixes).
- usb: typec: ucsi: yoga-c630: fix error and remove paths (git-fixes).
- usb: vhci-hcd: Prevent suspending virtually attached devices (git-fixes).
- usb: xhci: Avoid showing errors during surprise removal (stable-fixes).
- usb: xhci: Avoid showing warnings for dying controller (stable-fixes).
- usb: xhci: Fix slot_id resource race conflict (git-fixes).
- usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command (stable-fixes).
- usb: xhci: print xhci->xhc_state when queue_command failed (stable-fixes).
- use uniform permission checks for all mount propagation changes (git-fixes).
- vdpa/mlx5: Fix needs_teardown flag calculation (git-fixes).
- vdpa: Fix IDR memory leak in VDUSE module exit (git-fixes).
- vhost-scsi: Fix log flooding with target does not exist errors (git-fixes).
- vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() (git-fixes).
- vhost/vsock: Avoid allocating arbitrarily-sized SKBs (git-fixes).
- vhost: Fix ioctl # for VHOST_[GS]ET_FORK_FROM_OWNER (git-fixes).
- vhost: Reintroduce kthread API and add mode selection (git-fixes).
- vhost: fail early when __vhost_add_used() fails (git-fixes).
- virtchnl2: add flow steering support (jsc#PED-13728).
- virtchnl2: rename enum virtchnl2_cap_rss (jsc#PED-13728).
- virtchnl: add PTP virtchnl definitions (jsc#PED-13728 jsc#PED-13762).
- virtio_net: Enforce minimum TX ring size for reliability (git-fixes).
- virtio_ring: Fix error reporting in virtqueue_resize (git-fixes).
- vmci: Prevent the dispatching of uninitialized payloads (git-fixes).
- vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page (git-fixes).
- vsock/virtio: Validate length in packet header before skb_put() (git-fixes).
- vt: defkeymap: Map keycodes above 127 to K_HOLE (git-fixes).
- vt: keyboard: Do not process Unicode characters in K_OFF mode (git-fixes).
- watchdog: dw_wdt: Fix default timeout (stable-fixes).
- watchdog: iTCO_wdt: Report error if timeout configuration fails (stable-fixes).
- watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog (git-fixes).
- watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition (stable-fixes).
- watchdog: ziirave_wdt: check record length in ziirave_firm_verify() (git-fixes).
- wifi: ath10k: avoid unnecessary wait for service ready message (git-fixes).
- wifi: ath10k: shutdown driver when hardware is unreliable (stable-fixes).
- wifi: ath11k: HAL SRNG: do not deinitialize and re-initialize again (git-fixes).
- wifi: ath11k: clear initialized flag for deinit-ed srng lists (git-fixes).
- wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() (git-fixes).
- wifi: ath11k: fix dest ring-buffer corruption (git-fixes).
- wifi: ath11k: fix dest ring-buffer corruption when ring is full (git-fixes).
- wifi: ath11k: fix group data packet drops during rekey (git-fixes).
- wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() (git-fixes).
- wifi: ath11k: fix source ring-buffer corruption (git-fixes).
- wifi: ath11k: fix suspend use-after-free after probe failure (git-fixes).
- wifi: ath12k: Add MODULE_FIRMWARE() entries (bsc#1250952).
- wifi: ath12k: Add memset and update default rate value in wmi tx completion (stable-fixes).
- wifi: ath12k: Correct tid cleanup when tid setup fails (stable-fixes).
- wifi: ath12k: Decrement TID on RX peer frag setup error handling (stable-fixes).
- wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0 (stable-fixes).
- wifi: ath12k: Fix station association with MBSSID Non-TX BSS (stable-fixes).
- wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() (git-fixes).
- wifi: ath12k: fix dest ring-buffer corruption (git-fixes).
- wifi: ath12k: fix dest ring-buffer corruption when ring is full (git-fixes).
- wifi: ath12k: fix endianness handling while accessing wmi service bit (git-fixes).
- wifi: ath12k: fix memory leak in ath12k_pci_remove() (stable-fixes).
- wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event (git-fixes).
- wifi: ath12k: fix source ring-buffer corruption (git-fixes).
- wifi: ath12k: fix the fetching of combined rssi (git-fixes).
- wifi: ath12k: fix wrong handling of CCMP256 and GCMP ciphers (git-fixes).
- wifi: ath12k: fix wrong logging ID used for CE (git-fixes).
- wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE (git-fixes).
- wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work (git-fixes).
- wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() (git-fixes).
- wifi: cfg80211: Fix interface type validation (stable-fixes).
- wifi: cfg80211: fix use-after-free in cmp_bss() (git-fixes).
- wifi: cfg80211: reject HTC bit for management frames (stable-fixes).
- wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() (git-fixes).
- wifi: cw1200: cap SSID length in cw1200_do_join() (git-fixes).
- wifi: iwlegacy: Check rate_idx range after addition (stable-fixes).
- wifi: iwlwifi: Add missing firmware info for bz-b0-* models (bsc#1252084).
- wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start() (git-fixes).
- wifi: iwlwifi: Fix memory leak in iwl_mvm_init() (git-fixes).
- wifi: iwlwifi: Remove redundant header files (git-fixes).
- wifi: iwlwifi: config: unify fw/pnvm MODULE_FIRMWARE (bsc#1252084).
- wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() (stable-fixes).
- wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect (stable-fixes).
- wifi: iwlwifi: mvm: avoid outdated reorder buffer head_sn (stable-fixes).
- wifi: iwlwifi: mvm: fix scan request validation (stable-fixes).
- wifi: iwlwifi: mvm: set gtk id also in older FWs (stable-fixes).
- wifi: iwlwifi: return ERR_PTR from opmode start() (stable-fixes).
- wifi: iwlwifi: uefi: check DSM item validity (git-fixes).
- wifi: libertas: cap SSID len in lbs_associate() (git-fixes).
- wifi: mac80211: Check 802.11 encaps offloading in ieee80211_tx_h_select_key() (git-fixes).
- wifi: mac80211: Do not call fq_flow_idx() for management frames (git-fixes).
- wifi: mac80211: Do not schedule stopped TXQs (git-fixes).
- wifi: mac80211: Write cnt before copying in ieee80211_copy_rnr_beacon() (git-fixes).
- wifi: mac80211: avoid weird state in error path (stable-fixes).
- wifi: mac80211: do not complete management TX on SAE commit (stable-fixes).
- wifi: mac80211: do not unreserve never reserved chanctx (stable-fixes).
- wifi: mac80211: fix Rx packet handling when pubsta information is not available (git-fixes).
- wifi: mac80211: fix incorrect type for ret (stable-fixes).
- wifi: mac80211: fix rx link assignment for non-MLO stations (stable-fixes).
- wifi: mac80211: increase scan_ies_len for S1G (stable-fixes).
- wifi: mac80211: reject TDLS operations when station is not associated (git-fixes).
- wifi: mac80211: update radar_required in channel context after channel switch (stable-fixes).
- wifi: mt76: fix linked list corruption (git-fixes).
- wifi: mt76: fix potential memory leak in mt76_wmac_probe() (git-fixes).
- wifi: mt76: free pending offchannel tx frames on wcid cleanup (git-fixes).
- wifi: mt76: mt7915: fix mt7981 pre-calibration (git-fixes).
- wifi: mt76: mt7915: mcu: re-init MCU before loading FW patch (stable-fixes).
- wifi: mt76: mt7925: adjust rm BSS flow to prevent next connection failure (git-fixes).
- wifi: mt76: mt7925: fix locking in mt7925_change_vif_links() (git-fixes).
- wifi: mt76: mt7925: fix the wrong bss cleanup for SAP (git-fixes).
- wifi: mt76: mt7925u: use connac3 tx aggr check in tx complete (git-fixes).
- wifi: mt76: mt7996: Convert mt7996_wed_rro_addr to LE (git-fixes).
- wifi: mt76: mt7996: Fix RX packets configuration for primary WED device (git-fixes).
- wifi: mt76: mt7996: Initialize hdr before passing to skb_put_data() (git-fixes).
- wifi: mt76: prevent non-offchannel mgmt tx during scan/roc (git-fixes).
- wifi: mwifiex: Initialize the chan_stats array to zero (git-fixes).
- wifi: mwifiex: send world regulatory domain to driver (git-fixes).
- wifi: nl80211: Set num_sub_specs before looping through sub_specs (git-fixes).
- wifi: plfxlc: Fix error handling in usb driver probe (git-fixes).
- wifi: rtl818x: Kill URBs before clearing tx status queue (git-fixes).
- wifi: rtl8xxxu: Do not claim USB ID 07b8:8188 (stable-fixes).
- wifi: rtl8xxxu: Fix RX skb size for aggregation disabled (git-fixes).
- wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc() (stable-fixes).
- wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()` (stable-fixes).
- wifi: rtlwifi: rtl8192cu: Do not claim USB ID 07b8:8188 (stable-fixes).
- wifi: rtw88: Fix macid assigned to TDLS station (git-fixes).
- wifi: rtw89: Fix rtw89_mac_power_switch() for USB (stable-fixes).
- wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB (stable-fixes).
- wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band (git-fixes).
- wifi: rtw89: avoid circular locking dependency in ser_state_run() (git-fixes).
- wifi: rtw89: scan abort when assign/unassign_vif (stable-fixes).
- wifi: rtw89: wow: Add Basic Rate IE to probe request in scheduled scan mode (stable-fixes).
- wifi: virt_wifi: Fix page fault on connect (stable-fixes).
- wifi: wilc1000: avoid buffer overflow in WID string configuration (stable-fixes).
- writeback: Avoid contention on wb->list_lock when switching inodes (bsc#1237776).
- writeback: Avoid contention on wb->list_lock when switching inodes (kABI fixup) (bsc#1237776).
- writeback: Avoid excessively long inode switching times (bsc#1237776).
- writeback: Avoid softlockup when switching many inodes (bsc#1237776).
- x86/CPU/AMD: Add CPUID faulting support (jsc#PED-13704).
- x86/Kconfig: Add arch attack vector support (git-fixes).
- x86/Kconfig: Always enable ARCH_SPARSEMEM_ENABLE (git-fixes).
- x86/boot: Sanitize boot params before parsing command line (git-fixes).
- x86/bugs: Add SRSO_MITIGATION_NOSMT (git-fixes).
- x86/bugs: Add attack vector controls for BHI (git-fixes).
- x86/bugs: Add attack vector controls for GDS (git-fixes).
- x86/bugs: Add attack vector controls for ITS (git-fixes).
- x86/bugs: Add attack vector controls for L1TF (git-fixes).
- x86/bugs: Add attack vector controls for MDS (git-fixes).
- x86/bugs: Add attack vector controls for MMIO (git-fixes).
- x86/bugs: Add attack vector controls for RFDS (git-fixes).
- x86/bugs: Add attack vector controls for SRBDS (git-fixes).
- x86/bugs: Add attack vector controls for SRSO (git-fixes).
- x86/bugs: Add attack vector controls for SSB (git-fixes).
- x86/bugs: Add attack vector controls for TAA (git-fixes).
- x86/bugs: Add attack vector controls for TSA (git-fixes).
- x86/bugs: Add attack vector controls for retbleed (git-fixes).
- x86/bugs: Add attack vector controls for spectre_v1 (git-fixes).
- x86/bugs: Add attack vector controls for spectre_v2 (git-fixes).
- x86/bugs: Add attack vector controls for spectre_v2_user (git-fixes).
- x86/bugs: Allow ITS stuffing in eIBRS+retpoline mode also (git-fixes).
- x86/bugs: Avoid AUTO after the select step in the retbleed mitigation (git-fixes).
- x86/bugs: Avoid warning when overriding return thunk (git-fixes).
- x86/bugs: Clean up SRSO microcode handling (git-fixes).
- x86/bugs: Define attack vectors relevant for each bug (git-fixes).
- x86/bugs: Fix GDS mitigation selecting when mitigation is off (git-fixes).
- x86/bugs: Introduce cdt_possible() (git-fixes).
- x86/bugs: Print enabled attack vectors (git-fixes).
- x86/bugs: Remove its=stuff dependency on retbleed (git-fixes).
- x86/bugs: Select best SRSO mitigation (git-fixes).
- x86/bugs: Simplify the retbleed=stuff checks (git-fixes).
- x86/bugs: Use IBPB for retbleed if used by SRSO (git-fixes).
- x86/bugs: Use switch/case in its_apply_mitigation() (git-fixes).
- x86/cacheinfo: Properly parse CPUID(0x80000005) L1d/L1i associativity (git-fixes).
- x86/cacheinfo: Properly parse CPUID(0x80000006) L2/L3 associativity (git-fixes).
- x86/cpu: Sanitize CPUID(0x80000000) output (git-fixes).
- x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 (git-fixes).
- x86/fpu/xstate: Fix inconsistencies in guest FPU xfeatures (git-fixes).
- x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct() (git-fixes).
- x86/fpu: Delay instruction pointer fixup until after warning (git-fixes).
- x86/fpu: Fix guest FPU state buffer allocation size (git-fixes).
- x86/fpu: Fully optimize out WARN_ON_FPU() (git-fixes).
- x86/fpu: Refactor xfeature bitmask update code for sigframe XSAVE (git-fixes).
- x86/fred/signal: Prevent immediate repeat of single step trap on return from SIGTRAP handler (git-fixes).
- x86/headers: Replace __ASSEMBLY__ with __ASSEMBLER__ in UAPI headers (git-fixes).
- x86/locking: Use ALT_OUTPUT_SP() for percpu_{,try_}cmpxchg{64,128}_op() (git-fixes).
- x86/mce/amd: Add default names for MCA banks and blocks (git-fixes).
- x86/mce: Do not remove sysfs if thresholding sysfs init fails (git-fixes).
- x86/mce: Ensure user polling settings are honored when restarting timer (git-fixes).
- x86/mce: Make sure CMCI banks are cleared during shutdown on Intel (git-fixes).
- x86/microcode/AMD: Handle the case of no BIOS microcode (git-fixes).
- x86/microcode: Consolidate the loader enablement checking (git-fixes).
- x86/microcode: Update the Intel processor flag scan check (git-fixes).
- x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() (git-fixes).
- x86/mm/pat: do not collapse pages without PSE set (git-fixes).
- x86/nmi: Add an emergency handler in nmi_desc & use it in nmi_shootdown_cpus() (git-fixes).
- x86/percpu: Disable named address spaces for UBSAN_BOOL with KASAN for GCC < 14.2 (git-fixes).
- x86/pkeys: Simplify PKRU update in signal frame (git-fixes).
- x86/platform/olpc: Remove unused variable 'len' in olpc_dt_compatible_match() (git-fixes).
- x86/pti: Add attack vector controls for PTI (git-fixes).
- x86/rdrand: Disable RDSEED on AMD Cyan Skillfish (git-fixes).
- x86/smp: Allow calling mwait_play_dead with an arbitrary hint (jsc#PED-13815).
- x86/smp: Fix mwait_play_dead() and acpi_processor_ffh_play_dead() noreturn behavior (jsc#PED-13815).
- x86/smp: PM/hibernate: Split arch_resume_nosmt() (jsc#PED-13815).
- x86/smpboot: Fix INIT delay assignment for extended Intel Families (git-fixes).
- x86/topology: Implement topology_is_core_online() to address SMT regression (jsc#PED-13815).
- x86/traps: Initialize DR6 by writing its architectural reset value (git-fixes).
- xen/gntdev: remove struct gntdev_copy_batch from stack (git-fixes).
- xen/netfront: Fix TX response spurious interrupts (git-fixes).
- xen: fix UAF in dmabuf_exp_from_pages() (git-fixes).
- xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO (git-fixes).
- xfs: change xfs_xattr_class from a TRACE_EVENT() to DECLARE_EVENT_CLASS() (git-fixes).
- xfs: do not propagate ENODATA disk errors into xattr code (git-fixes).
- xfs: fix scrub trace with null pointer in quotacheck (git-fixes).
- xfs: only create event xfs_file_compat_ioctl when CONFIG_COMPAT is configure (git-fixes).
- xfs: remove unused event xfs_alloc_near_error (git-fixes).
- xfs: remove unused event xfs_alloc_near_nominleft (git-fixes).
- xfs: remove unused event xfs_attr_node_removename (git-fixes).
- xfs: remove unused event xfs_ioctl_clone (git-fixes).
- xfs: remove unused event xfs_pagecache_inval (git-fixes).
- xfs: remove unused event xlog_iclog_want_sync (git-fixes).
- xfs: remove unused trace event xfs_attr_remove_iter_return (git-fixes).
- xfs: remove unused trace event xfs_attr_rmtval_set (git-fixes).
- xfs: remove unused trace event xfs_discard_rtrelax (git-fixes).
- xfs: remove unused trace event xfs_log_cil_return (git-fixes).
- xfs: remove unused trace event xfs_reflink_cow_enospc (git-fixes).
- xfs: remove unused xfs_attr events (git-fixes).
- xfs: remove unused xfs_reflink_compare_extents events (git-fixes).
- xfs: remove usused xfs_end_io_direct events (git-fixes).
- xhci: dbc: Fix full DbC transfer ring after several reconnects (git-fixes).
- xhci: dbc: decouple endpoint allocation from initialization (git-fixes).
- xhci: fix memory leak regression when freeing xhci vdev devices depth first (git-fixes).
- xirc2ps_cs: fix register access when enabling FullDuplex (git-fixes).
- zram: permit only one post-processing operation at a time (git-fixes).
Patchnames
SUSE-SLES-HA-16.0-50
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\n\nThe SUSE Linux Enterprise Server 16.0 and SUSE Linux Micro 6.2 kernel was updated to receive various security bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863).\n- CVE-2024-57891: sched_ext: Fix invalid irq restore in scx_ops_bypass() (bsc#1235953).\n- CVE-2024-57951: hrtimers: Handle CPU state correctly on hotplug (bsc#1237108).\n- CVE-2024-57952: Revert \"libfs: fix infinite directory reads for offset dir\" (bsc#1237131).\n- CVE-2024-58090: sched/core: Prevent rescheduling when interrupts are disabled (bsc#1240324).\n- CVE-2025-22034: mm/rmap: avoid -EBUSY from make_device_exclusive() (bsc#1241435).\n- CVE-2025-22077: Revert \"smb: client: fix TCP timers deadlock after rmmod\" (bsc#1241403).\n- CVE-2025-23141: KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses (bsc#1242782).\n- CVE-2025-37821: sched/eevdf: Fix se-\u003eslice being set to U64_MAX and resulting (bsc#1242864).\n- CVE-2025-37849: KVM: arm64: Tear down vGIC on failed vCPU creation (bsc#1243000).\n- CVE-2025-37856: btrfs: harden block_group::bg_list against list_del() races (bsc#1243068).\n- CVE-2025-37861: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue (bsc#1243055).\n- CVE-2025-37864: net: dsa: clean up FDB, MDB, VLAN entries on unbind (bsc#1242965).\n- CVE-2025-38006: net: mctp: Do not access ifa_index when missing (bsc#1244930).\n- CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939).\n- CVE-2025-38019: mlxsw: spectrum_router: Fix use-after-free when deleting GRE net devices (bsc#1245000).\n- CVE-2025-38034: btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref (bsc#1244792).\n- CVE-2025-38038: cpufreq: amd-pstate: Remove unnecessary driver_lock in set_boost (bsc#1244812).\n- CVE-2025-38058: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock (bsc#1245151).\n- CVE-2025-38062: kABI: restore layout of struct msi_desc (bsc#1245216).\n- CVE-2025-38075: scsi: target: iscsi: Fix timeout on deleted connection (bsc#1244734).\n- CVE-2025-38101: ring-buffer: Fix buffer locking in ring_buffer_subbuf_order_set() (bsc#1245659).\n- CVE-2025-38103: HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() (bsc#1245663).\n- CVE-2025-38106: io_uring/sqpoll: do not put task_struct on tctx setup failure (bsc#1245664).\n- CVE-2025-38117: hci_dev centralize extra lock (bsc#1245695).\n- CVE-2025-38119: scsi: core: ufs: Fix a hang in the error handler (bsc#1245700).\n- CVE-2025-38125: net: stmmac: make sure that ptp_rate is not 0 before configuring EST (bsc#1245710).\n- CVE-2025-38146: net: openvswitch: Fix the dead loop of MPLS parse (bsc#1245767).\n- CVE-2025-38160: clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() (bsc#1245780).\n- CVE-2025-38168: perf: arm-ni: Unregister PMUs on probe failure (bsc#1245763).\n- CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970).\n- CVE-2025-38182: ublk: santizize the arguments from userspace when adding a device (bsc#1245937).\n- CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956).\n- CVE-2025-38185: atm: atmtcp: Free invalid length skb in atmtcp_c_send() (bsc#1246012).\n- CVE-2025-38190: atm: Revert atm_account_tx() if copy_from_iter_full() fails (bsc#1245973).\n- CVE-2025-38201: netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX (bsc#1245977).\n- CVE-2025-38205: drm/amd/display: Avoid divide by zero by initializing dummy pitch to 1 (bsc#1246005).\n- CVE-2025-38208: smb: client: add NULL check in automount_fullpath (bsc#1245815).\n- CVE-2025-38216: iommu/vt-d: Restore context entry setup order for aliased devices (bsc#1245963).\n- CVE-2025-38220: ext4: only dirty folios when data journaling regular files (bsc#1245966).\n- CVE-2025-38222: ext4: inline: fix len overflow in ext4_prepare_inline_data (bsc#1245976).\n- CVE-2025-38242: mm: userfaultfd: fix race of userfaultfd_move and swap cache (bsc#1246176).\n- CVE-2025-38244: smb: client: fix potential deadlock when reconnecting channels (bsc#1246183).\n- CVE-2025-38245: atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister() (bsc#1246193).\n- CVE-2025-38251: atm: clip: prevent NULL deref in clip_push() (bsc#1246181).\n- CVE-2025-38256: io_uring/rsrc: fix folio unpinning (bsc#1246188).\n- CVE-2025-38258: mm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter-\u003ememcg_path on write (bsc#1246185).\n- CVE-2025-38263: bcache: fix NULL pointer in cache_set_flush() (bsc#1246248).\n- CVE-2025-38267: ring-buffer: Do not trigger WARN_ON() due to a commit_overrun (bsc#1246245).\n- CVE-2025-38270: net: drv: netdevsim: do not napi_complete() from netpoll (bsc#1246252).\n- CVE-2025-38272: net: dsa: b53: do not enable EEE on bcm63xx (bsc#1246268).\n- CVE-2025-38301: nvmem: zynqmp_nvmem: unbreak driver after cleanup (bsc#1246351).\n- CVE-2025-38306: fs/fhandle.c: fix a race in call of has_locked_children() (bsc#1246366).\n- CVE-2025-38311: iavf: get rid of the crit lock (bsc#1246376).\n- CVE-2025-38318: perf: arm-ni: Fix missing platform_set_drvdata() (bsc#1246444).\n- CVE-2025-38322: perf/x86/intel: Fix crash in icl_update_topdown_event() (bsc#1246447).\n- CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473).\n- CVE-2025-38337: jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() (bsc#1246253).\n- CVE-2025-38341: eth: fbnic: avoid double free when failing to DMA-map FW msg (bsc#1246260).\n- CVE-2025-38349: eventpoll: do not decrement ep refcount while still holding the ep mutex (bsc#1246777).\n- CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781).\n- CVE-2025-38351: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush (bsc#1246782).\n- CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911).\n- CVE-2025-38359: s390/mm: Fix in_atomic() handling in do_secure_storage_access() (bsc#1247076).\n- CVE-2025-38360: drm/amd/display: Add more checks for DSC / HUBP ONO guarantees (bsc#1247078).\n- CVE-2025-38365: btrfs: fix a race between renames and directory logging (bsc#1247023).\n- CVE-2025-38374: optee: ffa: fix sleep in atomic context (bsc#1247024).\n- CVE-2025-38382: btrfs: fix iteration of extrefs during log replay (bsc#1247031).\n- CVE-2025-38383: mm/vmalloc: fix data race in show_numa_info() (bsc#1247250).\n- CVE-2025-38392: idpf: convert control queue mutex to a spinlock (bsc#1247169).\n- CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (bsc#1247156).\n- CVE-2025-38399: scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() (bsc#1247097).\n- CVE-2025-38402: idpf: return 0 size for RSS key if not supported (bsc#1247262).\n- CVE-2025-38408: genirq/irq_sim: Initialize work context pointers properly (bsc#1247126).\n- CVE-2025-38418: remoteproc: core: Release rproc-\u003eclean_table after rproc_attach() fails (bsc#1247137).\n- CVE-2025-38419: remoteproc: core: Cleanup acquired resources when\n rproc_handle_resources() fails in rproc_attach() (bsc#1247136).\n- CVE-2025-38426: drm/amdgpu: Add basic validation for RAS header (bsc#1247252).\n- CVE-2025-38439: bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT (bsc#1247155).\n- CVE-2025-38440: net/mlx5e: Fix race between DIM disable and net_dim() (bsc#1247290).\n- CVE-2025-38441: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() (bsc#1247167).\n- CVE-2025-38444: raid10: cleanup memleak at raid10_make_request (bsc#1247162).\n- CVE-2025-38445: md/raid1: Fix stack memory use after return in raid1_reshape (bsc#1247229).\n- CVE-2025-38451: md/md-bitmap: fix GPF in bitmap_get_stats() (bsc#1247102).\n- CVE-2025-38453: kABI: io_uring: msg_ring ensure io_kiocb freeing is deferred (bsc#1247234).\n- CVE-2025-38456: ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() (bsc#1247099).\n- CVE-2025-38457: net/sched: Abort __tc_modify_qdisc if parent class does not exist (bsc#1247098).\n- CVE-2025-38458: atm: clip: Fix NULL pointer dereference in vcc_sendmsg() (bsc#1247116).\n- CVE-2025-38459: atm: clip: Fix infinite recursive call of clip_push() (bsc#1247119).\n- CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143).\n- CVE-2025-38463: tcp: Correct signedness in skb remaining space calculation (bsc#1247113).\n- CVE-2025-38464: tipc: Fix use-after-free in tipc_conn_close() (bsc#1247112).\n- CVE-2025-38470: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime (bsc#1247288).\n- CVE-2025-38472: netfilter: nf_conntrack: fix crash due to removal of uninitialised entry (bsc#1247313).\n- CVE-2025-38475: smc: Fix various oops due to inet_sock type confusion (bsc#1247308).\n- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239).\n- CVE-2025-38490: net: libwx: remove duplicate page_pool_put_full_page() (bsc#1247243).\n- CVE-2025-38491: mptcp: make fallback action and fallback decision atomic (bsc#1247280).\n- CVE-2025-38493: tracing/osnoise: Fix crash in timerlat_dump_stack() (bsc#1247283).\n- CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347).\n- CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976).\n- CVE-2025-38500: xfrm: interface: fix use-after-free after changing collect_md xfrm interface (bsc#1248088).\n- CVE-2025-38508: x86/sev: Use TSC_FACTOR for Secure TSC frequency calculation (bsc#1248190).\n- CVE-2025-38514: rxrpc: Fix oops due to non-existence of prealloc backlog struct (bsc#1248202).\n- CVE-2025-38524: rxrpc: Fix recv-recv race of completed call (bsc#1248194).\n- CVE-2025-38526: ice: add NULL check in eswitch lag check (bsc#1248192).\n- CVE-2025-38527: smb: client: fix use-after-free in cifs_oplock_break (bsc#1248199).\n- CVE-2025-38533: net: libwx: fix the using of Rx buffer DMA (bsc#1248200).\n- CVE-2025-38539: tracing: Add down_write(trace_event_sem) when adding trace event (bsc#1248211).\n- CVE-2025-38544: rxrpc: Fix bug due to prealloc collision (bsc#1248225).\n- CVE-2025-38545: net: ethernet: ti: am65-cpsw-nuss: Fix skb size by accounting for skb_shared_info (bsc#1248224).\n- CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223).\n- CVE-2025-38549: efivarfs: Fix memory leak of efivarfs_fs_info in fs_context error paths (bsc#1248235).\n- CVE-2025-38554: mm: fix a UAF when vma-\u003emm is freed after vma-\u003evm_refcnt got dropped (bsc#1248299).\n- CVE-2025-38556: HID: core: Harden s32ton() against conversion to 0 bits (bsc#1248296).\n- CVE-2025-38560: x86/sev: Evict cache lines during SNP memory validation (bsc#1248312).\n- CVE-2025-38566: sunrpc: fix handling of server side tls alerts (bsc#1248374).\n- CVE-2025-38571: sunrpc: fix client side handling of tls alerts (bsc#1248401).\n- CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248399).\n- CVE-2025-38574: pptp: ensure minimal skb length in pptp_xmit() (bsc#1248365).\n- CVE-2025-38584: padata: Fix pd UAF once and for all (bsc1248343).\n- CVE-2025-38588: ipv6: prevent infinite loop in rt6_nlmsg_size() (bsc#1248368).\n- CVE-2025-38593: kABI workaround for bluetooth discovery_state change (bsc#1248357).\n- CVE-2025-38597: drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port (bsc#1248378).\n- CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338).\n- CVE-2025-38614: eventpoll: Fix semi-unbounded recursion (bsc#1248392).\n- CVE-2025-38616: tls: handle data disappearing from under the TLS ULP (bsc#1248512).\n- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511).\n- CVE-2025-38622: net: drop UFO packets in udp_rcv_segment() (bsc#1248619).\n- CVE-2025-38623: PCI: pnv_php: Fix surprise plug detection and recovery (bsc#1248610).\n- CVE-2025-38628: vdpa/mlx5: Fix release of uninitialized resources on error path (bsc#1248616).\n- CVE-2025-38639: netfilter: xt_nfacct: do not assume acct name is null-terminated (bsc#1248674).\n- CVE-2025-38640: bpf: Disable migration in nf_hook_run_bpf() (bsc#1248622).\n- CVE-2025-38643: wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() (bsc#1248681).\n- CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248748).\n- CVE-2025-38659: gfs2: No more self recovery (bsc#1248639).\n- CVE-2025-38660: [ceph] parse_longname(): strrchr() expects NUL-terminated string (bsc#1248634).\n- CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628).\n- CVE-2025-38676: iommu/amd: Avoid stack buffer overflow from kernel cmdline (bsc#1248775).\n- CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249126).\n- CVE-2025-38684: net/sched: ets: use old \u0027nbands\u0027 while purging unused classes (bsc#1249156).\n- CVE-2025-38686: userfaultfd: fix a crash in UFFDIO_MOVE when PMD is a migration entry (bsc#1249160).\n- CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn-\u003edd_data only if memory is allocated (bsc#1249182).\n- CVE-2025-38701: ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr (bsc#1249258).\n- CVE-2025-38709: loop: Avoid updating block size under exclusive owner (bsc#1249199).\n- CVE-2025-38710: gfs2: Validate i_depth for exhash directories (bsc#1249201).\n- CVE-2025-38730: io_uring/net: commit partial buffers on retry (bsc#1249172).\n- CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324).\n- CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320).\n- CVE-2025-39677: net/sched: Fix backlog accounting in qdisc_dequeue_internal (bsc#1249300).\n- CVE-2025-39681: x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper (bsc#1249303).\n- CVE-2025-39682: tls: fix handling of zero-length records on the rx_list (bsc#1249284).\n- CVE-2025-39683: tracing: Limit access to parser-\u003ebuffer when trace_get_user failed (bsc#1249286).\n- CVE-2025-39691: fs/buffer: fix use-after-free when call bh_read() helper (bsc#1249374).\n- CVE-2025-39698: io_uring/futex: ensure io_futex_wait() cleans up properly on failure (bsc#1249322).\n- CVE-2025-39703: net, hsr: reject HSR frame if skb can\u0027t hold tag (bsc#1249315).\n- CVE-2025-39723: kABI: netfs: handle new netfs_io_stream flag (bsc#1249314).\n- CVE-2025-39744: rcu: Fix rcu_read_unlock() deadloop due to IRQ work (bsc#1249494).\n- CVE-2025-39749: rcu: Protect -\u003edefer_qs_iw_pending from data race (bsc#1249533).\n- CVE-2025-39754: mm/smaps: fix race between smaps_hugetlb_range and migration (bsc#1249524).\n- CVE-2025-39766: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit (bsc#1249510).\n- CVE-2025-39770: net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM (bsc#1249508).\n- CVE-2025-39773: net: bridge: fix soft lockup in br_multicast_query_expired() (bsc#1249504).\n- CVE-2025-39775: mm/mremap: fix WARN with uffd that has remap events disabled (bsc#1249500).\n- CVE-2025-39782: jbd2: prevent softlockup in jbd2_log_do_checkpoint() (bsc#1249526).\n- CVE-2025-39791: dm: dm-crypt: Do not partially accept write BIOs with zoned targets (bsc#1249550).\n- CVE-2025-39792: dm: Always split write BIOs to zoned device limits (bsc#1249618).\n- CVE-2025-39797: xfrm: xfrm_alloc_spi shouldn\u0027t use 0 as SPI (bsc#1249608).\n- CVE-2025-39813: ftrace: Also allocate and copy hash for reading of filter files (bsc#1250032).\n- CVE-2025-39816: io_uring/kbuf: always use READ_ONCE() to read ring provided buffer lengths (bsc#1249906).\n- CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002).\n- CVE-2025-39825: smb: client: fix race with concurrent opens in rename(2) (bsc#1250179).\n- CVE-2025-39828: kABI workaround for struct atmdev_ops extension (bsc#1250205).\n- CVE-2025-39830: net/mlx5: HWS, Fix memory leak in hws_pool_buddy_init error path (bsc#1249974).\n- CVE-2025-39838: cifs: prevent NULL pointer dereference in UTF16 conversion (bsc#1250365).\n- CVE-2025-39842: ocfs2: prevent release journal inode after journal shutdown (bsc#1250267).\n- CVE-2025-39847: ppp: fix memory leak in pad_compress_skb (bsc#1250292).\n- CVE-2025-39850: vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects (bsc#1250276).\n- CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296).\n- CVE-2025-39852: net/tcp: Fix socket memory leak in TCP-AO failure handling for IPv6 (bsc#1250258).\n- CVE-2025-39853: i40e: Fix potential invalid access when MAC list is empty (bsc#1250275).\n- CVE-2025-39854: ice: fix NULL access of tx-\u003ein_use in ice_ll_ts_intr (bsc#1250297).\n- CVE-2025-39857: net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync() (bsc#1250251).\n- CVE-2025-39865: tee: fix NULL pointer dereference in tee_shm_put (bsc#1250294).\n- CVE-2025-39875: igb: Fix NULL pointer dereference in ethtool loopback test (bsc#1250398).\n- CVE-2025-39885: ocfs2: fix recursive semaphore deadlock in fiemap call (bsc#1250407).\n- CVE-2025-39898: e1000e: fix heap overflow in e1000_set_eeprom (bsc#1250742).\n- CVE-2025-39900: net_sched: gen_estimator: fix est_timer() vs CONFIG_PREEMPT_RT=y (bsc#1250758).\n- CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702).\n- CVE-2025-39922: ixgbe: fix incorrect map used in eee linkmode (bsc#1250722).\n- CVE-2025-39926: genetlink: fix genl_bind() invoking bind() after -EPERM (bsc#1250737).\n- CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230).\n- CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114).\n- CVE-2025-40300: x86/vmscape: Warn when STIBP is disabled with SMT (bsc#1247483).\n- CVE-2026-38264: nvme-tcp: sanitize request list handling (bsc#1246387).\n\nThe following non-security bugs were fixed:\n\n- ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids() (git-fixes).\n- ACPI/processor_idle: Add FFH state handling (jsc#PED-13815).\n- ACPI/processor_idle: Export acpi_processor_ffh_play_dead() (jsc#PED-13815).\n- ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path (stable-fixes).\n- ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered (stable-fixes).\n- ACPI: EC: Add device to acpi_ec_no_wakeup[] qurik list (stable-fixes).\n- ACPI: LPSS: Remove AudioDSP related ID (git-fixes).\n- ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message (git-fixes).\n- ACPI: RISC-V: Fix FFH_CPPC_CSR error handling (git-fixes).\n- ACPI: Return -ENODEV from acpi_parse_spcr() when SPCR support is disabled (stable-fixes).\n- ACPI: Suppress misleading SPCR console message when SPCR table is absent (stable-fixes).\n- ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT (git-fixes).\n- ACPI: battery: Add synchronization between interface updates (git-fixes).\n- ACPI: debug: fix signedness issues in read/write helpers (git-fixes).\n- ACPI: pfr_update: Fix the driver update version check (git-fixes).\n- ACPI: processor: Rescan \"dead\" SMT siblings during initialization (jsc#PED-13815).\n- ACPI: processor: fix acpi_object initialization (stable-fixes).\n- ACPI: processor: idle: Fix memory leak when register cpuidle device failed (git-fixes).\n- ACPI: processor: perflib: Fix initial _PPC limit application (git-fixes).\n- ACPI: processor: perflib: Move problematic pr-\u003eperformance check (git-fixes).\n- ACPI: property: Fix buffer properties extraction for subnodes (git-fixes).\n- ACPICA: Fix largest possible resource descriptor index (git-fixes).\n- ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported (stable-fixes).\n- ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (stable-fixes).\n- ALSA: hda/ca0132: Fix missing error handling in ca0132_alt_select_out() (git-fixes).\n- ALSA: hda/cs35l56: Workaround bad dev-index on Lenovo Yoga Book 9i GenX (stable-fixes).\n- ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model (stable-fixes).\n- ALSA: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx (stable-fixes).\n- ALSA: hda/realtek - Add mute LED support for HP Victus 15-fa0xxx (stable-fixes).\n- ALSA: hda/realtek - Fix mute LED for HP Victus 16-d1xxx (MB 8A26) (stable-fixes).\n- ALSA: hda/realtek - Fix mute LED for HP Victus 16-r0xxx (stable-fixes).\n- ALSA: hda/realtek - Fix mute LED for HP Victus 16-r1xxx (stable-fixes).\n- ALSA: hda/realtek - Fix mute LED for HP Victus 16-s0xxx (stable-fixes).\n- ALSA: hda/realtek: Add ALC295 Dell TAS2781 I2C fixup (git-fixes).\n- ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks (stable-fixes).\n- ALSA: hda/realtek: Add quirk for ASUS ROG Strix G712LWS (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS NUC using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6 (stable-fixes).\n- ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again (git-fixes).\n- ALSA: hda/realtek: Fix headset mic for TongFang X6[AF]R5xxY (stable-fixes).\n- ALSA: hda/realtek: Fix headset mic on ASUS Zenbook 14 (git-fixes).\n- ALSA: hda/realtek: Fix headset mic on HONOR BRB-X (stable-fixes).\n- ALSA: hda/realtek: Fix mute LED mask on HP OMEN 16 laptop (git-fixes).\n- ALSA: hda/realtek: Fix mute led for HP Laptop 15-dw4xx (stable-fixes).\n- ALSA: hda/realtek: add LG gram 16Z90R-A to alc269 fixup table (stable-fixes).\n- ALSA: hda: Disable jack polling at shutdown (stable-fixes).\n- ALSA: hda: Handle the jack polling always via a work (stable-fixes).\n- ALSA: hda: intel-dsp-config: Prevent SEGFAULT if ACPI_HANDLE() is NULL (git-fixes).\n- ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 (stable-fixes).\n- ALSA: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe() (git-fixes).\n- ALSA: lx_core: use int type to store negative error codes (git-fixes).\n- ALSA: pcm: Disable bottom softirqs as part of spin_lock_irq() on PREEMPT_RT (git-fixes).\n- ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop (stable-fixes).\n- ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() (git-fixes).\n- ALSA: timer: fix ida_free call while not allocated (git-fixes).\n- ALSA: usb-audio: Add DSD support for Comtrue USB Audio device (stable-fixes).\n- ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 (stable-fixes).\n- ALSA: usb-audio: Add mute TLV for playback volumes on more devices (stable-fixes).\n- ALSA: usb-audio: Add mute TLV for playback volumes on some devices (stable-fixes).\n- ALSA: usb-audio: Allow Focusrite devices to use low samplerates (git-fixes).\n- ALSA: usb-audio: Avoid multiple assignments in mixer_quirks (stable-fixes).\n- ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros (stable-fixes).\n- ALSA: usb-audio: Convert comma to semicolon (git-fixes).\n- ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks (stable-fixes).\n- ALSA: usb-audio: Fix block comments in mixer_quirks (stable-fixes).\n- ALSA: usb-audio: Fix build with CONFIG_INPUT=n (git-fixes).\n- ALSA: usb-audio: Fix code alignment in mixer_quirks (stable-fixes).\n- ALSA: usb-audio: Fix size validation in convert_chmap_v3() (git-fixes).\n- ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks (stable-fixes).\n- ALSA: usb-audio: Simplify NULL comparison in mixer_quirks (stable-fixes).\n- ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation (git-fixes).\n- ALSA: usb-audio: Validate UAC3 cluster segment descriptors (git-fixes).\n- ALSA: usb-audio: Validate UAC3 power domain descriptors, too (git-fixes).\n- ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free (git-fixes).\n- ALSA: usb-audio: move mixer_quirks\u0027 min_mute into common quirk (stable-fixes).\n- ASoC: Intel: avs: Fix uninitialized pointer error in probe() (stable-fixes).\n- ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping (git-fixes).\n- ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (git-fixes).\n- ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (git-fixes).\n- ASoC: Intel: catpt: Expose correct bit depth to userspace (git-fixes).\n- ASoC: Intel: fix SND_SOC_SOF dependencies (stable-fixes).\n- ASoC: Intel: sof_sdw: Prevent jump to NULL add_sidecar callback (git-fixes).\n- ASoC: SOF: Intel: Read the LLP via the associated Link DMA channel (git-fixes).\n- ASoC: SOF: Intel: hda-pcm: Place the constraint on period time instead of buffer time (git-fixes).\n- ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message (git-fixes).\n- ASoC: SOF: amd: acp-loader: Use GFP_KERNEL for DMA allocations in resume context (git-fixes).\n- ASoC: SOF: ipc3-topology: Fix multi-core and static pipelines tear down (git-fixes).\n- ASoC: SOF: ipc4-topology: Account for different ChainDMA host buffer size (git-fixes).\n- ASoC: SOF: ipc4-topology: Correct the minimum host DMA buffer size (git-fixes).\n- ASoC: SOF: topology: Parse the dapm_widget_tokens in case of DSPless mode (stable-fixes).\n- ASoC: amd: acp: Adjust pdm gain value (stable-fixes).\n- ASoC: amd: yc: Add DMI entries to support HP 15-fb1xxx (stable-fixes).\n- ASoC: amd: yc: Add DMI quirk for HP Laptop 17 cp-2033dx (stable-fixes).\n- ASoC: amd: yc: add DMI quirk for ASUS M6501RM (stable-fixes).\n- ASoC: codecs: rt5640: Retry DEVICE_ID verification (stable-fixes).\n- ASoC: codecs: tx-macro: correct tx_macro_component_drv name (stable-fixes).\n- ASoC: codecs: wcd9375: Fix double free of regulator supplies (git-fixes).\n- ASoC: codecs: wcd937x: Drop unused buck_supply (git-fixes).\n- ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() (stable-fixes).\n- ASoC: fsl_sai: replace regmap_write with regmap_update_bits (git-fixes).\n- ASoC: fsl_xcvr: get channel status data when PHY is not exists (git-fixes).\n- ASoC: hdac_hdmi: Rate limit logging on connection and disconnection (stable-fixes).\n- ASoC: imx-hdmi: remove cpu_pdev related code (git-fixes).\n- ASoC: mediatek: mt8365-dai-i2s: pass correct size to mt8365_dai_set_priv (git-fixes).\n- ASoC: mediatek: use reserved memory or enable buffer pre-allocation (git-fixes).\n- ASoC: ops: dynamically allocate struct snd_ctl_elem_value (git-fixes).\n- ASoC: qcom: audioreach: Fix lpaif_type configuration for the I2S interface (git-fixes).\n- ASoC: qcom: audioreach: fix potential null pointer dereference (git-fixes).\n- ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed (git-fixes).\n- ASoC: qcom: q6apm-lpass-dais: Fix missing set_fmt DAI op for I2S (git-fixes).\n- ASoC: qcom: use drvdata instead of component to keep id (stable-fixes).\n- ASoC: rt5682s: Adjust SAR ADC button mode to fix noise issue (stable-fixes).\n- ASoC: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask() (git-fixes).\n- ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed (stable-fixes).\n- ASoC: tas2781: Fix the wrong step for TLV on tas2781 (git-fixes).\n- ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() (git-fixes).\n- ASoC: wm8940: Correct PLL rate rounding (git-fixes).\n- ASoC: wm8940: Correct typo in control name (git-fixes).\n- ASoC: wm8974: Correct PLL rate rounding (git-fixes).\n- Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (git-fixes).\n- Bluetooth: ISO: Fix possible UAF on iso_conn_free (git-fixes).\n- Bluetooth: ISO: do not leak skb in ISO_CONT RX (git-fixes).\n- Bluetooth: ISO: free rx_skb if not consumed (git-fixes).\n- Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO (git-fixes).\n- Bluetooth: MGMT: Fix possible UAFs (git-fixes).\n- Bluetooth: btmtk: Fix wait_on_bit_timeout interruption during shutdown (git-fixes).\n- Bluetooth: btusb: Add USB ID 2001:332a for D-Link AX9U rev. A1 (stable-fixes).\n- Bluetooth: btusb: Add USB ID 3625:010b for TP-LINK Archer TX10UB Nano (stable-fixes).\n- Bluetooth: btusb: Add new VID/PID 0489/e14e for MT7925 (stable-fixes).\n- Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync() (git-fixes).\n- Bluetooth: hci_core: Fix using {cis,bis}_capable for current settings (git-fixes).\n- Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced (git-fixes).\n- Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync (git-fixes).\n- Bluetooth: hci_event: Mark connection as closed during suspend disconnect (git-fixes).\n- Bluetooth: hci_event: Mask data status from LE ext adv reports (git-fixes).\n- Bluetooth: hci_event: Treat UNKNOWN_CONN_ID on disconnect as success (git-fixes).\n- Bluetooth: hci_event: fix MTU for BN == 0 in CIS Established (git-fixes).\n- Bluetooth: hci_sock: Reset cookie to zero in hci_sock_free_cookie() (stable-fixes).\n- Bluetooth: hci_sync: Avoid adding default advertising on startup (stable-fixes).\n- Bluetooth: hci_sync: Fix hci_resume_advertising_sync (git-fixes).\n- Bluetooth: hci_sync: Fix scan state after PA Sync has been established (git-fixes).\n- Bluetooth: hci_sync: Fix using random address for BIG/PA advertisements (git-fixes).\n- Bluetooth: hci_sync: Prevent unintended PA sync when SID is 0xFF (git-fixes).\n- Bluetooth: hci_sync: fix set_local_name race condition (git-fixes).\n- Bluetooth: vhci: Prevent use-after-free by removing debugfs files early (git-fixes).\n- CONFIG \u0026 no reference -\u003e OK temporarily, must be resolved eventually\n- Disable CET before shutdown by tboot (bsc#1247950).\n- Docs/ABI: Fix sysfs-kernel-address_bits path (git-fixes).\n- Documentation/x86: Document new attack vector controls (git-fixes).\n- Documentation: ACPI: Fix parent device references (git-fixes).\n- Documentation: KVM: Fix unexpected unindent warning (git-fixes).\n- Documentation: KVM: Fix unexpected unindent warnings (git-fixes).\n- Documentation: usb: gadget: Wrap remaining usage snippets in literal code block (git-fixes).\n- Drop ath12k patch that was reverted in the upstream (git-fixes)\n- EDAC/{i10nm,skx,skx_common}: Support UV systems (bsc#1234693).\n- Enable CONFIG_CMA_SYSFS This is a generally useful feature for anyone\n using CMA or investigating CMA issues, with a small and simple code base\n and no runtime overhead.\n- Enable MT7925 WiFi drivers for openSUSE Leap 16.0 (bsc#1247325)\n- Enable SMC_LO (a.k.a SMC-D) (jsc#PED-13256).\n- Fix bogus i915 patch backport (bsc#1238972) It\u0027s been already cherry-picked in 6.12 kernel itself.\n- Fix dma_unmap_sg() nents value (git-fixes)\n- HID: amd_sfh: Add sync across amd sfh work functions (git-fixes).\n- HID: apple: avoid setting up battery timer for devices without battery (git-fixes).\n- HID: apple: validate feature-report field count to prevent NULL pointer dereference (git-fixes).\n- HID: asus: add support for missing PX series fn keys (stable-fixes).\n- HID: asus: fix UAF via HID_CLAIMED_INPUT validation (git-fixes).\n- HID: core: do not bypass hid_hw_raw_request (stable-fixes).\n- HID: core: ensure the allocated report buffer can contain the reserved report ID (stable-fixes).\n- HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() (stable-fixes).\n- HID: hidraw: tighten ioctl command parsing (git-fixes).\n- HID: input: rename hidinput_set_battery_charge_status() (stable-fixes).\n- HID: input: report battery status changes immediately (git-fixes).\n- HID: intel-ish-ipc: Remove redundant ready check after timeout function (git-fixes).\n- HID: logitech: Add ids for G PRO 2 LIGHTSPEED (stable-fixes).\n- HID: magicmouse: avoid setting up battery timer when not needed (git-fixes).\n- HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() (git-fixes).\n- HID: quirks: add support for Legion Go dual dinput modes (stable-fixes).\n- HID: wacom: Add a new Art Pen 2 (stable-fixes).\n- IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions (git-fixes)\n- IB/sa: Fix sa_local_svc_timeout_ms read race (git-fixes)\n- Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table (stable-fixes).\n- Input: iqs7222 - avoid enabling unused interrupts (stable-fixes).\n- Input: psxpad-spi - add a check for the return value of spi_setup() (git-fixes).\n- Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak (git-fixes).\n- KEYS: X.509: Fix Basic Constraints CA flag parsing (git-fixes).\n- KEYS: trusted_tpm1: Compare HMAC values in constant time (git-fixes).\n- KVM: Allow CPU to reschedule while setting per-page memory attributes (git-fixes).\n- KVM: Bail from the dirty ring reset flow if a signal is pending (git-fixes).\n- KVM: Bound the number of dirty ring entries in a single reset at INT_MAX (git-fixes).\n- KVM: Conditionally reschedule when resetting the dirty ring (git-fixes).\n- KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199).\n- KVM: SVM: Disable interception of SPEC_CTRL iff the MSR exists for the guest (git-fixes).\n- KVM: SVM: Fix SNP AP destroy race with VMRUN (git-fixes).\n- KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight (git-fixes).\n- KVM: TDX: Add new TDVMCALL status code for unsupported subfuncs (jsc#PED-13302).\n- KVM: TDX: Do not report base TDVMCALLs (git-fixes).\n- KVM: TDX: Exit to userspace for GetTdVmCallInfo (jsc#PED-13302).\n- KVM: TDX: Exit to userspace for SetupEventNotifyInterrupt (jsc#PED-13302).\n- KVM: TDX: Handle TDG.VP.VMCALL\u0026lt;GetQuote\u003e (jsc#PED-13302).\n- KVM: TDX: Report supported optional TDVMCALLs in TDX capabilities (jsc#PED-13302).\n- KVM: TDX: Use kvm_arch_vcpu.host_debugctl to restore the host\u0027s DEBUGCTL (git-fixes).\n- KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest (git-fixes).\n- KVM: VMX: Ensure unused kvm_tdx_capabilities fields are zeroed out (jsc#PED-13302).\n- KVM: arm64: Adjust range correctly during host stage-2 faults (git-fixes).\n- KVM: arm64: Do not free hyp pages with pKVM on GICv2 (git-fixes).\n- KVM: arm64: Fix error path in init_hyp_mode() (git-fixes).\n- KVM: arm64: Mark freed S2 MMUs as invalid (git-fixes).\n- KVM: arm64: vgic: fix incorrect spinlock API usage (git-fixes).\n- KVM: s390: Fix access to unavailable adapter indicator pages during postcopy (git-fixes bsc#1250124).\n- KVM: s390: Fix incorrect usage of mmu_notifier_register() (git-fixes bsc#1250123).\n- KVM: x86/mmu: Locally cache whether a PFN is host MMIO when making a SPTE (git-fixes).\n- KVM: x86/xen: Allow \u0027out of range\u0027 event channel ports in IRQ routing table (git-fixes).\n- KVM: x86: Avoid calling kvm_is_mmio_pfn() when kvm_x86_ops.get_mt_mask is NULL (git-fixes).\n- KVM: x86: Convert vcpu_run()\u0027s immediate exit param into a generic bitmap (git-fixes).\n- KVM: x86: Drop pending_smi vs. INIT_RECEIVED check when setting MP_STATE (git-fixes).\n- KVM: x86: Reject KVM_SET_TSC_KHZ vCPU ioctl for TSC protected guest (git-fixes).\n- KVM: x86: avoid underflow when scaling TSC frequency (git-fixes).\n- Limit patch filenames to 100 characters (bsc#1249604).\n- Move upstreamed SPI patch into sorted section\n- NFS: Fix a race when updating an existing write (git-fixes).\n- NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (git-fixes).\n- NFS: Fix the setting of capabilities when automounting a new filesystem (git-fixes).\n- NFS: Fix wakeup of __nfs_lookup_revalidate() in unblock_revalidate() (git-fixes).\n- NFS: Fixup allocation flags for nfsiod\u0027s __GFP_NORETRY (git-fixes).\n- NFS: nfs_invalidate_folio() must observe the offset and size arguments (git-fixes).\n- NFSD: Define a proc_layoutcommit for the FlexFiles layout type (git-fixes).\n- NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() (git-fixes).\n- NFSD: detect mismatch of file handle and delegation stateid in OPEN op (git-fixes).\n- NFSv4.1: fix backchannel max_resp_sz verification check (git-fixes).\n- NFSv4.2: another fix for listxattr (git-fixes).\n- NFSv4/flexfiles: Fix layout merge mirror check (git-fixes).\n- NFSv4: Clear NFS_CAP_OPEN_XOR and NFS_CAP_DELEGTIME if not supported (git-fixes).\n- NFSv4: Clear the NFS_CAP_FS_LOCATIONS flag if it is not set (git-fixes).\n- NFSv4: Clear the NFS_CAP_XATTR flag if not supported by the server (git-fixes).\n- NFSv4: Do not clear capabilities that won\u0027t be reset (git-fixes).\n- Octeontx2-af: Skip overlap check for SPI field (git-fixes).\n- PCI/ACPI: Fix pci_acpi_preserve_config() memory leak (git-fixes).\n- PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (git-fixes).\n- PCI/AER: Fix missing uevent on recovery when a reset is requested (git-fixes).\n- PCI/ERR: Fix uevent on failure to recover (git-fixes).\n- PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV (git-fixes).\n- PCI/MSI: Export pci_msix_prepare_desc() for dynamic MSI-X allocations (bsc#1245457).\n- PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge (git-fixes).\n- PCI/pwrctrl: Fix device leak at registration (git-fixes).\n- PCI/sysfs: Ensure devices are powered for config reads (git-fixes).\n- PCI: Extend isolated function probing to LoongArch (git-fixes).\n- PCI: Rename PCIE_RESET_CONFIG_DEVICE_WAIT_MS to PCIE_RESET_CONFIG_WAIT_MS (git-fixes).\n- PCI: Support Immediate Readiness on devices without PM capabilities (git-fixes).\n- PCI: dw-rockchip: Replace PERST# sleep time with proper macro (git-fixes).\n- PCI: dw-rockchip: Wait PCIE_RESET_CONFIG_WAIT_MS after link-up IRQ (git-fixes).\n- PCI: dwc: Ensure that dw_pcie_wait_for_link() waits 100 ms after link up (stable-fixes).\n- PCI: endpoint: Fix configfs group list head handling (git-fixes).\n- PCI: endpoint: Fix configfs group removal on driver teardown (git-fixes).\n- PCI: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem attribute (git-fixes).\n- PCI: endpoint: pci-epf-vntb: Return -ENOENT if pci_epc_get_next_free_bar() fails (git-fixes).\n- PCI: hv: Allow dynamic MSI-X vector allocation (bsc#1245457).\n- PCI: imx6: Add IMX8MM_EP and IMX8MP_EP fixed 256-byte BAR 4 in epc_features (git-fixes).\n- PCI: imx6: Add IMX8MQ_EP third 64-bit BAR in epc_features (git-fixes).\n- PCI: imx6: Add i.MX8Q PCIe Endpoint (EP) support (git-fixes).\n- PCI: imx6: Delay link start until configfs \u0027start\u0027 written (git-fixes).\n- PCI: imx6: Remove apps_reset toggling from imx_pcie_{assert/deassert}_core_reset (git-fixes).\n- PCI: j721e: Fix incorrect error message in probe() (git-fixes).\n- PCI: j721e: Fix programming sequence of \"strap\" settings (git-fixes).\n- PCI: keystone: Use devm_request_irq() to free \"ks-pcie-error-irq\" on exit (git-fixes).\n- PCI: pnv_php: Clean up allocated IRQs on unplug (bsc#1215199).\n- PCI: pnv_php: Work around switches with broken presence detection (bsc#1215199).\n- PCI: qcom: Wait PCIE_RESET_CONFIG_WAIT_MS after link-up IRQ (git-fixes).\n- PCI: rcar-gen4: Add missing 1ms delay after PWR reset assertion (git-fixes).\n- PCI: rcar-gen4: Assure reset occurs before DBI access (git-fixes).\n- PCI: rcar-gen4: Fix PHY initialization (git-fixes).\n- PCI: rcar-gen4: Fix inverted break condition in PHY initialization (git-fixes).\n- PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock (git-fixes).\n- PCI: rcar-host: Drop PMSR spinlock (git-fixes).\n- PCI: rockchip-host: Fix \"Unexpected Completion\" log message (git-fixes).\n- PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining (git-fixes).\n- PCI: rockchip: Use standard PCIe definitions (git-fixes).\n- PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq() (git-fixes).\n- PCI: tegra194: Fix duplicate PLL disable in pex_ep_event_pex_rst_assert() (git-fixes).\n- PCI: tegra194: Handle errors in BPMP response (git-fixes).\n- PCI: tegra194: Reset BARs when running in PCIe endpoint mode (git-fixes).\n- PCI: tegra: Convert struct tegra_msi mask_lock into raw spinlock (git-fixes).\n- PCI: tegra: Fix devm_kcalloc() argument order for port-\u003ephys allocation (git-fixes).\n- PCI: xilinx-nwl: Fix ECAM programming (git-fixes).\n- PM / devfreq: Check governor before using governor-\u003ename (git-fixes).\n- PM / devfreq: Fix a index typo in trans_stat (git-fixes).\n- PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() (stable-fixes).\n- PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() (git-fixes).\n- PM / devfreq: rockchip-dfi: double count on RK3588 (git-fixes).\n- PM: EM: use kfree_rcu() to simplify the code (stable-fixes).\n- PM: cpufreq: powernv/tracing: Move powernv_throttle trace event (git-fixes).\n- PM: hibernate: Add pm_hibernation_mode_is_suspend() (bsc#1243112).\n- PM: hibernate: Add stub for pm_hibernate_is_recovering() (bsc#1243112).\n- PM: hibernate: Fix pm_hibernation_mode_is_suspend() build breakage (bsc#1243112).\n- PM: hibernate: add new api pm_hibernate_is_recovering() (bsc#1243112).\n- PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() (stable-fixes).\n- PM: runtime: Take active children into account in pm_runtime_get_if_in_use() (git-fixes).\n- PM: sleep: console: Fix the black screen issue (stable-fixes).\n- PM: sleep: core: Clear power.must_resume in noirq suspend error path (git-fixes).\n- RAS/AMD/ATL: Include row bit in row retirement (bsc#1242034).\n- RAS/AMD/FMPM: Get masked address (bsc#1242034).\n- RDMA/bnxt_re: Fix a possible memory leak in the driver (git-fixes)\n- RDMA/bnxt_re: Fix size of uverbs_copy_to() in BNXT_RE_METHOD_GET_TOGGLE_MEM (git-fixes)\n- RDMA/bnxt_re: Fix to do SRQ armena by default (git-fixes)\n- RDMA/bnxt_re: Fix to initialize the PBL array (git-fixes)\n- RDMA/bnxt_re: Fix to remove workload check in SRQ limit path (git-fixes)\n- RDMA/cm: Rate limit destroy CM ID timeout error message (git-fixes)\n- RDMA/core: Rate limit GID cache warning messages (git-fixes)\n- RDMA/core: Resolve MAC of next-hop device without ARP support (git-fixes)\n- RDMA/core: reduce stack using in nldev_stat_get_doit() (git-fixes)\n- RDMA/counter: Check CAP_NET_RAW check in user namespace for RDMA counters (git-fixes)\n- RDMA/erdma: Fix ignored return value of init_kernel_qp (git-fixes)\n- RDMA/hns: Drop GFP_NOWARN (git-fixes)\n- RDMA/hns: Fix -Wframe-larger-than issue (git-fixes)\n- RDMA/hns: Fix HW configurations not cleared in error flow (git-fixes)\n- RDMA/hns: Fix accessing uninitialized resources (git-fixes)\n- RDMA/hns: Fix dip entries leak on devices newer than hip09 (git-fixes)\n- RDMA/hns: Fix double destruction of rsv_qp (git-fixes)\n- RDMA/hns: Fix querying wrong SCC context for DIP algorithm (git-fixes)\n- RDMA/hns: Get message length of ack_req from FW (git-fixes)\n- RDMA/mana_ib: Add device statistics support (bsc#1246651).\n- RDMA/mana_ib: Drain send wrs of GSI QP (bsc#1251135).\n- RDMA/mana_ib: Extend modify QP (bsc#1251135).\n- RDMA/mana_ib: Fix DSCP value in modify QP (git-fixes).\n- RDMA/mana_ib: add additional port counters (git-fixes).\n- RDMA/mana_ib: add support of multiple ports (git-fixes).\n- RDMA/mlx5: Better estimate max_qp_wr to reflect WQE count (git-fixes)\n- RDMA/mlx5: Check CAP_NET_RAW in user namespace for anchor create (git-fixes)\n- RDMA/mlx5: Check CAP_NET_RAW in user namespace for devx create (git-fixes)\n- RDMA/mlx5: Check CAP_NET_RAW in user namespace for flow create (git-fixes)\n- RDMA/mlx5: Fix UMR modifying of mkey page size (git-fixes)\n- RDMA/mlx5: Fix compilation warning when USER_ACCESS isn\u0027t set (git-fixes)\n- RDMA/mlx5: Fix vport loopback forcing for MPV device (git-fixes)\n- RDMA/nldev: Check CAP_NET_RAW in user namespace for QP modify (git-fixes)\n- RDMA/rxe: Fix race in do_task() when draining (git-fixes)\n- RDMA/rxe: Flush delayed SKBs while releasing RXE resources (git-fixes)\n- RDMA/siw: Always report immediate post SQ errors (git-fixes)\n- RDMA/siw: Fix the sendmsg byte count in siw_tcp_sendpages (git-fixes)\n- RDMA/uverbs: Add empty rdma_uattrs_has_raw_cap() declaration (git-fixes)\n- RDMA/uverbs: Check CAP_NET_RAW in user namespace for QP create (git-fixes)\n- RDMA/uverbs: Check CAP_NET_RAW in user namespace for RAW QP create (git-fixes)\n- RDMA/uverbs: Check CAP_NET_RAW in user namespace for flow create (git-fixes)\n- RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (git-fixes)\n- README.BRANCH: mfranc@suse.cz leaving SUSE\n- RISC-V: Add defines for the SBI nested acceleration extension (jsc#PED-348).\n- Reapply \"wifi: mac80211: Update skb\u0027s control block key in ieee80211_tx_dequeue()\" (git-fixes).\n- Reapply \"x86/smp: Eliminate mwait_play_dead_cpuid_hint()\" (jsc#PED-13815).\n- Revert \"SUNRPC: Do not allow waiting for exiting tasks\" (git-fixes).\n- Revert \"drm/amdgpu: fix incorrect vm flags to map bo\" (stable-fixes).\n- Revert \"drm/nouveau: check ioctl command codes better\" (git-fixes).\n- Revert \"gpio: mlxbf3: only get IRQ for device instance 0\" (git-fixes).\n- Revert \"leds: trigger: netdev: Configure LED blink interval for HW offload\" (git-fixes).\n- Revert \"mac80211: Dynamically set CoDel parameters per station\" (stable-fixes).\n- Revert \"usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running\" (git-fixes).\n- Revert \"vgacon: Add check for vc_origin address range in vgacon_scroll()\" (stable-fixes).\n- Revert \"wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO\" (git-fixes).\n- SUNRPC: call xs_sock_process_cmsg for all cmsg (git-fixes).\n- Squashfs: add additional inode sanity checking (git-fixes).\n- Squashfs: fix uninit-value in squashfs_get_parent (git-fixes).\n- Squashfs: reject negative file sizes in squashfs_read_inode() (git-fixes).\n- USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels (git-fixes).\n- USB: gadget: f_hid: Fix memory leak in hidg_bind error path (git-fixes).\n- USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI (stable-fixes).\n- USB: serial: option: add Foxconn T99W640 (stable-fixes).\n- USB: serial: option: add Foxconn T99W709 (stable-fixes).\n- USB: serial: option: add SIMCom 8230C compositions (stable-fixes).\n- USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition (stable-fixes).\n- USB: serial: option: add Telit Cinterion FN990A w/audio compositions (stable-fixes).\n- USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions (stable-fixes).\n- USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera (stable-fixes).\n- USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles (stable-fixes).\n- Update config files. (bsc#1249186) Enable where we define KABI refs + rely on Kconfig deps.\n- Update config files: revive pwc driver for Leap (bsc#1249060)\n- accel/habanalabs/gaudi2: Use kvfree() for memory allocated with kvcalloc() (git-fixes).\n- accel/ivpu: Correct DCT interrupt handling (git-fixes).\n- accel/ivpu: Fix reset_engine debugfs file logic (stable-fixes).\n- accel/ivpu: Fix warning in ivpu_gem_bo_free() (git-fixes).\n- accel/ivpu: Prevent recovery work from being queued during device removal (git-fixes).\n- amdgpu/amdgpu_discovery: increase timeout limit for IFWI init (stable-fixes).\n- aoe: defer rexmit timer downdev work to workqueue (git-fixes).\n- arch/powerpc: Remove .interp section in vmlinux (bsc#1215199).\n- arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() (git-fixes)\n- arm64/mm: Check PUD_TYPE_TABLE in pud_bad() (git-fixes)\n- arm64/mm: Check pmd_table() in pmd_trans_huge() (git-fixes)\n- arm64/mm: Close theoretical race where stale TLB entry remains valid (git-fixes)\n- arm64/mm: Drop wrong writes into TCR2_EL1 (git-fixes)\n- arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes)\n- arm64/sysreg: Add register fields for HDFGRTR2_EL2 (git-fixes)\n- arm64/sysreg: Add register fields for HDFGWTR2_EL2 (git-fixes)\n- arm64/sysreg: Add register fields for HFGITR2_EL2 (git-fixes)\n- arm64/sysreg: Add register fields for HFGRTR2_EL2 (git-fixes)\n- arm64/sysreg: Add register fields for HFGWTR2_EL2 (git-fixes)\n- arm64/sysreg: Update register fields for ID_AA64MMFR0_EL1 (git-fixes)\n- arm64: Filter out SME hwcaps when FEAT_SME isn\u0027t implemented (git-fixes)\n- arm64: Handle KCOV __init vs inline mismatches (git-fixes)\n- arm64: Mark kernel as tainted on SAE and SError panic (git-fixes)\n- arm64: Restrict pagetable teardown to avoid false warning (git-fixes)\n- arm64: config: Make tpm_tis_spi module build-in (bsc#1246896)\n- arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD (git-fixes)\n- arm64: dts: add big-endian property back into watchdog node (git-fixes)\n- arm64: dts: apple: Add ethernet0 alias for J375 template (git-fixes)\n- arm64: dts: apple: t8103-j457: Fix PCIe ethernet iommu-map (git-fixes)\n- arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename (git-fixes)\n- arm64: dts: exynos: gs101: Add \u0027local-timer-stop\u0027 to cpuidle nodes (git-fixes)\n- arm64: dts: exynos: gs101: ufs: add dma-coherent property (git-fixes)\n- arm64: dts: freescale: imx8mm-verdin: Keep LDO5 always on (git-fixes)\n- arm64: dts: freescale: imx93-tqma9352: Limit BUCK2 to 600mV (git-fixes)\n- arm64: dts: imx8mm-beacon: Fix HS400 USDHC clock speed (git-fixes)\n- arm64: dts: imx8mm-beacon: Fix RTC capacitive load (git-fixes)\n- arm64: dts: imx8mm-beacon: Set SAI5 MCLK direction to output for HDMI (git-fixes)\n- arm64: dts: imx8mm-venice-gw700x: Increase HS400 USDHC clock speed (git-fixes)\n- arm64: dts: imx8mm-venice-gw7901: Increase HS400 USDHC clock speed (git-fixes)\n- arm64: dts: imx8mm-venice-gw7902: Increase HS400 USDHC clock speed (git-fixes)\n- arm64: dts: imx8mm-venice-gw7903: Increase HS400 USDHC clock speed (git-fixes)\n- arm64: dts: imx8mm-venice-gw7904: Increase HS400 USDHC clock speed (git-fixes)\n- arm64: dts: imx8mn-beacon: Fix HS400 USDHC clock speed (git-fixes)\n- arm64: dts: imx8mn-beacon: Fix RTC capacitive load (git-fixes)\n- arm64: dts: imx8mn-beacon: Set SAI5 MCLK direction to output for HDMI (git-fixes)\n- arm64: dts: imx8mn-venice-gw7902: Increase HS400 USDHC clock speed (git-fixes)\n- arm64: dts: imx8mp-beacon: Fix RTC capacitive load (git-fixes)\n- arm64: dts: imx8mp-tqma8mpql: fix LDO5 power off (git-fixes)\n- arm64: dts: imx8mp-venice-gw702x: Increase HS400 USDHC clock speed (git-fixes)\n- arm64: dts: imx8mp-venice-gw71xx: fix TPM SPI frequency (git-fixes)\n- arm64: dts: imx8mp-venice-gw72xx: fix TPM SPI frequency (git-fixes)\n- arm64: dts: imx8mp-venice-gw73xx: fix TPM SPI frequency (git-fixes)\n- arm64: dts: imx8mp-venice-gw74xx: fix TPM SPI frequency (git-fixes)\n- arm64: dts: imx8mp: Correct thermal sensor index (git-fixes)\n- arm64: dts: imx8mp: Fix missing microSD slot vqmmc on DH electronics (git-fixes)\n- arm64: dts: imx8mp: Fix missing microSD slot vqmmc on Data Modul (git-fixes)\n- arm64: dts: imx93-kontron: Fix GPIO for panel regulator (git-fixes)\n- arm64: dts: imx93-kontron: Fix USB port assignment (git-fixes)\n- arm64: dts: imx95: Correct the DMA interrupter number of pcie0_ep (git-fixes)\n- arm64: dts: imx95: Correct the lpuart7 and lpuart8 srcid (git-fixes)\n- arm64: dts: marvell: cn9132-clearfog: disable eMMC high-speed modes (git-fixes)\n- arm64: dts: marvell: cn9132-clearfog: fix multi-lane pci x2 and x4 (git-fixes)\n- arm64: dts: rockchip: Add cd-gpios for sdcard detect on Cool Pi 4B (git-fixes).\n- arm64: dts: rockchip: Add cd-gpios for sdcard detect on Cool Pi CM5 (git-fixes)\n- arm64: dts: rockchip: Add vcc-supply to SPI flash on (git-fixes)\n- arm64: dts: rockchip: Add vcc-supply to SPI flash on rk3566-rock3c (git-fixes)\n- arm64: dts: rockchip: Fix Bluetooth interrupts flag on Neardi LBA3368 (git-fixes)\n- arm64: dts: rockchip: Fix the headphone detection on the orangepi 5 (git-fixes)\n- arm64: dts: rockchip: Move SHMEM memory to reserved memory on rk3588 (git-fixes)\n- arm64: dts: rockchip: Update eMMC for NanoPi R5 series (git-fixes)\n- arm64: dts: rockchip: disable unrouted USB controllers and PHY on (git-fixes)\n- arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma (git-fixes)\n- arm64: dts: rockchip: fix endpoint dtc warning for PX30 ISP (git-fixes)\n- arm64: dts: rockchip: fix internal USB hub instability on RK3399 Puma (git-fixes)\n- arm64: dts: rockchip: use cs-gpios for spi1 on ringneck (git-fixes)\n- arm64: dts: st: fix timer used for ticks (git-fixes)\n- arm64: ftrace: fix unreachable PLT for ftrace_caller in init_module (git-fixes)\n- arm64: map [_text, _stext) virtual address range (git-fixes)\n- arm64: mte: Do not flag the zero page as PG_mte_tagged (git-fixes)\n- arm64: poe: Handle spurious Overlay faults (git-fixes)\n- arm64: rust: clean Rust 1.85.0 warning using softfloat target (git-fixes)\n- arm64: stacktrace: Check kretprobe_find_ret_addr() return value (git-fixes)\n- arm64: tegra: Add uartd serial alias for Jetson TX1 module (git-fixes)\n- arm64: tegra: Drop remaining serial clock-names and reset-names (git-fixes)\n- arm64: tegra: Resize aperture for the IGX PCIe C5 slot (git-fixes)\n- arm64: tegra: p2597: Fix gpio for vdd-1v8-dis regulator (git-fixes)\n- arm64: zynqmp: add clock-output-names property in clock nodes (git-fixes)\n- ata: ahci: Disable DIPM if host lacks support (stable-fixes).\n- ata: ahci: Disallow LPM policy control if not supported (stable-fixes).\n- ata: libata-sata: Add link_power_management_supported sysfs attribute (git-fixes).\n- ata: libata-sata: Disallow changing LPM state if not supported (stable-fixes).\n- ata: libata-scsi: Fix CDL control (git-fixes).\n- audit,module: restore audit logging in load failure case (git-fixes).\n- ax25: properly unshare skbs in ax25_kiss_rcv() (git-fixes).\n- batman-adv: fix OOB read/write in network-coding decode (git-fixes).\n- benet: fix BUG when creating VFs (git-fixes).\n- block: Introduce bio_needs_zone_write_plugging() (git-fixes).\n- block: Make REQ_OP_ZONE_FINISH a write operation (git-fixes, bsc#1249552).\n- block: ensure discard_granularity is zero when discard is not supported (git-fixes).\n- block: fix kobject leak in blk_unregister_queue (git-fixes).\n- block: mtip32xx: Fix usage of dma_map_sg() (git-fixes).\n- block: sanitize chunk_sectors for atomic write limits (git-fixes).\n- bnxt_en: Add a helper function to configure MRU and RSS (git-fixes).\n- bnxt_en: Adjust TX rings if reservation is less than requested (git-fixes).\n- bnxt_en: Fix DCB ETS validation (git-fixes).\n- bnxt_en: Fix memory corruption when FW resources change during ifdown (git-fixes).\n- bnxt_en: Fix stats context reservation logic (git-fixes).\n- bnxt_en: Flush FW trace before copying to the coredump (git-fixes).\n- bnxt_en: Update MRU and RSS table of RSS contexts on queue reset (git-fixes).\n- bnxt_en: eliminate the compile warning in bnxt_request_irq due to CONFIG_RFS_ACCEL (git-fixes).\n- bpf, arm64: Call bpf_jit_binary_pack_finalize() in bpf_jit_free() (git-fixes)\n- bpf, arm64: Fix fp initialization for exception boundary (git-fixes)\n- bpf, docs: Fix broken link to renamed bpf_iter_task_vmas.c (git-fixes).\n- bpf, sockmap: Fix psock incorrectly pointing to sk (git-fixes).\n- bpf: Adjust free target to avoid global starvation of LRU map (git-fixes).\n- bpf: Allow XDP dev-bound programs to perform XDP_REDIRECT into maps (git-fixes).\n- bpf: Avoid RCU context warning when unpinning htab with internal structs (git-fixes).\n- bpf: Check link_create.flags parameter for multi_kprobe (git-fixes).\n- bpf: Check link_create.flags parameter for multi_uprobe (git-fixes).\n- bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} (git-fixes).\n- bpf: Fix uninitialized values in BPF_{CORE,PROBE}_READ (git-fixes).\n- bpf: Forget ranges when refining tnum after JSET (git-fixes).\n- bpf: Make reg_not_null() true for CONST_PTR_TO_MAP (git-fixes).\n- bpf: Only fails the busy counter check in bpf_cgrp_storage_get if it creates storage (git-fixes).\n- bpf: Reject %p% format string in bprintf-like helpers (git-fixes).\n- bpf: Reject attaching fexit/fmod_ret to __noreturn functions (git-fixes).\n- bpf: Reject narrower access to pointer ctx fields (git-fixes).\n- bpf: Return prog btf_id without capable check (git-fixes).\n- bpf: Use preempt_count() directly in bpf_send_signal_common() (git-fixes).\n- bpf: Use proper type to calculate bpf_raw_tp_null_args.mask index (git-fixes).\n- bpf: fix possible endless loop in BPF map iteration (git-fixes).\n- btrfs: abort transaction during log replay if walk_log_tree() failed (git-fixes).\n- btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() (git-fixes).\n- btrfs: add assertions and comment about path expectations to btrfs_cross_ref_exist() (git-fixes).\n- btrfs: add debug build only WARN (bsc#1249038).\n- btrfs: add function comment for check_committed_ref() (git-fixes).\n- btrfs: always abort transaction on failure to add block group to free space tree (git-fixes).\n- btrfs: avoid load/store tearing races when checking if an inode was logged (git-fixes).\n- btrfs: avoid redundant call to get inline ref type at check_committed_ref() (git-fixes).\n- btrfs: avoid starting new transaction when cleaning qgroup during subvolume drop (git-fixes).\n- btrfs: clear dirty status from extent buffer on error at insert_new_root() (git-fixes).\n- btrfs: codify pattern for adding block_group to bg_list (git-fixes).\n- btrfs: convert ASSERT(0) with handled errors to DEBUG_WARN() (bsc#1249038).\n- btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling (git-fixes).\n- btrfs: correctly escape subvol in btrfs_show_options() (git-fixes).\n- btrfs: do not allow relocation of partially dropped subvolumes (bsc#1249540).\n- btrfs: do not ignore inode missing when replaying log tree (git-fixes).\n- btrfs: do not output error message if a qgroup has been already cleaned up (git-fixes).\n- btrfs: do not return VM_FAULT_SIGBUS on failure to set delalloc for mmap write (bsc#1247949).\n- btrfs: do not silently ignore unexpected extent type when replaying log (git-fixes).\n- btrfs: do not skip remaining extrefs if dir not found during log replay (git-fixes).\n- btrfs: enhance ASSERT() to take optional format string (bsc#1249038).\n- btrfs: error on missing block group when unaccounting log tree extent buffers (git-fixes).\n- btrfs: exit after state split error at set_extent_bit() (git-fixes).\n- btrfs: explicitly ref count block_group on new_bgs list (bsc#1243068)\n- btrfs: fix -ENOSPC mmap write failure on NOCOW files/extents (bsc#1247949).\n- btrfs: fix assertion when building free space tree (git-fixes).\n- btrfs: fix corruption reading compressed range when block size is smaller than page size (git-fixes).\n- btrfs: fix data overwriting bug during buffered write when block size \u0026lt; page size (git-fixes).\n- btrfs: fix data race when accessing the inode\u0027s disk_i_size at btrfs_drop_extents() (git-fixes).\n- btrfs: fix incorrect log message for nobarrier mount option (git-fixes).\n- btrfs: fix inode lookup error handling during log replay (git-fixes).\n- btrfs: fix invalid extref key setup when replaying dentry (git-fixes).\n- btrfs: fix invalid inode pointer after failure to create reloc inode (git-fixes).\n- btrfs: fix invalid inode pointer dereferences during log replay (git-fixes).\n- btrfs: fix iteration bug in __qgroup_excl_accounting() (git-fixes).\n- btrfs: fix log tree replay failure due to file with 0 links and extents (git-fixes).\n- btrfs: fix missing error handling when searching for inode refs during log replay (git-fixes).\n- btrfs: fix non-empty delayed iputs list on unmount due to async workers (git-fixes).\n- btrfs: fix printing of mount info messages for NODATACOW/NODATASUM (git-fixes).\n- btrfs: fix race between logging inode and checking if it was logged before (git-fixes).\n- btrfs: fix race between setting last_dir_index_offset and inode logging (git-fixes).\n- btrfs: fix squota compressed stats leak (git-fixes).\n- btrfs: fix ssd_spread overallocation (git-fixes).\n- btrfs: fix subvolume deletion lockup caused by inodes xarray race (git-fixes).\n- btrfs: fix the inode leak in btrfs_iget() (git-fixes).\n- btrfs: fix two misuses of folio_shift() (git-fixes).\n- btrfs: fix wrong length parameter for btrfs_cleanup_ordered_extents() (git-fixes).\n- btrfs: handle unaligned EOF truncation correctly for subpage cases (bsc#1249038).\n- btrfs: initialize inode::file_extent_tree after i_mode has been set (git-fixes).\n- btrfs: make btrfs_discard_workfn() block_group ref explicit (bsc#1243068)\n- btrfs: make btrfs_iget() return a btrfs inode instead (git-fixes).\n- btrfs: make btrfs_iget_path() return a btrfs inode instead (git-fixes).\n- btrfs: move transaction aborts to the error site in add_block_group_free_space() (git-fixes).\n- btrfs: pass a btrfs_inode to fixup_inode_link_count() (git-fixes).\n- btrfs: pass struct btrfs_inode to btrfs_defrag_file() (git-fixes).\n- btrfs: pass struct btrfs_inode to btrfs_double_mmap_lock() (git-fixes).\n- btrfs: pass struct btrfs_inode to btrfs_double_mmap_unlock() (git-fixes).\n- btrfs: pass struct btrfs_inode to btrfs_extent_same_range() (git-fixes).\n- btrfs: pass struct btrfs_inode to btrfs_fill_inode() (git-fixes).\n- btrfs: pass struct btrfs_inode to btrfs_iget_locked() (git-fixes).\n- btrfs: pass struct btrfs_inode to btrfs_inode_inherit_props() (git-fixes).\n- btrfs: pass struct btrfs_inode to btrfs_inode_type() (git-fixes).\n- btrfs: pass struct btrfs_inode to btrfs_load_inode_props() (git-fixes).\n- btrfs: pass struct btrfs_inode to btrfs_read_locked_inode() (git-fixes).\n- btrfs: pass struct btrfs_inode to can_nocow_extent() (git-fixes).\n- btrfs: pass struct btrfs_inode to clone_copy_inline_extent() (git-fixes).\n- btrfs: pass struct btrfs_inode to extent_range_clear_dirty_for_io() (git-fixes).\n- btrfs: pass struct btrfs_inode to fill_stack_inode_item() (git-fixes).\n- btrfs: pass struct btrfs_inode to new_simple_dir() (git-fixes).\n- btrfs: pass true to btrfs_delalloc_release_space() at btrfs_page_mkwrite() (bsc#1247949).\n- btrfs: propagate last_unlink_trans earlier when doing a rmdir (git-fixes).\n- btrfs: props: switch prop_handler::apply to struct btrfs_inode (git-fixes).\n- btrfs: props: switch prop_handler::extract to struct btrfs_inode (git-fixes).\n- btrfs: push cleanup into btrfs_read_locked_inode() (git-fixes).\n- btrfs: qgroup: fix qgroup create ioctl returning success after quotas disabled (git-fixes).\n- btrfs: qgroup: fix race between quota disable and quota rescan ioctl (git-fixes).\n- btrfs: qgroup: remove no longer used fs_info-\u003eqgroup_ulist (git-fixes).\n- btrfs: qgroup: set quota enabled bit if quota disable fails flushing reservations (git-fixes).\n- btrfs: record new subvolume in parent dir earlier to avoid dir logging races (git-fixes).\n- btrfs: remove conditional path allocation in btrfs_read_locked_inode() (git-fixes).\n- btrfs: remove no longer needed strict argument from can_nocow_extent() (git-fixes).\n- btrfs: remove redundant path release when replaying a log tree (git-fixes).\n- btrfs: remove the snapshot check from check_committed_ref() (git-fixes).\n- btrfs: restore mount option info messages during mount (git-fixes).\n- btrfs: return a btrfs_inode from btrfs_iget_logging() (git-fixes).\n- btrfs: return a btrfs_inode from read_one_inode() (git-fixes).\n- btrfs: return any hit error from extent_writepage_io() (git-fixes).\n- btrfs: send: remove unnecessary inode lookup at send_encoded_inline_extent() (git-fixes).\n- btrfs: simplify arguments for btrfs_cross_ref_exist() (git-fixes).\n- btrfs: simplify early error checking in btrfs_page_mkwrite() (bsc#1247949).\n- btrfs: simplify error detection flow during log replay (git-fixes).\n- btrfs: simplify return logic at check_committed_ref() (git-fixes).\n- btrfs: subpage: fix the bitmap dump of the locked flags (git-fixes).\n- btrfs: tests: fix chunk map leak after failure to add it to the tree (git-fixes).\n- btrfs: tree-checker: fix the incorrect inode ref size check (git-fixes).\n- btrfs: unfold transaction aborts when replaying log trees (git-fixes).\n- btrfs: unify ordering of btrfs_key initializations (git-fixes).\n- btrfs: update superblock\u0027s device bytes_used when dropping chunk (git-fixes).\n- btrfs: use a single variable to track return value at btrfs_page_mkwrite() (bsc#1247949).\n- btrfs: use btrfs_record_snapshot_destroy() during rmdir (git-fixes).\n- btrfs: use filemap_get_folio() helper (git-fixes).\n- btrfs: use struct btrfs_inode inside btrfs_get_name() (git-fixes).\n- btrfs: use struct btrfs_inode inside btrfs_get_parent() (git-fixes).\n- btrfs: use struct btrfs_inode inside btrfs_remap_file_range() (git-fixes).\n- btrfs: use struct btrfs_inode inside btrfs_remap_file_range_prep() (git-fixes).\n- btrfs: use struct btrfs_inode inside create_pending_snapshot() (git-fixes).\n- btrfs: use verbose ASSERT() in volumes.c (bsc#1249038).\n- build_bug.h: Add KABI assert (bsc#1249186).\n- bus: firewall: Fix missing static inline annotations for stubs (git-fixes).\n- bus: fsl-mc: Check return value of platform_get_resource() (git-fixes).\n- bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint() (git-fixes).\n- bus: mhi: ep: Fix chained transfer handling in read path (git-fixes).\n- bus: mhi: host: Detect events pointing to unexpected TREs (git-fixes).\n- bus: mhi: host: Do not use uninitialized \u0027dev\u0027 pointer in mhi_init_irq_setup() (git-fixes).\n- bus: mhi: host: pci_generic: Fix the modem name of Foxconn T99W640 (git-fixes).\n- can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes).\n- can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled (stable-fixes).\n- can: hi311x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes).\n- can: j1939: implement NETDEV_UNREGISTER notification handler (git-fixes).\n- can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails (git-fixes).\n- can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed (git-fixes).\n- can: kvaser_pciefd: Store device channel index (git-fixes).\n- can: kvaser_usb: Assign netdev.dev_port based on device channel index (git-fixes).\n- can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow (git-fixes).\n- can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode (git-fixes).\n- can: peak_usb: fix USB FD devices potential malfunction (git-fixes).\n- can: peak_usb: fix shift-out-of-bounds issue (git-fixes).\n- can: rcar_can: rcar_can_resume(): fix s2ram with PSCI (stable-fixes).\n- can: rcar_canfd: Fix controller mode setting (stable-fixes).\n- can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow (git-fixes).\n- can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB (git-fixes).\n- cdc-acm: fix race between initial clearing halt and open (git-fixes).\n- cdc_ncm: Flag Intel OEM version of Fibocom L850-GL as WWAN (stable-fixes).\n- cdx: Fix off-by-one error in cdx_rpmsg_probe() (git-fixes).\n- cgroup/cpuset: Fix a partition error with CPU hotplug (bsc#1241166).\n- cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key (bsc#1241166).\n- cgroup: Add compatibility option for content of /proc/cgroups (jsc#PED-12405).\n- cgroup: Print message when /proc/cgroups is read on v2-only system (jsc#PED-12405).\n- cgroup: llist: avoid memory tears for llist_node (bsc#1247963).\n- cgroup: make css_rstat_updated nmi safe (bsc#1247963).\n- cgroup: remove per-cpu per-subsystem locks (bsc#1247963).\n- cgroup: support to enable nmi-safe css_rstat_updated (bsc#1247963).\n- char: misc: Fix improper and inaccurate error code returned by misc_init() (stable-fixes).\n- clk: at91: peripheral: fix return value (git-fixes).\n- clk: at91: sam9x7: update pll clk ranges (git-fixes).\n- clk: clk-axi-clkgen: fix fpfd_max frequency for zynq (git-fixes).\n- clk: davinci: Add NULL check in davinci_lpsc_clk_register() (git-fixes).\n- clk: imx95-blk-ctl: Fix synchronous abort (git-fixes).\n- clk: mediatek: clk-mux: Do not pass flags to clk_mux_determine_rate_flags() (git-fixes).\n- clk: mediatek: mt8195-infra_ao: Fix parent for infra_ao_hdmi_26m (git-fixes).\n- clk: qcom: common: Fix NULL vs IS_ERR() check in qcom_cc_icc_register() (git-fixes).\n- clk: qcom: gcc-ipq8074: fix broken freq table for nss_port6_tx_clk_src (git-fixes).\n- clk: qcom: tcsrcc-x1e80100: Set the bi_tcxo as parent to eDP refclk (git-fixes).\n- clk: renesas: cpg-mssr: Fix memory leak in cpg_mssr_reserved_init() (git-fixes).\n- clk: renesas: rzv2h: Fix missing CLK_SET_RATE_PARENT flag for ddiv clocks (git-fixes).\n- clk: samsung: exynos850: fix a comment (git-fixes).\n- clk: samsung: gs101: fix CLK_DOUT_CMU_G3D_BUSD (git-fixes).\n- clk: samsung: gs101: fix alternate mout_hsi0_usb20_ref parent clock (git-fixes).\n- clk: sunxi-ng: v3s: Fix de clock definition (git-fixes).\n- clk: tegra: do not overallocate memory for bpmp clocks (git-fixes).\n- clk: thead: th1520-ap: Correctly refer the parent of osc_12m (git-fixes).\n- clk: xilinx: vcu: unregister pll_post only if registered correctly (git-fixes).\n- comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() (git-fixes).\n- comedi: Make insn_rw_emulate_bits() do insn-\u003en samples (git-fixes).\n- comedi: fix race between polling and detaching (git-fixes).\n- comedi: pcl726: Prevent invalid irq number (git-fixes).\n- compiler-clang.h: define __SANITIZE_*__ macros only when undefined (stable-fixes).\n- compiler: remove __ADDRESSABLE_ASM{_STR,}() again (git-fixes).\n- config.sh: SLFO 1.2 branched in IBS\n- config: arm64: default: enable mtu3 dual-role support for MediaTek platforms (bsc#1245206)\n- coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes).\n- cpu: Define attack vectors (git-fixes).\n- cpufreq/amd-pstate: Fix a regression leading to EPP 0 after resume (git-fixes).\n- cpufreq/amd-pstate: Fix setting of CPPC.min_perf in active mode for performance governor (git-fixes).\n- cpufreq/sched: Explicitly synchronize limits_changed flag (git-fixes)\n- cpufreq/sched: Fix the usage of CPUFREQ_NEED_UPDATE_LIMITS (git-fixes)\n- cpufreq: Add SM8650 to cpufreq-dt-platdev blocklist (stable-fixes).\n- cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay (stable-fixes).\n- cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag (stable-fixes).\n- cpufreq: Exit governor when failed to start old governor (stable-fixes).\n- cpufreq: Init policy-\u003erwsem before it may be possibly used (git-fixes).\n- cpufreq: Initialize cpufreq-based frequency-invariance later (git-fixes).\n- cpufreq: Initialize cpufreq-based invariance before subsys (git-fixes).\n- cpufreq: Make drivers using CPUFREQ_ETERNAL specify transition latency (stable-fixes git-fixes).\n- cpufreq: Reference count policy in cpufreq_update_limits() (git-fixes).\n- cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() (stable-fixes).\n- cpufreq: armada-8k: make both cpu masks static (git-fixes).\n- cpufreq: cppc: Fix invalid return value in .get() callback (git-fixes).\n- cpufreq: governor: Fix negative \u0027idle_time\u0027 handling in dbs_update() (git-fixes).\n- cpufreq: intel_pstate: Add Granite Rapids support in no-HWP mode (stable-fixes).\n- cpufreq: intel_pstate: Always use HWP_DESIRED_PERF in passive mode (git-fixes).\n- cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (git-fixes).\n- cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode (git-fixes).\n- cpufreq: mediatek: fix device leak on probe failure (git-fixes).\n- cpufreq: scmi: Account for malformed DT in scmi_dev_used_by_cpus() (git-fixes).\n- cpufreq: scmi: Skip SCMI devices that are not used by the CPUs (stable-fixes).\n- cpufreq: scpi: compare kHz instead of Hz (git-fixes).\n- cpufreq: sun50i: prevent out-of-bounds access (git-fixes).\n- cpufreq: tegra186: Set target frequency for all cpus in policy (git-fixes).\n- cpufreq: tegra186: Share policy per cluster (stable-fixes).\n- cpupower: Fix a bug where the -t option of the set subcommand was not working (stable-fixes).\n- crypto: af_alg - Set merge to zero early in af_alg_sendmsg (git-fixes).\n- crypto: arm/aes-neonbs - work around gcc-15 warning (git-fixes).\n- crypto: aspeed - Fix dma_unmap_sg() direction (git-fixes).\n- crypto: atmel - Fix dma_unmap_sg() direction (git-fixes).\n- crypto: caam - Prevent crash on suspend with iMX8QM / iMX8ULP (git-fixes).\n- crypto: ccp - Add missing bootloader info reg for pspv6 (stable-fixes).\n- crypto: ccp - Fix crash when rebind ccp device for ccp.ko (git-fixes).\n- crypto: ccp - Fix locking on alloc failure handling (git-fixes).\n- crypto: essiv - Check ssize for decryption and in-place encryption (git-fixes).\n- crypto: hisilicon - re-enable address prefetch after device resuming (git-fixes).\n- crypto: hisilicon/hpre - fix dma unmap sequence (stable-fixes).\n- crypto: hisilicon/qm - check whether the input function and PF are on the same device (git-fixes).\n- crypto: hisilicon/qm - set NULL to qm-\u003edebug.qm_diff_regs (git-fixes).\n- crypto: hisilicon/zip - remove unnecessary validation for high-performance mode configurations (git-fixes).\n- crypto: img-hash - Fix dma_unmap_sg() nents value (git-fixes).\n- crypto: inside-secure - Fix `dma_unmap_sg()` nents value (git-fixes).\n- crypto: jitter - fix intermediary handling (stable-fixes).\n- crypto: keembay - Add missing check after sg_nents_for_len() (git-fixes).\n- crypto: keembay - Fix dma_unmap_sg() nents value (git-fixes).\n- crypto: marvell/cesa - Fix engine load inaccuracy (git-fixes).\n- crypto: octeontx2 - Call strscpy() with correct size argument (git-fixes).\n- crypto: octeontx2 - Fix address alignment issue on ucode loading (stable-fixes).\n- crypto: octeontx2 - Fix address alignment on CN10K A0/A1 and OcteonTX2 (stable-fixes).\n- crypto: octeontx2 - Fix address alignment on CN10KB and CN10KA-B0 (stable-fixes).\n- crypto: octeontx2 - add timeout for load_fvc completion poll (stable-fixes).\n- crypto: qat - allow enabling VFs in the absence of IOMMU (git-fixes).\n- crypto: qat - disable ZUC-256 capability for QAT GEN5 (git-fixes).\n- crypto: qat - fix DMA direction for compression on GEN2 devices (git-fixes).\n- crypto: qat - fix seq_file position update in adf_ring_next() (git-fixes).\n- crypto: qat - fix state restore for banks with exceptions (git-fixes).\n- crypto: qat - flush misc workqueue during device shutdown (git-fixes).\n- crypto: qat - lower priority for skcipher and aead algorithms (stable-fixes).\n- crypto: qat - use unmanaged allocation for dc_data (git-fixes).\n- crypto: rng - Ensure set_ent is always present (git-fixes).\n- crypto: rockchip - Fix dma_unmap_sg() nents value (git-fixes).\n- crypto: sun8i-ce - fix nents passed to dma_unmap_sg() (git-fixes).\n- devlink: Add support for u64 parameters (jsc#PED-13331).\n- devlink: avoid param type value translations (jsc#PED-13331).\n- devlink: define enum for attr types of dynamic attributes (jsc#PED-13331).\n- devlink: introduce devlink_nl_put_u64() (jsc#PED-13331).\n- devlink: let driver opt out of automatic phys_port_name generation (git-fixes).\n- dm-mpath: do not print the \"loaded\" message if registering fails (git-fixes).\n- dm-stripe: limit chunk_sectors to the stripe size (git-fixes).\n- dm-table: fix checking for rq stackable devices (git-fixes).\n- dm: Check for forbidden splitting of zone write operations (git-fixes).\n- dm: split write BIOs on zone boundaries when zone append is not emulated (git-fixes).\n- dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted (stable-fixes).\n- dmaengine: Fix dma_async_tx_descriptor-\u003etx_submit documentation (git-fixes).\n- dmaengine: dw-edma: Drop unused dchan2dev() and chan2dev() (git-fixes).\n- dmaengine: dw: dmamux: Fix device reference leak in rzn1_dmamux_route_allocate (git-fixes).\n- dmaengine: fsl-dpaa2-qdma: Drop unused mc_enc() (git-fixes).\n- dmaengine: idxd: Fix double free in idxd_setup_wqs() (git-fixes).\n- dmaengine: idxd: Fix refcount underflow on module unload (git-fixes).\n- dmaengine: idxd: Remove improper idxd_free (git-fixes).\n- dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status() (git-fixes).\n- dmaengine: mmp: Fix again Wvoid-pointer-to-enum-cast warning (git-fixes).\n- dmaengine: mv_xor: Fix missing check after DMA map and missing unmap (git-fixes).\n- dmaengine: nbpfaxi: Add missing check after DMA map (git-fixes).\n- dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees (git-fixes).\n- dmaengine: qcom: gpi: Drop unused gpi_write_reg_field() (git-fixes).\n- dmaengine: stm32-dma: configure next sg only if there are more than 2 sgs (stable-fixes).\n- dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (git-fixes).\n- docs: admin-guide: update to current minimum pipe size default (git-fixes).\n- dpll: Add basic Microchip ZL3073x support (jsc#PED-13331).\n- dpll: Make ZL3073X invisible (jsc#PED-13331).\n- dpll: zl3073x: Add support to get/set frequency on pins (jsc#PED-13331).\n- dpll: zl3073x: Add support to get/set priority on input pins (jsc#PED-13331).\n- dpll: zl3073x: Fetch invariants during probe (jsc#PED-13331).\n- dpll: zl3073x: Fix build failure (jsc#PED-13331).\n- dpll: zl3073x: Implement input pin selection in manual mode (jsc#PED-13331).\n- dpll: zl3073x: Implement input pin state setting in automatic mode (jsc#PED-13331).\n- dpll: zl3073x: Read DPLL types and pin properties from system firmware (jsc#PED-13331).\n- dpll: zl3073x: Register DPLL devices and pins (jsc#PED-13331).\n- dpll: zl3073x: ZL3073X_I2C and ZL3073X_SPI should depend on NET (jsc#PED-13331).\n- driver core/PM: Set power.no_callbacks along with power.no_pm (stable-fixes).\n- drivers/base/node: fix double free in register_one_node() (git-fixes).\n- drivers/base/node: handle error properly in register_one_node() (git-fixes).\n- drivers: base: handle module_kobject creation (git-fixes).\n- drm/amd : Update MES API header file for v11 \u0026 v12 (stable-fixes).\n- drm/amd/amdgpu: Declare isp firmware binary file (stable-fixes).\n- drm/amd/amdgpu: Fix missing error return on kzalloc failure (git-fixes).\n- drm/amd/amdgpu: Implement MES suspend/resume gang functionality for v12 (bsc#1243112).\n- drm/amd/amdgpu: disable hwmon power1_cap* for gfx 11.0.3 on vf mode (stable-fixes).\n- drm/amd/display: Add NULL check for stream before dereference in \u0027dm_vupdate_high_irq\u0027 (bsc#1243112).\n- drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs (git-fixes).\n- drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() (git-fixes).\n- drm/amd/display: Add primary plane to commits for correct VRR handling (stable-fixes).\n- drm/amd/display: Adjust DCE 8-10 clock, do not overclock by 15% (git-fixes).\n- drm/amd/display: Allow DCN301 to clear update flags (git-fixes).\n- drm/amd/display: Allow RX6xxx \u0026 RX7700 to invoke amdgpu_irq_get/put (git-fixes).\n- drm/amd/display: Avoid a NULL pointer dereference (stable-fixes).\n- drm/amd/display: Avoid configuring PSR granularity if PSR-SU not supported (stable-fixes).\n- drm/amd/display: Avoid trying AUX transactions on disconnected ports (stable-fixes).\n- drm/amd/display: Clear the CUR_ENABLE register on DCN314 w/out DPP PG (stable-fixes).\n- drm/amd/display: Default IPS to RCG_IN_ACTIVE_IPS2_IN_OFF (git-fixes).\n- drm/amd/display: Disable CRTC degamma LUT for DCN401 (stable-fixes).\n- drm/amd/display: Disable DPCD Probe Quirk (bsc#1248121).\n- drm/amd/display: Disable dsc_power_gate for dcn314 by default (stable-fixes).\n- drm/amd/display: Disable scaling on DCE6 for now (git-fixes).\n- drm/amd/display: Do not check for NULL divisor in fixpt code (git-fixes).\n- drm/amd/display: Do not overclock DCE 6 by 15% (git-fixes).\n- drm/amd/display: Do not overwrite dce60_clk_mgr (git-fixes).\n- drm/amd/display: Do not print errors for nonexistent connectors (git-fixes).\n- drm/amd/display: Do not warn when missing DCE encoder caps (stable-fixes).\n- drm/amd/display: Enable Dynamic DTBCLK Switch (bsc#1243112).\n- drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs (stable-fixes).\n- drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs (stable-fixes).\n- drm/amd/display: Fix \u0027failed to blank crtc!\u0027 (stable-fixes).\n- drm/amd/display: Fix DP audio DTO1 clock source on DCE 6 (stable-fixes).\n- drm/amd/display: Fix Xorg desktop unresponsive on Replay panel (stable-fixes).\n- drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 (git-fixes).\n- drm/amd/display: Fix mismatch type comparison (stable-fixes).\n- drm/amd/display: Fix vupdate_offload_work doc (bsc#1243112).\n- drm/amd/display: Free memory allocation (stable-fixes).\n- drm/amd/display: Init DCN35 clocks from pre-os HW values (git-fixes).\n- drm/amd/display: Initialize mode_select to 0 (stable-fixes).\n- drm/amd/display: Only finalize atomic_obj if it was initialized (stable-fixes).\n- drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 (git-fixes).\n- drm/amd/display: Properly disable scaling on DCE6 (git-fixes).\n- drm/amd/display: Remove redundant semicolons (git-fixes).\n- drm/amd/display: Separate set_gsl from set_gsl_source_select (stable-fixes).\n- drm/amd/display: Update DMCUB loading sequence for DCN3.5 (stable-fixes).\n- drm/amd/display: add workaround flag to link to force FFE preset (stable-fixes).\n- drm/amd/display: fix a Null pointer dereference vulnerability (stable-fixes).\n- drm/amd/display: fix dmub access race condition (bsc#1243112).\n- drm/amd/display: fix initial backlight brightness calculation (git-fixes).\n- drm/amd/display: limit clear_update_flags to dcn32 and above (stable-fixes).\n- drm/amd/display: more liberal vmin/vmax update for freesync (bsc#1243112).\n- drm/amd/display: remove output_tf_change flag (git-fixes).\n- drm/amd/display: use udelay rather than fsleep (git-fixes).\n- drm/amd/include : MES v11 and v12 API header update (stable-fixes).\n- drm/amd/include : Update MES v12 API for fence update (stable-fixes).\n- drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value (git-fixes).\n- drm/amd/pm: Adjust si_upload_smc_data register programming (v3) (git-fixes).\n- drm/amd/pm: Disable MCLK switching with non-DC at 120 Hz+ (v2) (git-fixes).\n- drm/amd/pm: Disable SCLK switching on Oland with high pixel clocks (v3) (git-fixes).\n- drm/amd/pm: Disable ULV even if unsupported (v3) (git-fixes).\n- drm/amd/pm: Fix si_upload_smc_data (v3) (git-fixes).\n- drm/amd/pm: Treat zero vblank time as too short in si_dpm (v3) (git-fixes).\n- drm/amd/pm: fix null pointer access (stable-fixes).\n- drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual (stable-fixes).\n- drm/amd: Avoid evicting resources at S5 (bsc#1243112).\n- drm/amd: Check whether secure display TA loaded successfully (bsc#1243112).\n- drm/amd: Fix hybrid sleep (bsc#1243112).\n- drm/amd: Only restore cached manual clock settings in restore if OD enabled (bsc#1243112).\n- drm/amd: Restore cached manual clock settings during resume (bsc#1243112).\n- drm/amd: Restore cached power limit during resume (stable-fixes).\n- drm/amdgpu/discovery: fix fw based ip discovery (git-fixes).\n- drm/amdgpu/discovery: optionally use fw based ip discovery (stable-fixes).\n- drm/amdgpu/gfx10: fix KGQ reset sequence (git-fixes).\n- drm/amdgpu/gfx10: fix kiq locking in KCQ reset (git-fixes).\n- drm/amdgpu/gfx9.4.3: fix kiq locking in KCQ reset (git-fixes).\n- drm/amdgpu/gfx9: fix kiq locking in KCQ reset (git-fixes).\n- drm/amdgpu/mes11: implement detect and reset callback (bsc#1243112).\n- drm/amdgpu/mes12: implement detect and reset callback (bsc#1243112).\n- drm/amdgpu/mes: add front end for detect and reset hung queue (bsc#1243112).\n- drm/amdgpu/mes: add missing locking in helper functions (stable-fixes).\n- drm/amdgpu/mes: enable compute pipes across all MEC (git-fixes).\n- drm/amdgpu/mes: optimize compute loop handling (stable-fixes).\n- drm/amdgpu/swm14: Update power limit logic (stable-fixes).\n- drm/amdgpu/vcn4: Fix IB parsing with multiple engine info packages (stable-fixes).\n- drm/amdgpu/vcn: Allow limiting ctx to instance 0 for AV1 at any time (stable-fixes).\n- drm/amdgpu/vcn: fix ref counting for ring based profile handling (git-fixes).\n- drm/amdgpu/vpe: cancel delayed work in hw_fini (bsc#1243112).\n- drm/amdgpu: Add additional DCE6 SCL registers (git-fixes).\n- drm/amdgpu: Avoid extra evict-restore process (stable-fixes).\n- drm/amdgpu: Avoid rma causes GPU duplicate reset (bsc#1243112).\n- drm/amdgpu: Enable MES lr_compute_wa by default (stable-fixes).\n- drm/amdgpu: Fix allocating extra dwords for rings (v2) (git-fixes).\n- drm/amdgpu: Fix for GPU reset being blocked by KIQ I/O (bsc#1243112).\n- drm/amdgpu: Increase reset counter only on success (stable-fixes).\n- drm/amdgpu: Initialize data to NULL in imu_v12_0_program_rlc_ram() (git-fixes).\n- drm/amdgpu: Power up UVD 3 for FW validation (v2) (git-fixes).\n- drm/amdgpu: Remove nbiov7.9 replay count reporting (git-fixes).\n- drm/amdgpu: Report individual reset error (bsc#1243112).\n- drm/amdgpu: Reset the clear flag in buddy during resume (git-fixes).\n- drm/amdgpu: Update external revid for GC v9.5.0 (stable-fixes).\n- drm/amdgpu: VCN v5_0_1 to prevent FW checking RB during DPG pause (stable-fixes).\n- drm/amdgpu: add kicker fws loading for gfx11/smu13/psp13 (stable-fixes).\n- drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities (stable-fixes).\n- drm/amdgpu: do not resume device in thaw for normal hibernation (bsc#1243112).\n- drm/amdgpu: drop hw access in non-DC audio fini (stable-fixes).\n- drm/amdgpu: fix a memory leak in fence cleanup when unloading (git-fixes).\n- drm/amdgpu: fix incorrect vm flags to map bo (git-fixes).\n- drm/amdgpu: fix link error for !PM_SLEEP (bsc#1243112).\n- drm/amdgpu: fix task hang from failed job submission during process kill (git-fixes).\n- drm/amdgpu: fix vram reservation issue (git-fixes).\n- drm/amdgpu: remove the redeclaration of variable i (git-fixes).\n- drm/amdgpu: update mmhub 3.0.1 client id mappings (stable-fixes).\n- drm/amdgpu: update mmhub 4.1.0 client id mappings (stable-fixes).\n- drm/amdkfd: Destroy KFD debugfs after destroy KFD wq (stable-fixes).\n- drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl() (git-fixes).\n- drm/amdkfd: Fix mmap write lock not release (bsc#1243112).\n- drm/ast: Use msleep instead of mdelay for edid read (git-fixes).\n- drm/bridge: fix OF node leak (git-fixes).\n- drm/bridge: it6505: select REGMAP_I2C (git-fixes).\n- drm/bridge: ti-sn65dsi86: Remove extra semicolon in ti_sn_bridge_probe() (git-fixes).\n- drm/bridge: ti-sn65dsi86: fix REFCLK setting (git-fixes).\n- drm/cirrus-qemu: Fix pitch programming (git-fixes).\n- drm/connector: hdmi: Evaluate limited range after computing format (git-fixes).\n- drm/dp: Add an EDID quirk for the DPCD register access probe (bsc#1248121).\n- drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS (stable-fixes).\n- drm/dp: Change AUX DPCD probe address from LANE0_1_STATUS to TRAINING_PATTERN_SET (bsc#1248121).\n- drm/edid: Add support for quirks visible to DRM core and drivers (bsc#1248121).\n- drm/edid: Define the quirks in an enum list (bsc#1248121).\n- drm/format-helper: Add conversion from XRGB8888 to BGR888 (stable-fixes).\n- drm/gem: Internally test import_attach for imported objects (git-fixes).\n- drm/gem: Test for imported GEM buffers with helper (stable-fixes).\n- drm/gma500: Fix null dereference in hdmi teardown (git-fixes).\n- drm/hisilicon/hibmc: fix the hibmc loaded failed bug (git-fixes).\n- drm/hisilicon/hibmc: fix the i2c device resource leak when vdac init failed (git-fixes).\n- drm/hisilicon/hibmc: refactored struct hibmc_drm_private (stable-fixes).\n- drm/i915/backlight: Return immediately when scale() finds invalid parameters (stable-fixes).\n- drm/i915/ddi: change intel_ddi_init_{dp, hdmi}_connector() return type (stable-fixes).\n- drm/i915/ddi: gracefully handle errors from intel_ddi_init_hdmi_connector() (stable-fixes).\n- drm/i915/ddi: only call shutdown hooks for valid encoders (stable-fixes).\n- drm/i915/display: Fix dma_fence_wait_timeout() return value handling (git-fixes).\n- drm/i915/display: add intel_encoder_is_hdmi() (stable-fixes).\n- drm/i915/dp: Fix 2.7 Gbps DP_LINK_BW value on g4x (git-fixes).\n- drm/i915/dp_mst: Work around Thunderbolt sink disconnect after SINK_COUNT_ESI read (stable-fixes).\n- drm/i915/hdmi: add error handling in g4x_hdmi_init() (stable-fixes).\n- drm/i915/hdmi: propagate errors from intel_hdmi_init_connector() (stable-fixes).\n- drm/i915/icl+/tc: Cache the max lane count value (stable-fixes).\n- drm/i915/icl+/tc: Convert AUX powered WARN to a debug message (stable-fixes).\n- drm/i915/power: fix size for for_each_set_bit() in abox iteration (git-fixes).\n- drm/imagination: Clear runtime PM errors while resetting the GPU (stable-fixes).\n- drm/mediatek: Add error handling for old state CRTC in atomic_disable (git-fixes).\n- drm/mediatek: Fix device/node reference count leaks in mtk_drm_get_all_drm_priv (git-fixes).\n- drm/mediatek: fix potential OF node use-after-free (git-fixes).\n- drm/msm/dp: account for widebus and yuv420 during mode validation (git-fixes).\n- drm/msm/dpu: Fill in min_prefill_lines for SC8180X (git-fixes).\n- drm/msm/dpu: fix incorrect type for ret (git-fixes).\n- drm/msm/kms: move snapshot init earlier in KMS init (git-fixes).\n- drm/msm: Add error handling for krealloc in metadata setup (stable-fixes).\n- drm/msm: Defer fd_install in SUBMIT ioctl (git-fixes).\n- drm/msm: update the high bitfield of certain DSI registers (git-fixes).\n- drm/msm: use trylock for debugfs (stable-fixes).\n- drm/nouveau/disp: Always accept linear modifier (git-fixes).\n- drm/nouveau/gsp: fix potential leak of memory used during acpi init (git-fixes).\n- drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor() (git-fixes).\n- drm/nouveau: fix bad ret code in nouveau_bo_move_prep (git-fixes).\n- drm/nouveau: fix error path in nvkm_gsp_fwsec_v2 (git-fixes).\n- drm/nouveau: fix typos in comments (git-fixes).\n- drm/nouveau: remove unused increment in gm200_flcn_pio_imem_wr (git-fixes).\n- drm/nouveau: remove unused memory target test (git-fixes).\n- drm/panel: novatek-nt35560: Fix invalid return value (git-fixes).\n- drm/panfrost: Fix panfrost device variable name in devfreq (git-fixes).\n- drm/panthor: Add missing explicit padding in drm_panthor_gpu_info (git-fixes).\n- drm/panthor: Defer scheduler entitiy destruction to queue release (git-fixes).\n- drm/panthor: Fix memory leak in panthor_ioctl_group_create() (git-fixes).\n- drm/panthor: validate group queue count (git-fixes).\n- drm/radeon/r600_cs: clean up of dead code in r600_cs (git-fixes).\n- drm/rcar-du: dsi: Fix 1/2/3 lane support (git-fixes).\n- drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed (git-fixes).\n- drm/sched: Remove optimization that causes hang when killing dependent jobs (git-fixes).\n- drm/simpledrm: Do not upcast in release helpers (git-fixes).\n- drm/tests: Fix endian warning (git-fixes).\n- drm/ttm: Respect the shrinker core free target (stable-fixes).\n- drm/ttm: Should to return the evict error (stable-fixes).\n- drm/vmwgfx: Fix Host-Backed userspace on Guest-Backed kernel (git-fixes).\n- drm/vmwgfx: Fix Use-after-free in validation (git-fixes).\n- drm/vmwgfx: Fix a null-ptr access in the cursor snooper (git-fixes).\n- drm/vmwgfx: Fix copy-paste typo in validation (git-fixes).\n- drm/xe/bmg: Add new PCI IDs (stable-fixes).\n- drm/xe/bmg: Add one additional PCI ID (stable-fixes).\n- drm/xe/bmg: Update Wa_22019338487 (git-fixes).\n- drm/xe/gsc: do not flush the GSC worker from the reset path (git-fixes).\n- drm/xe/hw_engine_group: Fix double write lock release in error path (git-fixes).\n- drm/xe/mocs: Initialize MOCS index early (stable-fixes).\n- drm/xe/pf: Move VFs reprovisioning to worker (stable-fixes).\n- drm/xe/pf: Prepare to stop SR-IOV support prior GT reset (git-fixes).\n- drm/xe/pf: Sanitize VF scratch registers on FLR (stable-fixes).\n- drm/xe/tile: Release kobject for the failure path (git-fixes).\n- drm/xe/uapi: Correct sync type definition in comments (git-fixes).\n- drm/xe/uapi: loosen used tracking restriction (git-fixes).\n- drm/xe/vf: Disable CSC support on VF (git-fixes).\n- drm/xe/vm: Clear the scratch_pt pointer on error (git-fixes).\n- drm/xe/xe_query: Use separate iterator while filling GT list (stable-fixes).\n- drm/xe/xe_sync: avoid race during ufence signaling (git-fixes).\n- drm/xe: Allow dropping kunit dependency as built-in (git-fixes).\n- drm/xe: Attempt to bring bos back to VRAM after eviction (git-fixes).\n- drm/xe: Carve out wopcm portion from the stolen memory (git-fixes).\n- drm/xe: Do not trigger rebind on initial dma-buf validation (git-fixes).\n- drm/xe: Ensure fixed_slice_mode gets set after ccs_mode change (git-fixes).\n- drm/xe: Fix a NULL vs IS_ERR() in xe_vm_add_compute_exec_queue() (git-fixes).\n- drm/xe: Fix build without debugfs (git-fixes).\n- drm/xe: Make dma-fences compliant with the safe access rules (stable-fixes).\n- drm/xe: Move page fault init after topology init (git-fixes).\n- drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ (git-fixes).\n- drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path (git-fixes).\n- drm: renesas: rz-du: mipi_dsi: Add min check for VCLK range (stable-fixes).\n- dt-bindings: dpll: Add DPLL device and pin (jsc#PED-13331).\n- dt-bindings: dpll: Add support for Microchip Azurite chip family (jsc#PED-13331).\n- e1000e: disregard NVM checksum on tgp when valid checksum bit is not set (git-fixes).\n- e1000e: ignore uninitialized checksum word on tgp (git-fixes).\n- efi: stmm: Fix incorrect buffer allocation method (git-fixes).\n- erofs: avoid reading more for fragment maps (git-fixes).\n- erofs: fix atomic context detection when !CONFIG_DEBUG_LOCK_ALLOC (git-fixes).\n- execmem: enforce allocation size aligment to PAGE_SIZE (git-fixes).\n- exfat: add cluster chain loop check for dir (git-fixes).\n- exfat: fdatasync flag should be same like generic_write_sync() (git-fixes).\n- ext4: fix checks for orphan inodes (bsc#1250119).\n- ext4: remove writable userspace mappings before truncating page cache (bsc#1247223).\n- fbcon: Fix OOB access in font allocation (git-fixes).\n- fbcon: Fix outdated registered_fb reference in comment (git-fixes).\n- fbcon: fix integer overflow in fbcon_do_set_font (git-fixes).\n- fbdev: Fix logic error in \"offb\" name match (git-fixes).\n- fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (stable-fixes).\n- fbdev: fix potential buffer overflow in do_register_framebuffer() (stable-fixes).\n- fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref (git-fixes).\n- fbdev: simplefb: Fix use after free in simplefb_detach_genpds() (git-fixes).\n- fgraph: Fix set_graph_notrace with setting TRACE_GRAPH_NOTRACE_BIT (git-fixes).\n- firewire: core: fix overlooked update of subsystem ABI version (git-fixes).\n- firewire: ohci: correct code comments about bus_reset tasklet (git-fixes).\n- firmware: arm_ffa: Change initcall level of ffa_init() to rootfs_initcall (stable-fixes).\n- firmware: arm_scmi: Convert to SYSTEM_SLEEP_PM_OPS (git-fixes).\n- firmware: arm_scmi: Fix up turbo frequencies selection (git-fixes).\n- firmware: arm_scmi: Mark VirtIO ready before registering scmi_virtio_driver (git-fixes).\n- firmware: arm_scmi: power_control: Ensure SCMI_SYSPOWER_IDLE is set early during resume (stable-fixes).\n- firmware: firmware: meson-sm: fix compile-test default (git-fixes).\n- firmware: meson_sm: fix device leak at probe (git-fixes).\n- firmware: tegra: Fix IVC dependency problems (stable-fixes).\n- flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read (git-fixes).\n- fs/nfs/io: make nfs_start_io_*() killable (git-fixes).\n- fs/proc/task_mmu: check p-\u003evec_buf for NULL (git-fixes).\n- fs/proc: Use inode_get_dev() for device numbers in procmap_query References: bsc#1246450\n- ftrace: Fix function profiler\u0027s filtering functionality (git-fixes).\n- ftrace: fix incorrect hash size in register_ftrace_direct() (git-fixes).\n- gfs2: Call gfs2_queue_verify_delete from gfs2_evict_inode (bsc#1247220).\n- gfs2: Clean up delete work processing (bsc#1247220).\n- gfs2: Faster gfs2_upgrade_iopen_glock wakeups (bsc#1247220).\n- gfs2: Initialize gl_no_formal_ino earlier (bsc#1247220).\n- gfs2: Minor delete_work_func cleanup (bsc#1247220).\n- gfs2: Only defer deletes when we have an iopen glock (bsc#1247220).\n- gfs2: Prevent inode creation race (2) (bsc#1247220).\n- gfs2: Prevent inode creation race (bsc#1247220).\n- gfs2: Randomize GLF_VERIFY_DELETE work delay (bsc#1247220).\n- gfs2: Rename GIF_{DEFERRED -\u003e DEFER}_DELETE (bsc#1247220).\n- gfs2: Rename dinode_demise to evict_behavior (bsc#1247220).\n- gfs2: Replace GIF_DEFER_DELETE with GLF_DEFER_DELETE (bsc#1247220).\n- gfs2: Return enum evict_behavior from gfs2_upgrade_iopen_glock (bsc#1247220).\n- gfs2: Simplify DLM_LKF_QUECVT use (bsc#1247220).\n- gfs2: Update to the evict / remote delete documentation (bsc#1247220).\n- gfs2: Use mod_delayed_work in gfs2_queue_try_to_evict (bsc#1247220).\n- gfs2: gfs2_evict_inode clarification (bsc#1247220).\n- gfs2: minor evict fix (bsc#1247220).\n- gfs2: skip if we cannot defer delete (bsc#1247220).\n- gpio: mlxbf2: use platform_get_irq_optional() (git-fixes).\n- gpio: mlxbf3: use platform_get_irq_optional() (git-fixes).\n- gpio: tps65912: check the return value of regmap_update_bits() (stable-fixes).\n- gpio: virtio: Fix config space reading (git-fixes).\n- gpio: wcd934x: check the return value of regmap_update_bits() (stable-fixes).\n- gpio: wcd934x: mark the GPIO controller as sleeping (git-fixes).\n- gpiolib: Extend software-node support to support secondary software-nodes (git-fixes).\n- gve: Fix stuck TX queue for DQ queue format (git-fixes).\n- gve: prevent ethtool ops after shutdown (git-fixes).\n- habanalabs: fix UAF in export_dmabuf() (git-fixes).\n- hid: fix I2C read buffer overflow in raw_event() for mcp2221 (stable-fixes).\n- hv_netvsc: Fix panic during namespace deletion with VF (bsc#1248111).\n- hv_netvsc: Link queues to NAPIs (git-fixes).\n- hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state (stable-fixes).\n- hwmon: (gsc-hwmon) fix fan pwm setpoint show functions (git-fixes).\n- hwmon: (mlxreg-fan) Separate methods of fan setting coming from different subsystems (git-fixes).\n- hwmon: mlxreg-fan: Prevent fans from getting stuck at 0 RPM (git-fixes).\n- hwrng: ks-sa - fix division by zero in ks_sa_rng_init (git-fixes).\n- hwrng: mtk - handle devm_pm_runtime_enable errors (git-fixes).\n- hwrng: nomadik - add ARM_AMBA dependency (git-fixes).\n- i2c: Force DLL0945 touchpad i2c freq to 100khz (stable-fixes).\n- i2c: designware: Add disabling clocks when probe fails (git-fixes).\n- i2c: designware: Add quirk for Intel Xe (stable-fixes).\n- i2c: designware: Fix clock issue when PM is disabled (git-fixes).\n- i2c: designware: Use temporary variable for struct device (stable-fixes).\n- i2c: i801: Hide Intel Birch Stream SoC TCO WDT (git-fixes).\n- i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD (git-fixes).\n- i2c: muxes: mule: Fix an error handling path in mule_i2c_mux_probe() (git-fixes).\n- i2c: omap: Add support for setting mux (stable-fixes).\n- i2c: omap: Fix an error handling path in omap_i2c_probe() (git-fixes).\n- i2c: omap: Handle omap_i2c_init() errors in omap_i2c_probe() (git-fixes).\n- i2c: omap: fix deprecated of_property_read_bool() use (git-fixes).\n- i2c: qup: jump out of the loop in case of timeout (git-fixes).\n- i2c: riic: Allow setting frequencies lower than 50KHz (git-fixes).\n- i2c: tegra: Fix reset error handling with ACPI (git-fixes).\n- i2c: tegra: Use internal reset when reset property is not available (bsc#1249143)\n- i2c: virtio: Avoid hang by using interruptible completion wait (git-fixes).\n- i3c: Fix default I2C adapter timeout value (git-fixes).\n- i3c: add missing include to internal header (stable-fixes).\n- i3c: do not fail if GETHDRCAP is unsupported (stable-fixes).\n- i3c: fix module_i3c_i2c_driver() with I3C=n (git-fixes).\n- i3c: master: Initialize ret in i3c_i2c_notifier_call() (stable-fixes).\n- i3c: master: svc: Recycle unused IBI slot (git-fixes).\n- i3c: master: svc: Use manual response for IBI events (git-fixes).\n- i40e: When removing VF MAC filters, only check PF-set MAC (git-fixes).\n- i40e: report VF tx_dropped with tx_errors instead of tx_discards (git-fixes).\n- ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof (git-fixes).\n- ice, irdma: fix an off by one in error handling code (bsc#1247712).\n- ice, irdma: move interrupts code to irdma (bsc#1247712).\n- ice/ptp: fix crosstimestamp reporting (git-fixes).\n- ice: Fix signedness bug in ice_init_interrupt_scheme() (bsc#1247712).\n- ice: Replace ice specific DSCP mapping num with a kernel define (jsc#PED-13728 jsc#PED-13762).\n- ice: check correct pointer in fwlog debugfs (git-fixes).\n- ice: count combined queues using Rx/Tx count (bsc#1247712).\n- ice: devlink PF MSI-X max and min parameter (bsc#1247712).\n- ice: do not leave device non-functional if Tx scheduler config fails (git-fixes).\n- ice: enable_rdma devlink param (bsc#1247712).\n- ice: fix NULL pointer dereference in ice_unplug_aux_dev() on reset (jsc#PED-13728).\n- ice: fix incorrect counter for buffer allocation failures (git-fixes).\n- ice: get rid of num_lan_msix field (bsc#1247712).\n- ice: init flow director before RDMA (bsc#1247712).\n- ice: remove splitting MSI-X between features (bsc#1247712).\n- ice: simplify VF MSI-X managing (bsc#1247712).\n- ice: treat dyn_allowed only as suggestion (bsc#1247712).\n- ice: use fixed adapter index for E825C embedded devices (git-fixes).\n- idpf: add PTP clock configuration (jsc#PED-13728 jsc#PED-13762).\n- idpf: add Tx timestamp capabilities negotiation (jsc#PED-13728 jsc#PED-13762).\n- idpf: add Tx timestamp flows (jsc#PED-13728 jsc#PED-13762).\n- idpf: add cross timestamping (jsc#PED-13728).\n- idpf: add flow steering support (jsc#PED-13728).\n- idpf: add initial PTP support (jsc#PED-13728 jsc#PED-13762).\n- idpf: add mailbox access to read PTP clock time (jsc#PED-13728 jsc#PED-13762).\n- idpf: add support for Rx timestamping (jsc#PED-13728 jsc#PED-13762).\n- idpf: add support for Tx refillqs in flow scheduling mode (jsc#PED-13728).\n- idpf: assign extracted ptype to struct libeth_rqe_info field (jsc#PED-13728 jsc#PED-13762).\n- idpf: change the method for mailbox workqueue allocation (jsc#PED-13728 jsc#PED-13762).\n- idpf: fix UAF in RDMA core aux dev deinitialization (jsc#PED-13728).\n- idpf: implement IDC vport aux driver MTU change handler (jsc#PED-13728 jsc#PED-13762).\n- idpf: implement RDMA vport auxiliary dev create, init, and destroy (jsc#PED-13728 jsc#PED-13762).\n- idpf: implement core RDMA auxiliary dev create, init, and destroy (jsc#PED-13728 jsc#PED-13762).\n- idpf: implement get LAN MMIO memory regions (jsc#PED-13728 jsc#PED-13762).\n- idpf: implement remaining IDC RDMA core callbacks and handlers (jsc#PED-13728 jsc#PED-13762).\n- idpf: improve when to set RE bit logic (jsc#PED-13728).\n- idpf: move virtchnl structures to the header file (jsc#PED-13728 jsc#PED-13762).\n- idpf: negotiate PTP capabilities and get PTP clock (jsc#PED-13728 jsc#PED-13762).\n- idpf: preserve coalescing settings across resets (jsc#PED-13728).\n- idpf: remove obsolete stashing code (jsc#PED-13728).\n- idpf: remove unreachable code from setting mailbox (jsc#PED-13728 jsc#PED-13762).\n- idpf: replace flow scheduling buffer ring with buffer pool (jsc#PED-13728).\n- idpf: set mac type when adding and removing MAC filters (jsc#PED-13728).\n- idpf: simplify and fix splitq Tx packet rollback error path (jsc#PED-13728).\n- idpf: stop Tx if there are insufficient buffer resources (jsc#PED-13728).\n- idpf: use reserved RDMA vectors from control plane (jsc#PED-13728 jsc#PED-13762).\n- igb: xsk: solve negative overflow of nb_pkts in zerocopy mode (git-fixes).\n- igc: disable L1.2 PCI-E link substate to avoid performance issue (git-fixes).\n- igc: fix disabling L1.2 PCI-E link substate on I226 on init (git-fixes).\n- iidc/ice/irdma: Break iidc.h into two headers (jsc#PED-13728 jsc#PED-13762).\n- iidc/ice/irdma: Rename IDC header file (jsc#PED-13728 jsc#PED-13762).\n- iidc/ice/irdma: Rename to iidc_* convention (jsc#PED-13728 jsc#PED-13762).\n- iidc/ice/irdma: Update IDC to support multiple consumers (jsc#PED-13728 jsc#PED-13762).\n- iio/adc/pac1934: fix channel disable configuration (git-fixes).\n- iio: accel: adxl355: Make timestamp 64-bit aligned using aligned_s64 (git-fixes).\n- iio: accel: fxls8962af: Fix temperature calculation (git-fixes).\n- iio: adc: ad7173: fix setting ODR in probe (git-fixes).\n- iio: adc: ad7266: Fix potential timestamp alignment issue (git-fixes).\n- iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement (stable-fixes).\n- iio: adc: ad7768-1: Fix insufficient alignment of timestamp (git-fixes).\n- iio: adc: ad_sigma_delta: change to buffer predisable (git-fixes).\n- iio: adc: ad_sigma_delta: do not overallocate scan buffer (stable-fixes).\n- iio: adc: dln2: Use aligned_s64 for timestamp (git-fixes).\n- iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] (stable-fixes).\n- iio: adc: max1363: Reorder mode_list[] entries (stable-fixes).\n- iio: chemical: pms7003: use aligned_s64 for timestamp (git-fixes).\n- iio: chemical: sps30: use aligned_s64 for timestamp (git-fixes).\n- iio: common: st_sensors: Fix use of uninitialize device structs (stable-fixes).\n- iio: consumers: Fix handling of negative channel scale in iio_convert_raw_to_processed() (git-fixes).\n- iio: consumers: Fix offset handling in iio_convert_raw_to_processed() (git-fixes).\n- iio: dac: ad5360: use int type to store negative error codes (git-fixes).\n- iio: dac: ad5421: use int type to store negative error codes (git-fixes).\n- iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE (git-fixes).\n- iio: frequency: adf4350: Fix prescaler usage (git-fixes).\n- iio: hid-sensor-prox: Fix incorrect OFFSET calculation (git-fixes).\n- iio: hid-sensor-prox: Restore lost scale assignments (git-fixes).\n- iio: imu: bno055: fix OOB access of hw_xlate array (git-fixes).\n- iio: imu: inv_icm42600: Convert to uXX and sXX integer types (stable-fixes).\n- iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume (git-fixes).\n- iio: imu: inv_icm42600: change invalid data error to -EBUSY (git-fixes).\n- iio: imu: inv_icm42600: fix spi burst write not supported (git-fixes).\n- iio: imu: inv_icm42600: switch timestamp type from int64_t __aligned(8) to aligned_s64 (stable-fixes).\n- iio: imu: inv_icm42600: use = { } instead of memset() (stable-fixes).\n- iio: light: Use aligned_s64 instead of open coding alignment (stable-fixes).\n- iio: light: as73211: Ensure buffer holes are zeroed (git-fixes).\n- iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe() (git-fixes).\n- iio: pressure: mprls0025pa: use aligned_s64 for timestamp (git-fixes).\n- iio: proximity: isl29501: fix buffered read on big-endian systems (git-fixes).\n- iio: temperature: maxim_thermocouple: use DMA-safe buffer for spi_read() (git-fixes).\n- iio: xilinx-ams: Fix AMS_ALARM_THR_DIRECT_MASK (git-fixes).\n- iio: xilinx-ams: Unmask interrupts after updating alarms (git-fixes).\n- integrity/platform_certs: Allow loading of keys in the static key management mode (jsc#PED-13345 jsc#PED-13343).\n- intel_idle: Provide the default enter_dead() handler (jsc#PED-13815).\n- intel_idle: Rescan \"dead\" SMT siblings during initialization (jsc#PED-13815).\n- intel_idle: Use subsys_initcall_sync() for initialization (jsc#PED-13815).\n- interconnect: qcom: sc8180x: specify num_nodes (git-fixes).\n- interconnect: qcom: sc8280xp: specify num_links for qnm_a1noc_cfg (git-fixes).\n- io_uring/rw: do not mask in f_iocb_flags (jsc#PED-12882 bsc#1237542). Drop blacklisting.\n- io_uring: expose read/write attribute capability (jsc#PED-12882 bsc#1237542).\n- io_uring: fix potential page leak in io_sqe_buffer_register() (git-fixes).\n- iommu/amd: Enable PASID and ATS capabilities in the correct order (git-fixes).\n- iommu/amd: Fix alias device DTE setting (git-fixes).\n- iommu/amd: Fix geometry.aperture_end for V2 tables (git-fixes).\n- iommu/arm-smmu-qcom: Add SM6115 MDSS compatible (git-fixes).\n- iommu/arm-smmu-v3: Fix smmu_domain-\u003enr_ats_masters decrement (git-fixes).\n- iommu/tegra241-cmdqv: Read SMMU IDR1.CMDQS instead of hardcoding (git-fixes).\n- iommu/vt-d: Disallow dirty tracking if incoherent page walk (git-fixes).\n- iommu/vt-d: Fix __domain_mapping()\u0027s usage of switch_to_super_page() (git-fixes).\n- iommu/vt-d: Fix missing PASID in dev TLB flush with cache_tag_flush_all (git-fixes).\n- iommu/vt-d: Fix possible circular locking dependency (git-fixes).\n- iommu/vt-d: Fix system hang on reboot -f (git-fixes).\n- iommu/vt-d: PRS isn\u0027t usable if PDS isn\u0027t supported (git-fixes).\n- iommu: Handle race with default domain setup (git-fixes).\n- iosys-map: Fix undefined behavior in iosys_map_clear() (git-fixes).\n- ipmi: Fix strcpy source and destination the same (stable-fixes).\n- ipmi: Use dev_warn_ratelimited() for incorrect message warnings (stable-fixes).\n- ipv6: annotate data-races around rt-\u003efib6_nsiblings (git-fixes).\n- ipv6: fix possible infinite loop in fib6_info_uses_dev() (git-fixes).\n- ipv6: prevent infinite loop in rt6_nlmsg_size() (git-fixes).\n- ipv6: reject malicious packets in ipv6_gso_segment() (git-fixes).\n- ipvs: Fix clamp() of ip_vs_conn_tab on small memory systems (git-fixes).\n- irdma: free iwdev-\u003erf after removing MSI-X (bsc#1247712).\n- isolcpus: add missing hunk back (bsc#1236897 bsc#1249206).\n- iwlwifi: Add missing check for alloc_ordered_workqueue (git-fixes).\n- ixgbe: fix ixgbe_orom_civd_info struct layout (bsc#1245410).\n- ixgbe: prevent from unwanted interface name changes (git-fixes).\n- ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc (git-fixes).\n- kABI fix after Add TDX support for vSphere (jsc#PED-13302).\n- kABI fix after KVM: SVM: Fix SNP AP destroy race with VMRUN (git-fixes).\n- kABI fix after KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest (git-fixes).\n- kABI fix after KVM: x86: Convert vcpu_run()\u0027s immediate exit param into a generic bitmap (git-fixes).\n- kABI fix after vhost: Reintroduce kthread API and add mode selection (git-fixes).\n- kABI workaround for \"drm/dp: Add an EDID quirk for the DPCD register access probe\" (bsc#1248121).\n- kABI workaround for amd_sfh (git-fixes).\n- kABI workaround for drm_gem.h (git-fixes).\n- kABI workaround for struct mtk_base_afe changes (git-fixes).\n- kABI: Fix the module::name type in audit_context (git-fixes).\n- kABI: PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (git-fixes).\n- kABI: arm64: ftrace: Restore struct mod_arch_specific layout (git-fixes).\n- kABI: fix for struct devlink_port_attrs: move new member to the end (git-fixes).\n- kABI: netfilter: supress warnings for nft_set_ops (git-fixes).\n- kABI: x86/sev: Use TSC_FACTOR for Secure TSC frequency calculation (git-fixes).\n- kabi/severities: ignore kABI compatibility in iio inv_icm42600 drivers They are used only locally\n- kabi/severities: ignore two unused/dropped symbols from MEI\n- kabi: Hide adding of u64 to devlink_param_type (jsc#PED-12745).\n- kabi: Restore layout of parallel_data (bsc1248343).\n- kabi: restore layout of struct cgroup_rstat_cpu (bsc#1247963).\n- kasan: use vmalloc_dump_obj() for vmalloc error reports (git-fixes).\n- kbuild/modpost: Continue processing all unresolved symbols when KLP_SYM_RELA is found (bsc#1218644, bsc#1250655).\n- kbuild: rust: add rustc-min-version support function (git-fixes)\n- kernel-binary: Another installation ordering fix (bsc#1241353).\n- kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346)\n- kernel: globalize lookup_or_create_module_kobject() (stable-fixes).\n- kernel: param: rename locate_module_kobject (stable-fixes).\n- leds: flash: leds-qcom-flash: Fix registry access after re-bind (git-fixes).\n- leds: flash: leds-qcom-flash: Update torch current clamp setting (git-fixes).\n- leds: leds-lp50xx: Handle reg to get correct multi_index (stable-fixes).\n- leds: leds-lp55xx: Use correct address for memory programming (git-fixes).\n- lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() (bsc#1236897).\n- libbpf: Add identical pointer detection to btf_dedup_is_equiv() (git-fixes).\n- libeth: move idpf_rx_csum_decoded and idpf_rx_extracted (jsc#PED-13728 jsc#PED-13762).\n- livepatch: Add stack_order sysfs attribute (poo#187320).\n- loop: use kiocb helpers to fix lockdep warning (git-fixes).\n- lpfc: do not use file-\u003ef_path.dentry for comparisons (bsc#1250519).\n- mISDN: Fix memory leak in dsp_hwec_enable() (git-fixes).\n- mISDN: hfcpci: Fix warning when deleting uninitialized timer (git-fixes).\n- mailbox: Not protect module_put with spin_lock_irqsave (stable-fixes).\n- mailbox: mtk-cmdq: Remove pm_runtime APIs from cmdq_mbox_send_data() (git-fixes).\n- mailbox: pcc: Always clear the platform ack interrupt first (stable-fixes).\n- mailbox: pcc: Fix the possible race in updation of chan_in_use flag (stable-fixes).\n- mailbox: pcc: Use acpi_os_ioremap() instead of ioremap() (stable-fixes).\n- mailbox: zynqmp-ipi: Fix SGI cleanup on unbind (git-fixes).\n- mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop (git-fixes).\n- mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes (git-fixes).\n- mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call (git-fixes).\n- maple_tree: fix MAPLE_PARENT_RANGE32 and parent pointer docs (git-fixes).\n- maple_tree: fix status setup on restore to active (git-fixes).\n- maple_tree: fix testing for 32 bit builds (git-fixes).\n- mctp: no longer rely on net-\u003edev_index_head (git-fixes).\n- md/raid1,raid10: strip REQ_NOWAIT from member bios (git-fixes).\n- md: allow removing faulty rdev during resync (git-fixes).\n- md: dm-zoned-target: Initialize return variable r to avoid uninitialized use (git-fixes).\n- md: make rdev_addable usable for rcu mode (git-fixes).\n- media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove (git-fixes).\n- media: cec: extron-da-hd-4k-plus: drop external-module make commands (git-fixes).\n- media: cx18: Add missing check after DMA map (git-fixes).\n- media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() (stable-fixes).\n- media: dvb-frontends: w7090p: fix null-ptr-deref in\n w7090p_tuner_write_serpar and w7090p_tuner_read_serpar (stable-fixes).\n- media: gspca: Add bounds checking to firmware parser (git-fixes).\n- media: hi556: Fix reset GPIO timings (stable-fixes).\n- media: hi556: correct the test pattern configuration (git-fixes).\n- media: i2c: mt9v111: fix incorrect type for ret (git-fixes).\n- media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe (git-fixes).\n- media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() (git-fixes).\n- media: ipu-bridge: Add _HID for OV5670 (stable-fixes).\n- media: ipu6: isys: Use correct pads for xlate_streams() (git-fixes).\n- media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls (git-fixes).\n- media: lirc: Fix error handling in lirc_register() (git-fixes).\n- media: mc: Fix MUST_CONNECT handling for pads with no links (git-fixes).\n- media: mt9m114: Fix deadlock in get_frame_interval/set_frame_interval (git-fixes).\n- media: ov2659: Fix memory leaks in ov2659_probe() (git-fixes).\n- media: pci: ivtv: Add missing check after DMA map (git-fixes).\n- media: pci: mg4b: fix uninitialized iio scan data (git-fixes).\n- media: pisp_be: Fix pm_runtime underrun in probe (git-fixes).\n- media: qcom: camss: cleanup media device allocated resource on error path (git-fixes).\n- media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() (git-fixes).\n- media: rc: fix races with imon_disconnect() (git-fixes).\n- media: rj54n1cb0c: Fix memleak in rj54n1_probe() (git-fixes).\n- media: s5p-mfc: remove an unused/uninitialized variable (git-fixes).\n- media: st-delta: avoid excessive stack usage (git-fixes).\n- media: tc358743: Check I2C succeeded during probe (stable-fixes).\n- media: tc358743: Increase FIFO trigger level to 374 (stable-fixes).\n- media: tc358743: Return an appropriate colorspace from tc358743_set_fmt (stable-fixes).\n- media: ti: j721e-csi2rx: Fix source subdev link creation (git-fixes).\n- media: ti: j721e-csi2rx: Use devm_of_platform_populate (git-fixes).\n- media: ti: j721e-csi2rx: fix list_del corruption (git-fixes).\n- media: tuner: xc5000: Fix use-after-free in xc5000_release (git-fixes).\n- media: usb: hdpvr: disable zero-length read messages (stable-fixes).\n- media: usbtv: Lock resolution while streaming (git-fixes).\n- media: uvcvideo: Add quirk for HP Webcam HD 2300 (stable-fixes).\n- media: uvcvideo: Do not mark valid metadata as invalid (git-fixes).\n- media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() (git-fixes).\n- media: uvcvideo: Fix bandwidth issue for Alcor camera (stable-fixes).\n- media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID (git-fixes).\n- media: uvcvideo: Rollback non processed entities on error (git-fixes).\n- media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control (stable-fixes).\n- media: v4l2-ctrls: Do not reset handler\u0027s error in v4l2_ctrl_handler_free() (git-fixes).\n- media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check (git-fixes).\n- media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() (git-fixes).\n- media: v4l2: Add support for NV12M tiled variants to v4l2_format_info() (git-fixes).\n- media: venus: Add a check for packet size after reading from shared memory (git-fixes).\n- media: venus: Fix MSM8998 frequency table (git-fixes).\n- media: venus: Fix OOB read due to missing payload bound check (git-fixes).\n- media: venus: firmware: Use correct reset sequence for IRIS2 (git-fixes).\n- media: venus: hfi: explicitly release IRQ during teardown (git-fixes).\n- media: venus: protect against spurious interrupts during probe (git-fixes).\n- media: venus: vdec: Clamp param smaller than 1fps and bigger than 240 (git-fixes).\n- media: venus: venc: Clamp param smaller than 1fps and bigger than 240 (git-fixes).\n- media: verisilicon: Fix AV1 decoder clock frequency (git-fixes).\n- media: vivid: fix wrong pixel_array control size (git-fixes).\n- media: zoran: Remove zoran_fh structure (git-fixes).\n- mei: bus: Check for still connected devices in mei_cl_bus_dev_release() (stable-fixes).\n- mei: vsc: Destroy mutex after freeing the IRQ (git-fixes).\n- mei: vsc: Do not re-init VSC from mei_vsc_hw_reset() on stop (git-fixes).\n- mei: vsc: Drop unused vsc_tp_request_irq() and vsc_tp_free_irq() (stable-fixes).\n- mei: vsc: Event notifier fixes (git-fixes).\n- mei: vsc: Fix \"BUG: Invalid wait context\" lockdep error (git-fixes).\n- mei: vsc: Run event callback from a workqueue (git-fixes).\n- mei: vsc: Unset the event callback on remove and probe errors (git-fixes).\n- memory: mtk-smi: Add ostd setting for mt8186 (git-fixes).\n- memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe (git-fixes).\n- memstick: Fix deadlock by moving removing flag earlier (git-fixes).\n- mfd: axp20x: Set explicit ID for AXP313 regulator (stable-fixes).\n- mfd: cros_ec: Separate charge-control probing from USB-PD (git-fixes).\n- mfd: exynos-lpass: Fix another error handling path in exynos_lpass_probe() (git-fixes).\n- mfd: rz-mtu3: Fix MTU5 NFCR register offset (git-fixes).\n- mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() (git-fixes).\n- microchip: lan865x: Fix LAN8651 autoloading (git-fixes).\n- microchip: lan865x: Fix module autoloading (git-fixes).\n- microchip: lan865x: fix missing Timer Increment config for Rev.B0/B1 (git-fixes).\n- microchip: lan865x: fix missing netif_start_queue() call on device open (git-fixes).\n- misc: fastrpc: Fix fastrpc_map_lookup operation (git-fixes).\n- misc: fastrpc: Save actual DMA size in fastrpc_map structure (git-fixes).\n- misc: fastrpc: Skip reference for DMA handles (git-fixes).\n- misc: fastrpc: fix possible map leak in fastrpc_put_args (git-fixes).\n- misc: genwqe: Fix incorrect cmd field being reported in error (git-fixes).\n- misc: pci_endpoint_test: Fix \u0027irq_type\u0027 to convey the correct type (git-fixes).\n- misc: pci_endpoint_test: Give disabled BARs a distinct error code (stable-fixes).\n- misc: rtsx: usb: Ensure mmc child device is active when card is present (git-fixes).\n- mm/damon/core: avoid destroyed target reference from DAMOS quota (git-fixes).\n- mm/damon/core: prevent unnecessary overflow in damos_set_effective_quota() (git-fixes).\n- mm/damon/core: set quota-\u003echarged_from to jiffies at first charge window (git-fixes).\n- mm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters() (git-fixes).\n- mm/damon/ops-common: ignore migration request to invalid nodes (git-fixes).\n- mm/damon/reclaim: avoid divide-by-zero in damon_reclaim_apply_parameters() (git-fixes).\n- mm/damon/sysfs: fix use-after-free in state_show() (git-fixes).\n- mm/memory-failure: fix redundant updates for already poisoned pages (bsc#1250087).\n- mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() (git-fixes)\n- mm/userfaultfd: fix kmap_local LIFO ordering for CONFIG_HIGHPTE (git-fixes).\n- mm: close theoretical race where stale TLB entries could linger (git-fixes).\n- mm: fault in complete folios instead of individual pages for tmpfs (git-fixes).\n- mm: fix the inaccurate memory statistics issue for users (bsc#1244723).\n- mm: introduce and use {pgd,p4d}_populate_kernel() (git-fixes).\n- mm: khugepaged: fix call hpage_collapse_scan_file() for anonymous vma (git-fixes).\n- mm: memory-tiering: fix PGPROMOTE_CANDIDATE counting (bsc#1245630).\n- mm: memory-tiering: fix PGPROMOTE_CANDIDATE counting - kabi (bsc#1245630).\n- mm: move page table sync declarations to linux/pgtable.h (git-fixes).\n- mm: swap: fix potential buffer overflow in setup_clusters() (git-fixes).\n- mmc: core: Fix variable shadowing in mmc_route_rpmb_frames() (git-fixes).\n- mmc: mvsdio: Fix dma_unmap_sg() nents value (git-fixes).\n- mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() (stable-fixes).\n- mmc: sdhci-cadence: add Mobileye eyeQ support (stable-fixes).\n- mmc: sdhci-msm: Ensure SD card power isn\u0027t ON when card removed (stable-fixes).\n- mmc: sdhci-of-arasan: Ensure CD logic stabilization before power-up (stable-fixes).\n- mmc: sdhci-of-arasan: Support for emmc hardware reset (stable-fixes).\n- mmc: sdhci-pci-gli: Add a new function to simplify the code (git-fixes).\n- mmc: sdhci-pci-gli: GL9763e: Mask the replay timer timeout of AER (git-fixes).\n- mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency (git-fixes).\n- mmc: sdhci_am654: Disable HS400 for AM62P SR1.0 and SR1.1 (git-fixes).\n- module: Fix memory deallocation on error path in move_module() (git-fixes).\n- module: Prevent silent truncation of module name in delete_module(2) (git-fixes).\n- module: Remove unnecessary +1 from last_unloaded_module::name size (git-fixes).\n- module: Restore the moduleparam prefix length check (git-fixes).\n- most: core: Drop device reference after usage in get_channel() (git-fixes).\n- mptcp: fix spurious wake-up on under memory pressure (git-fixes).\n- mtd: fix possible integer overflow in erase_xfer() (git-fixes).\n- mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing (git-fixes).\n- mtd: rawnand: atmel: Fix dma_mapping_error() address (git-fixes).\n- mtd: rawnand: atmel: Fix error handling path in atmel_nand_controller_add_nands (git-fixes).\n- mtd: rawnand: atmel: set pmecc data setup time (git-fixes).\n- mtd: rawnand: fsmc: Add missing check after DMA map (git-fixes).\n- mtd: rawnand: omap2: fix device leak on probe failure (git-fixes).\n- mtd: rawnand: qcom: Fix last codeword read in qcom_param_page_type_exec() (git-fixes).\n- mtd: rawnand: renesas: Add missing check after DMA map (git-fixes).\n- mtd: rawnand: rockchip: Add missing check after DMA map (git-fixes).\n- mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer (git-fixes).\n- mtd: rawnand: stm32_fmc2: fix ECC overwrite (git-fixes).\n- mtd: spi-nor: Fix spi_nor_try_unlock_all() (git-fixes).\n- mtd: spi-nor: spansion: Fixup params-\u003eset_4byte_addr_mode for SEMPER (git-fixes).\n- mtd: spinand: propagate spinand_wait() errors from spinand_write_page() (git-fixes).\n- mwl8k: Add missing check after DMA map (git-fixes).\n- neighbour: Fix null-ptr-deref in neigh_flush_dev() (git-fixes).\n- net/mlx5: Base ECVF devlink port attrs from 0 (git-fixes).\n- net/mlx5: CT: Use the correct counter offset (git-fixes).\n- net/mlx5: Check device memory pointer before usage (git-fixes).\n- net/mlx5: Correctly set gso_segs when LRO is used (git-fixes).\n- net/mlx5: Correctly set gso_size when LRO is used (git-fixes).\n- net/mlx5: E-Switch, Fix peer miss rules to use peer eswitch (git-fixes).\n- net/mlx5: Fix lockdep assertion on sync reset unload event (git-fixes).\n- net/mlx5: Fix memory leak in cmd_exec() (git-fixes).\n- net/mlx5: HWS, Fix memory leak in hws_action_get_shared_stc_nic error flow (git-fixes).\n- net/mlx5: HWS, Fix pattern destruction in mlx5hws_pat_get_pattern error path (git-fixes).\n- net/mlx5: HWS, fix bad parameter in CQ creation (git-fixes).\n- net/mlx5: Nack sync reset when SFs are present (git-fixes).\n- net/mlx5: Prevent flow steering mode changes in switchdev mode (git-fixes).\n- net/mlx5: Reload auxiliary drivers on fw_activate (git-fixes).\n- net/mlx5e: Add new prio for promiscuous mode (git-fixes).\n- net/mlx5e: Clear Read-Only port buffer size in PBMC before update (git-fixes).\n- net/mlx5e: Preserve shared buffer capacity during headroom updates (git-fixes).\n- net/mlx5e: Remove skb secpath if xfrm state is not found (git-fixes).\n- net/mlx5e: Set local Xoff after FW update (git-fixes).\n- net/mlx5e: Update and set Xon/Xoff upon MTU set (git-fixes).\n- net/mlx5e: Update and set Xon/Xoff upon port speed set (git-fixes).\n- net/packet: fix a race in packet_set_ring() and packet_notifier() (git-fixes).\n- net/sched: Restrict conditions for adding duplicating netems to qdisc tree (git-fixes).\n- net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing (git-fixes).\n- net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (git-fixes).\n- net/sched: taprio: enforce minimum value for picos_per_byte (git-fixes).\n- net/smc: check sndbuf_space again after NOSPACE flag is set in smc_poll (git-fixes).\n- net: 802: LLC+SNAP OID:PID lookup on start of skb data (git-fixes).\n- net: dsa: restore dsa_software_vlan_untag() ability to operate on VLAN-untagged traffic (git-fixes).\n- net: dsa: tag_ocelot_8021q: fix broken reception (git-fixes).\n- net: hsr: fix fill_frame_info() regression vs VLAN packets (git-fixes).\n- net: hsr: fix hsr_init_sk() vs network/transport headers (git-fixes).\n- net: hv_netvsc: fix loss of early receive events from host during channel open (git-fixes).\n- net: ieee8021q: fix insufficient table-size assertion (stable-fixes).\n- net: llc: reset skb-\u003etransport_header (git-fixes).\n- net: mana: Add handler for hardware servicing events (bsc#1245730).\n- net: mana: Add speed support in mana_get_link_ksettings (bsc#1245726).\n- net: mana: Add support for net_shaper_ops (bsc#1245726).\n- net: mana: Allocate MSI-X vectors dynamically (bsc#1245457).\n- net: mana: Allow irq_setup() to skip cpus for affinity (bsc#1245457).\n- net: mana: Expose additional hardware counters for drop and TC via ethtool (bsc#1245729).\n- net: mana: Fix build errors when CONFIG_NET_SHAPER is disabled (gix-fixes).\n- net: mana: Fix potential deadlocks in mana napi ops (bsc#1245726).\n- net: mana: Handle Reset Request from MANA NIC (bsc#1245728).\n- net: mana: Handle unsupported HWC commands (bsc#1245726).\n- net: mana: Set tx_packets to post gso processing packet count (bsc#1245731).\n- net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754).\n- net: mana: explain irq_setup() algorithm (bsc#1245457).\n- net: mana: fix spelling for mana_gd_deregiser_irq() (git-fixes).\n- net: mctp: handle skb cleanup on sock_queue failures (git-fixes).\n- net: mdio: mdio-bcm-unimac: Correct rate fallback logic (git-fixes).\n- net: nfc: nci: Add parameter validation for packet data (git-fixes).\n- net: page_pool: allow enabling recycling late, fix false positive warning (git-fixes).\n- net: phy: bcm54811: PHY initialization (stable-fixes).\n- net: phy: fix phy_uses_state_machine() (git-fixes).\n- net: phy: micrel: Add ksz9131_resume() (stable-fixes).\n- net: phy: micrel: fix KSZ8081/KSZ8091 cable test (git-fixes).\n- net: phy: smsc: add proper reset flags for LAN8710A (stable-fixes).\n- net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer (git-fixes).\n- net: rose: convert \u0027use\u0027 field to refcount_t (git-fixes).\n- net: rose: fix a typo in rose_clear_routes() (git-fixes).\n- net: rose: include node references in rose_neigh refcount (git-fixes).\n- net: rose: split remove and free operations in rose_remove_neigh() (stable-fixes).\n- net: thunderbolt: Enable end-to-end flow control also in transmit (stable-fixes).\n- net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths() (stable-fixes).\n- net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast (git-fixes).\n- net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock (git-fixes).\n- net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization (git-fixes).\n- net: usb: asix_devices: add phy_mask for ax88772 mdio bus (git-fixes).\n- net: usb: cdc-ncm: check for filtering capability (git-fixes).\n- net: usb: qmi_wwan: add Telit Cinterion FN990A w/audio composition (stable-fixes).\n- net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions (git-fixes).\n- net: usb: qmi_wwan: fix Telit Cinterion FE990A name (stable-fixes).\n- net: usb: qmi_wwan: fix Telit Cinterion FN990A name (stable-fixes).\n- net: usbnet: Avoid potential RCU stall on LINK_CHANGE event (git-fixes).\n- net: usbnet: Fix the wrong netif_carrier_on() call (git-fixes).\n- netfilter: ctnetlink: fix refcount leak on table dump (git-fixes).\n- netfilter: ctnetlink: remove refcounting in expectation dumpers (git-fixes).\n- netfilter: nf_conncount: garbage collection is not skipped when jiffies wrap around (git-fixes).\n- netfilter: nf_nat: also check reverse tuple to obtain clashing entry (git-fixes).\n- netfilter: nf_reject: do not leak dst refcount for loopback packets (git-fixes).\n- netfilter: nf_tables: Drop dead code from fill_*_info routines (git-fixes).\n- netfilter: nf_tables: adjust lockdep assertions handling (git-fixes).\n- netfilter: nf_tables: fix set size with rbtree backend (git-fixes).\n- netfilter: nf_tables: imbalance in flowtable binding (git-fixes).\n- netfilter: nft_ct: Use __refcount_inc() for per-CPU nft_ct_pcpu_template (git-fixes).\n- netfilter: nft_flow_offload: update tcp state flags under lock (git-fixes).\n- netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237).\n- netfilter: nft_set_hash: skip duplicated elements pending gc run (git-fixes).\n- netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext (git-fixes).\n- netfilter: nft_set_pipapo: prefer kvmalloc for scratch maps (git-fixes).\n- netfilter: nft_tunnel: fix geneve_opt dump (git-fixes).\n- netfilter: xtables: support arpt_mark and ipv6 optstrip for iptables-nft only builds (git-fixes).\n- netlink: fix policy dump for int with validation callback (jsc#PED-13331).\n- netlink: specs: devlink: replace underscores with dashes in names (jsc#PED-13331).\n- netpoll: prevent hanging NAPI when netcons gets enabled (git-fixes).\n- nfs/localio: add direct IO enablement with sync and async IO support (git-fixes).\n- nfs/localio: remove extra indirect nfs_to call to check {read,write}_iter (git-fixes).\n- nfsd: Fix NFSD_MAY_BYPASS_GSS and NFSD_MAY_BYPASS_GSS_ON_ROOT (git-fixes).\n- nfsd: fix access checking for NLM under XPRTSEC policies (git-fixes).\n- nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (git-fixes).\n- nouveau: fix disabling the nonstall irq due to storm code (git-fixes).\n- nvme-auth: update bi_directional flag (git-fixes).\n- nvme-fc: use lock accessing port_state and rport state (bsc#1245193 bsc#1247500).\n- nvme-pci: try function level reset on init failure (git-fixes).\n- nvme-tcp: log TLS handshake failures at error level (git-fixes).\n- nvme-tcp: send only permitted commands for secure concat (git-fixes).\n- nvme: fix PI insert on write (git-fixes).\n- nvme: fix endianness of command word prints in nvme_log_err_passthru() (git-fixes).\n- nvme: fix inconsistent RCU list manipulation in nvme_ns_add_to_ctrl_list() (git-fixes).\n- nvme: fix misaccounting of nvme-mpath inflight I/O (git-fixes).\n- nvmet-fc: avoid scheduling association deletion twice (bsc#1245193 bsc#1247500).\n- nvmet-fc: move lsop put work to nvmet_fc_ls_req_op (bsc#1245193 bsc#1247500).\n- nvmet-fcloop: call done callback even when remote port is gone (bsc#1245193 bsc#1247500).\n- nvmet-tcp: fix callback lock for TLS handshake (git-fixes).\n- nvmet: exit debugfs after discovery subsystem exits (git-fixes).\n- nvmet: initialize discovery subsys after debugfs is initialized (git-fixes).\n- nvmet: pci-epf: Do not complete commands twice if nvmet_req_init() fails (git-fixes).\n- objtool, ASoC: codecs: wcd934x: Remove potential undefined behavior in wcd934x_slim_irq_handler() (stable-fixes).\n- objtool, lkdtm: Obfuscate the do_nothing() pointer (stable-fixes).\n- objtool, regulator: rk808: Remove potential undefined behavior in rk806_set_mode_dcdc() (stable-fixes).\n- of: dynamic: Fix memleak when of_pci_add_properties() failed (git-fixes).\n- of: dynamic: Fix use after free in of_changeset_add_prop_helper() (git-fixes).\n- of: resolver: Fix device node refcount leakage in of_resolve_phandles() (git-fixes).\n- of: resolver: Simplify of_resolve_phandles() using __free() (stable-fixes).\n- of: unittest: Fix device reference count leak in of_unittest_pci_node_verify (git-fixes).\n- of: unittest: Unlock on error in unittest_data_add() (git-fixes).\n- pNFS/flexfiles: do not attempt pnfs on fatal DS errors (git-fixes).\n- pNFS: Fix disk addr range check in block/scsi layout (git-fixes).\n- pNFS: Fix stripe mapping in block/scsi layout (git-fixes).\n- pNFS: Fix uninited ptr deref in block/scsi layout (git-fixes).\n- pNFS: Handle RPC size limit for layoutcommits (git-fixes).\n- percpu: fix race on alloc failed warning limit (git-fixes).\n- perf bpf-event: Fix use-after-free in synthesis (git-fixes).\n- perf bpf-utils: Constify bpil_array_desc (git-fixes).\n- perf bpf-utils: Harden get_bpf_prog_info_linear (git-fixes).\n- perf dso: Add missed dso__put to dso__load_kcore (git-fixes).\n- perf hwmon_pmu: Avoid shortening hwmon PMU name (git-fixes).\n- perf parse-events: Set default GH modifier properly (git-fixes).\n- perf record: Cache build-ID of hit DSOs only (git-fixes).\n- perf sched: Fix memory leaks for evsel-\u003epriv in timehist (git-fixes).\n- perf sched: Fix memory leaks in \u0027perf sched latency\u0027 (git-fixes).\n- perf sched: Fix memory leaks in \u0027perf sched map\u0027 (git-fixes).\n- perf sched: Fix thread leaks in \u0027perf sched timehist\u0027 (git-fixes).\n- perf sched: Free thread-\u003epriv using priv_destructor (git-fixes).\n- perf sched: Make sure it frees the usage string (git-fixes).\n- perf sched: Use RC_CHK_EQUAL() to compare pointers (git-fixes).\n- perf symbol-minimal: Fix ehdr reading in filename__read_build_id (git-fixes).\n- perf test: Fix a build error in x86 topdown test (git-fixes).\n- perf tests bp_account: Fix leaked file descriptor (git-fixes).\n- perf tools: Remove libtraceevent in .gitignore (git-fixes).\n- perf topdown: Use attribute to see an event is a topdown metic or slots (git-fixes).\n- perf trace: Remove --map-dump documentation (git-fixes).\n- phy: fsl-imx8mq-usb: fix phy_tx_vboost_level_from_property() (git-fixes).\n- phy: mscc: Fix parsing of unicast frames (git-fixes).\n- phy: mscc: Fix timestamping for vsc8584 (git-fixes).\n- phy: qcom: phy-qcom-m31: Update IPQ5332 M31 USB phy initialization sequence (git-fixes).\n- phy: qualcomm: phy-qcom-eusb2-repeater: Do not zero-out registers (git-fixes).\n- phy: qualcomm: phy-qcom-eusb2-repeater: fix override properties (git-fixes).\n- phy: rockchip-pcie: Properly disable TEST_WRITE strobe signal (stable-fixes).\n- phy: rockchip: naneng-combphy: Enable U3 OTG port for RK3568 (git-fixes).\n- phy: rockchip: samsung-hdptx: Do no set rk_hdptx_phy-\u003erate in case of errors (git-fixes).\n- phy: rockchip: samsung-hdptx: Fix clock ratio setup (git-fixes).\n- phy: tegra: xusb: fix device and OF node leak at probe (git-fixes).\n- phy: ti-pipe3: fix device leak at unbind (git-fixes).\n- phy: ti: omap-usb2: fix device leak at unbind (git-fixes).\n- pidfs: Fix memory leak in pidfd_info() (jsc#PED-13113).\n- pidfs: raise SB_I_NODEV and SB_I_NOEXEC (bsc#1249562).\n- pinctrl: STMFX: add missing HAS_IOMEM dependency (git-fixes).\n- pinctrl: berlin: fix memory leak in berlin_pinctrl_build_state() (git-fixes).\n- pinctrl: equilibrium: Remove redundant semicolons (git-fixes).\n- pinctrl: meson-gxl: add missing i2c_d pinmux (git-fixes).\n- pinctrl: renesas: Use int type to store negative error codes (git-fixes).\n- pinctrl: renesas: rzg2l: Fix invalid unsigned return in rzg3s_oen_read() (git-fixes).\n- pinctrl: samsung: Drop unused S3C24xx driver data (git-fixes).\n- pinctrl: stm32: Manage irq affinity settings (stable-fixes).\n- pinctrl: sunxi: Fix memory leak on krealloc failure (git-fixes).\n- pinmux: fix race causing mux_owner NULL with active mux_usecount (git-fixes).\n- platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() (git-fixes).\n- platform/chrome: cros_ec_sensorhub: Retries when a sensor is not ready (stable-fixes).\n- platform/chrome: cros_ec_typec: Defer probe on missing EC parent (stable-fixes).\n- platform/mellanox: mlxbf-pmc: Remove newline char from event name input (git-fixes).\n- platform/mellanox: mlxbf-pmc: Use kstrtobool() to check 0/1 input (git-fixes).\n- platform/mellanox: mlxbf-pmc: Validate event/enable input (git-fixes).\n- platform/x86/amd/hsmp: Ensure sock-\u003emetric_tbl_addr is non-NULL (git-fixes).\n- platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042 list (stable-fixes).\n- platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious 8042 quirks list (stable-fixes).\n- platform/x86/amd/pmc: Add TUXEDO IB Pro Gen10 AMD to spurious 8042 quirks list (stable-fixes).\n- platform/x86/amd/pmf: Support new ACPI ID AMDI0108 (stable-fixes).\n- platform/x86/amd: pmc: Add Lenovo Yoga 6 13ALC6 to pmc quirk list (stable-fixes).\n- platform/x86/intel-uncore-freq: Check write blocked for ELC (git-fixes).\n- platform/x86/intel: power-domains: Use topology_logical_package_id() for package ID (git-fixes).\n- platform/x86: Fix initialization order for firmware_attributes_class (git-fixes).\n- platform/x86: asus-nb-wmi: add DMI quirk for ASUS Zenbook Duo UX8406CA (stable-fixes).\n- platform/x86: asus-wmi: Fix ROG button mapping, tablet mode on ASUS ROG Z13 (stable-fixes).\n- platform/x86: asus-wmi: Re-add extra keys to ignore_key_wlan quirk (git-fixes).\n- platform/x86: asus-wmi: Remove extra keys from ignore_key_wlan quirk (git-fixes).\n- platform/x86: ideapad-laptop: Fix FnLock not remembered among boots (git-fixes).\n- platform/x86: ideapad-laptop: Fix kbd backlight not remembered among boots (git-fixes).\n- platform/x86: lg-laptop: Fix WMAB call in fan_mode_store() (git-fixes).\n- pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() (stable-fixes).\n- pm: cpupower: bench: Prevent NULL dereference on malloc failure (stable-fixes).\n- power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery (git-fixes).\n- power: supply: bq27xxx: restrict no-battery detection to bq27000 (git-fixes).\n- power: supply: cpcap-charger: Fix null check for power_supply_get_by_name (git-fixes).\n- power: supply: cw2015: Fix a alignment coding style issue (git-fixes).\n- power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set (git-fixes).\n- power: supply: max77976_charger: fix constant current reporting (git-fixes).\n- power: supply: qcom_battmgr: Add lithium-polymer entry (stable-fixes).\n- powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() (git-fixes).\n- powerpc/eeh: Export eeh_unfreeze_pe() (bsc#1215199).\n- powerpc/eeh: Make EEH driver device hotplug safe (bsc#1215199).\n- powerpc/ftrace: ensure ftrace record ops are always set for NOPs (git-fixes).\n- powerpc/ftrace: ensure ftrace record ops are always set for NOPs (jsc#PED-10909 git-fixes).\n- powerpc/kernel: Fix ppc_save_regs inclusion in build (bsc#1215199).\n- powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199).\n- powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199).\n- powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199).\n- powerpc/pseries: Correct secvar format representation for static key management (jsc#PED-13345 jsc#PED-13343).\n- powerpc/secvar: Expose secvars relevant to the key management mode (jsc#PED-13345 jsc#PED-13343).\n- powerpc64/modules: correctly iterate over stubs in setup_ftrace_ool_stubs (jsc#PED-10909 git-fixes).\n- powerpc: do not build ppc_save_regs.o always (bsc#1215199).\n- powerpc: floppy: Add missing checks after DMA map (bsc#1215199).\n- pptp: fix pptp_xmit() error path (git-fixes).\n- printk: nbcon: Allow reacquire during panic (bsc#1246688).\n- psample: adjust size if rate_as_probability is set (git-fixes).\n- ptp: fix breakage after ptp_vclock_in_use() rework (git-fixes).\n- pwm: berlin: Fix wrong register in suspend/resume (git-fixes).\n- pwm: imx-tpm: Reset counter if CMOD is 0 (git-fixes).\n- pwm: mediatek: Fix duty and period setting (git-fixes).\n- pwm: mediatek: Handle hardware enable and clock enable separately (stable-fixes).\n- pwm: rockchip: Round period/duty down on apply, up on get (git-fixes).\n- pwm: tiehrpwm: Do not drop runtime PM reference in .free() (git-fixes).\n- pwm: tiehrpwm: Fix corner case in clock divisor calculation (git-fixes).\n- pwm: tiehrpwm: Fix various off-by-one errors in duty-cycle calculation (git-fixes).\n- pwm: tiehrpwm: Make code comment in .free() more useful (git-fixes).\n- r8169: add support for RTL8125D (stable-fixes).\n- r8169: disable RTL8126 ZRX-DC timeout (stable-fixes).\n- r8169: do not scan PHY addresses \u003e 0 (stable-fixes).\n- rcu: Fix racy re-initialization of irq_work causing hangs (git-fixes)\n- regmap: Remove superfluous check for !config in __regmap_init() (git-fixes).\n- regulator: core: fix NULL dereference on unbind due to stale coupling data (stable-fixes).\n- regulator: scmi: Use int type to store negative error codes (git-fixes).\n- regulator: sy7636a: fix lifecycle of power good gpio (git-fixes).\n- reset: brcmstb: Enable reset drivers for ARCH_BCM2835 (stable-fixes).\n- reset: eyeq: fix OF node leak (git-fixes).\n- resource: Add resource set range and size helpers (jsc#PED-13728 jsc#PED-13762).\n- resource: fix false warning in __request_region() (git-fixes).\n- ring-buffer: Do not allow events in NMI with generic atomic64 cmpxchg() (git-fixes).\n- ring-buffer: Make reading page consistent with the code logic (git-fixes).\n- rpm/config.sh: SLFO 1.2 is now synced to OBS as well\n- rtc: ds1307: fix incorrect maximum clock rate handling (git-fixes).\n- rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 (stable-fixes).\n- rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe (stable-fixes).\n- rtc: hym8563: fix incorrect maximum clock rate handling (git-fixes).\n- rtc: nct3018y: fix incorrect maximum clock rate handling (git-fixes).\n- rtc: optee: fix memory leak on driver removal (git-fixes).\n- rtc: pcf85063: fix incorrect maximum clock rate handling (git-fixes).\n- rtc: pcf8563: fix incorrect maximum clock rate handling (git-fixes).\n- rtc: rv3028: fix incorrect maximum clock rate handling (git-fixes).\n- rtc: x1205: Fix Xicor X1205 vendor prefix (git-fixes).\n- s390/ap: Unmask SLCF bit in card and queue ap functions sysfs (git-fixes bsc#1247837).\n- s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again (git-fixes bsc#1246868).\n- s390/cpum_cf: Deny all sampling events by counter PMU (git-fixes bsc#1249477).\n- s390/early: Copy last breaking event address to pt_regs (git-fixes bsc#1249061).\n- s390/hypfs: Avoid unnecessary ioctl registration in debugfs (bsc#1248727 git-fixes).\n- s390/hypfs: Enable limited access during lockdown (bsc#1248727 git-fixes).\n- s390/ism: fix concurrency management in ism_cmd() (git-fixes bsc#1247372).\n- s390/mm: Allocate page table with PAGE_SIZE granularity (git-fixes bsc#1247838).\n- s390/mm: Do not map lowcore with identity mapping (git-fixes bsc#1249066).\n- s390/mm: Remove possible false-positive warning in pte_free_defer() (git-fixes bsc#1247366).\n- s390/pai: Deny all events not handled by this PMU (git-fixes bsc#1249478).\n- s390/pci: Allow automatic recovery with minimal driver support (bsc#1248728 git-fixes).\n- s390/sclp: Fix SCCB present check (git-fixes bsc#1249065).\n- s390/stp: Remove udelay from stp_sync_clock() (git-fixes bsc#1249062).\n- s390/time: Use monotonic clock in get_cycles() (git-fixes bsc#1249064).\n- samples/bpf: Fix compilation failure for samples/bpf on LoongArch Fedora (git-fixes).\n- samples: mei: Fix building on musl libc (git-fixes).\n- sched/deadline: Always stop dl-server before changing parameters (bsc#1247936).\n- sched/deadline: Do not count nr_running for dl_server proxy tasks (git-fixes, bsc#1247936).\n- sched/deadline: Fix RT task potential starvation when expiry time passed (git-fixes, bsc#1247936).\n- sched/deadline: Fix dl_server_stopped() (bsc#1247936).\n- sched/deadline: Initialize dl_servers after SMP (git-fixes)\n- sched_ext, sched/core: Do not call scx_group_set_weight() (git-fixes)\n- scsi: Revert \"scsi: iscsi: Fix HW conn removal use after free\" (git-fixes).\n- scsi: core: Fix kernel doc for scsi_track_queue_full() (git-fixes).\n- scsi: elx: efct: Fix dma_unmap_sg() nents value (git-fixes).\n- scsi: fc: Avoid -Wflex-array-member-not-at-end warnings (bsc#1250519).\n- scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value (git-fixes).\n- scsi: isci: Fix dma_unmap_sg() nents value (git-fixes).\n- scsi: lpfc: Abort outstanding ELS WQEs regardless of if rmmod is in progress (bsc#1250519).\n- scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET (bsc#1250519).\n- scsi: lpfc: Clean up allocated queues when queue setup mbox commands fail (bsc#1250519).\n- scsi: lpfc: Clean up extraneous phba dentries (bsc#1250519).\n- scsi: lpfc: Convert debugfs directory counts from atomic to unsigned int (bsc#1250519).\n- scsi: lpfc: Copyright updates for 14.4.0.11 patches (bsc#1250519).\n- scsi: lpfc: Decrement ndlp kref after FDISC retries exhausted (bsc#1250519).\n- scsi: lpfc: Define size of debugfs entry for xri rebalancing (bsc#1250519).\n- scsi: lpfc: Ensure PLOGI_ACC is sent prior to PRLI in Point to Point topology (bsc#1250519).\n- scsi: lpfc: Fix buffer free/clear order in deferred receive path (bsc#1250519).\n- scsi: lpfc: Fix wrong function reference in a comment (bsc#1250519).\n- scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup (bsc#1250519).\n- scsi: lpfc: Remove redundant assignment to avoid memory leak (bsc#1250519).\n- scsi: lpfc: Remove unused member variables in struct lpfc_hba and lpfc_vport (bsc#1250519).\n- scsi: lpfc: Update lpfc version to 14.4.0.11 (bsc#1250519).\n- scsi: lpfc: Use int type to store negative error codes (bsc#1250519).\n- scsi: lpfc: Use switch case statements in DIF debugfs handlers (bsc#1250519).\n- scsi: lpfc: use min() to improve code (bsc#1250519).\n- scsi: mpi3mr: Event processing debug improvement (bsc#1251186).\n- scsi: mpi3mr: Fix I/O failures during controller reset (bsc#1251186).\n- scsi: mpi3mr: Fix controller init failure on fault during queue creation (bsc#1251186).\n- scsi: mpi3mr: Fix device loss during enclosure reboot due to zero link speed (bsc#1251186).\n- scsi: mpi3mr: Fix kernel-doc issues in mpi3mr_app.c (git-fixes).\n- scsi: mpi3mr: Fix premature TM timeouts on virtual drives (bsc#1251186).\n- scsi: mpi3mr: Fix race between config read submit and interrupt completion (git-fixes).\n- scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems (git-fixes).\n- scsi: mpi3mr: Update MPI headers to revision 37 (bsc#1251186).\n- scsi: mpi3mr: Update driver version to 8.15.0.5.50 (bsc#1251186).\n- scsi: mpt3sas: Fix a fw_event memory leak (git-fixes).\n- scsi: mvsas: Fix dma_unmap_sg() nents value (git-fixes).\n- scsi: qla2xxx: Avoid stack frame size warning in qla_dfs (git-fixes).\n- scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES() (git-fixes).\n- scsi: qla2xxx: Fix incorrect sign of error code in qla_nvme_xmt_ls_rsp() (git-fixes).\n- scsi: qla2xxx: Remove firmware URL (git-fixes).\n- scsi: qla2xxx: Use secs_to_jiffies() instead of msecs_to_jiffies() (git-fixes).\n- scsi: qla2xxx: edif: Fix incorrect sign of error code (git-fixes).\n- scsi: sd: Make sd shutdown issue START STOP UNIT appropriately (git-fixes).\n- scsi: smartpqi: Enhance WWID logging logic (bsc#1246631).\n- scsi: smartpqi: Take drives offline when controller is offline (bsc#1246631).\n- scsi: smartpqi: Update driver version to 2.1.34-035 (bsc#1246631).\n- scsi: ufs: Fix toggling of clk_gating.state when clock gating is not allowed (git-fixes).\n- scsi: ufs: Introduce quirk to extend PA_HIBERN8TIME for UFS devices (git-fixes).\n- scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails (git-fixes).\n- scsi: ufs: core: Add missing post notify for power mode change (git-fixes).\n- scsi: ufs: core: Add ufshcd_send_bsg_uic_cmd() for UFS BSG (git-fixes).\n- scsi: ufs: core: Always initialize the UIC done completion (git-fixes).\n- scsi: ufs: core: Do not perform UFS clkscaling during host async scan (git-fixes).\n- scsi: ufs: core: Fix clk scaling to be conditional in reset and restore (git-fixes).\n- scsi: ufs: core: Fix error return with query response (git-fixes).\n- scsi: ufs: core: Fix spelling of a sysfs attribute name (git-fixes).\n- scsi: ufs: core: Fix ufshcd_is_ufs_dev_busy() and ufshcd_eh_timed_out() (git-fixes).\n- scsi: ufs: core: Honor runtime/system PM levels if set by host controller drivers (git-fixes).\n- scsi: ufs: core: Improve ufshcd_mcq_sq_cleanup() (git-fixes).\n- scsi: ufs: core: Introduce ufshcd_has_pending_tasks() (git-fixes).\n- scsi: ufs: core: Prepare to introduce a new clock_gating lock (git-fixes).\n- scsi: ufs: core: Remove redundant query_complete trace (git-fixes).\n- scsi: ufs: core: Set default runtime/system PM levels before ufshcd_hba_init() (git-fixes).\n- scsi: ufs: core: Update compl_time_stamp_local_clock after completing a cqe (git-fixes).\n- scsi: ufs: core: Use link recovery when h8 exit fails during runtime resume (git-fixes).\n- scsi: ufs: exynos: Add check inside exynos_ufs_config_smu() (git-fixes).\n- scsi: ufs: exynos: Add gs101_ufs_drv_init() hook and enable WriteBooster (git-fixes).\n- scsi: ufs: exynos: Enable PRDT pre-fetching with UFSHCD_CAP_CRYPTO (git-fixes).\n- scsi: ufs: exynos: Ensure consistent phy reference counts (git-fixes).\n- scsi: ufs: exynos: Ensure pre_link() executes before exynos_ufs_phy_init() (git-fixes).\n- scsi: ufs: exynos: Fix hibern8 notify callbacks (git-fixes).\n- scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE (git-fixes).\n- scsi: ufs: exynos: Move UFS shareability value to drvdata (git-fixes).\n- scsi: ufs: exynos: Move phy calls to .exit() callback (git-fixes).\n- scsi: ufs: exynos: Remove empty drv_init method (git-fixes).\n- scsi: ufs: exynos: Remove superfluous function parameter (git-fixes).\n- scsi: ufs: exynos: gs101: Put UFS device in reset on .suspend() (git-fixes).\n- scsi: ufs: mcq: Delete ufshcd_release_scsi_cmd() in ufshcd_mcq_abort() (git-fixes).\n- scsi: ufs: pltfrm: Disable runtime PM during removal of glue drivers (git-fixes).\n- scsi: ufs: pltfrm: Drop PM runtime reference count after ufshcd_remove() (git-fixes).\n- scsi: ufs: qcom: Fix crypto key eviction (git-fixes).\n- scsi: ufs: qcom: fix dev reference leaked through of_qcom_ice_get (git-fixes).\n- scsi: ufs: ufs-pci: Fix default runtime and system PM levels (git-fixes).\n- scsi: ufs: ufs-pci: Fix hibernate state transition for Intel MTL-like host controllers (git-fixes).\n- seccomp: Fix a race with WAIT_KILLABLE_RECV if the tracer replies too fast (git-fixes bsc#1250671).\n- selftest/livepatch: Only run test-kprobe with CONFIG_KPROBES_ON_FTRACE (poo#187320).\n- selftests/cpufreq: Fix cpufreq basic read and update testcases (bsc#1250344).\n- selftests/livepatch: Ignore NO_SUPPORT line in dmesg (poo#187320).\n- selftests/livepatch: Replace hardcoded module name with variable in test-callbacks.sh (poo#187320).\n- selftests/run_kselftest.sh: Fix help string for --per-test-log (poo#187320).\n- selftests/run_kselftest.sh: Use readlink if realpath is not available (poo#187320).\n- selftests/tracing: Fix false failure of subsystem event test (git-fixes).\n- selftests: ALSA: fix memory leak in utimer test (git-fixes).\n- selftests: livepatch: add new ftrace helpers functions (poo#187320).\n- selftests: livepatch: add test cases of stack_order sysfs interface (poo#187320).\n- selftests: livepatch: handle PRINTK_CALLER in check_result() (poo#187320).\n- selftests: livepatch: rename KLP_SYSFS_DIR to SYSFS_KLP_DIR (poo#187320).\n- selftests: livepatch: save and restore kprobe state (poo#187320).\n- selftests: livepatch: test if ftrace can trace a livepatched function (poo#187320).\n- selftests: livepatch: test livepatching a kprobed function (poo#187320).\n- selftests: ncdevmem: Move ncdevmem under drivers/net/hw (poo#187443).\n- selinux: change security_compute_sid to return the ssid or tsid on match (git-fixes).\n- selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len (stable-fixes).\n- serial: 8250: Touch watchdogs in write_atomic() (bsc#1246688).\n- serial: 8250: fix panic due to PSLVERR (git-fixes).\n- serial: max310x: Add error checking in probe() (git-fixes).\n- serial: sc16is7xx: fix bug in flow control levels init (git-fixes).\n- skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650).\n- slab: Decouple slab_debug and no_hash_pointers (bsc#1249022).\n- smb: client: fix crypto buffers in non-linear memory (bsc#1250491, boo#1239206).\n- smb: client: fix netns refcount leak after net_passive changes (git-fixes).\n- soc/tegra: cbb: Clear ERR_FORCE register with ERR_STATUS (git-fixes).\n- soc/tegra: pmc: Ensure power-domains are in a known state (git-fixes).\n- soc: mediatek: mtk-svs: fix device leaks on mt8183 probe failure (git-fixes).\n- soc: mediatek: mtk-svs: fix device leaks on mt8192 probe failure (git-fixes).\n- soc: qcom: QMI encoding/decoding for big endian (git-fixes).\n- soc: qcom: fix endianness for QMI header (git-fixes).\n- soc: qcom: mdt_loader: Actually use the e_phoff (stable-fixes).\n- soc: qcom: mdt_loader: Deal with zero e_shentsize (git-fixes).\n- soc: qcom: mdt_loader: Ensure we do not read past the ELF header (git-fixes).\n- soc: qcom: mdt_loader: Fix error return values in mdt_header_valid() (git-fixes).\n- soc: qcom: pmic_glink: fix OF node leak (git-fixes).\n- soc: qcom: rpmh-rsc: Add RSC version 4 support (stable-fixes).\n- soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS (git-fixes).\n- soundwire: Move handle_nested_irq outside of sdw_dev_lock (stable-fixes).\n- soundwire: amd: cancel pending slave status handling workqueue during remove sequence (stable-fixes).\n- soundwire: amd: fix for handling slave alerts after link is down (git-fixes).\n- soundwire: amd: serialize amd manager resume sequence during pm_prepare (stable-fixes).\n- soundwire: stream: restore params when prepare ports fail (git-fixes).\n- spi: bcm2835: Remove redundant semicolons (git-fixes).\n- spi: cadence-quadspi: Fix cqspi_setup_flash() (git-fixes).\n- spi: cadence-quadspi: Flush posted register writes before DAC access (git-fixes).\n- spi: cadence-quadspi: Flush posted register writes before INDAC access (git-fixes).\n- spi: cadence-quadspi: fix cleanup of rx_chan on failure paths (stable-fixes).\n- spi: cs42l43: Property entry should be a null-terminated array (bsc#1246979).\n- spi: fix return code when spi device has too many chipselects (git-fixes).\n- spi: mtk-snfi: Remove redundant semicolons (git-fixes).\n- spi: spi-fsl-lpspi: Clamp too high speed_hz (git-fixes).\n- spi: spi-fsl-lpspi: Clear status register after disabling the module (git-fixes).\n- spi: spi-fsl-lpspi: Fix transmissions when using CONT (git-fixes).\n- spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort (git-fixes).\n- spi: spi-fsl-lpspi: Set correct chip-select polarity bit (git-fixes).\n- spi: stm32: Check for cfg availability in stm32_spi_probe (git-fixes).\n- sprintf.h requires stdarg.h (git-fixes).\n- sprintf.h: mask additional include (git-fixes).\n- squashfs: fix memory leak in squashfs_fill_super (git-fixes).\n- staging: axis-fifo: fix TX handling on copy_from_user() failure (git-fixes).\n- staging: axis-fifo: fix maximum TX packet length check (git-fixes).\n- staging: axis-fifo: flush RX FIFO on read errors (git-fixes).\n- staging: axis-fifo: remove sysfs interface (git-fixes).\n- staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() (git-fixes).\n- staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int() (git-fixes).\n- staging: nvec: Fix incorrect null termination of battery manufacturer (git-fixes).\n- staging: vchiq_arm: Make vchiq_shutdown never fail (git-fixes).\n- struct cdc_ncm_ctx: move new member to end (git-fixes).\n- sunrpc: fix client side handling of tls alerts (git-fixes).\n- sunrpc: fix handling of server side tls alerts (git-fixes).\n- sunrpc: fix null pointer dereference on zero-length checksum (git-fixes).\n- sunvdc: Balance device refcount in vdc_port_mpgroup_check (git-fixes).\n- supported.conf: Mark ZL3073X modules supported\n- supported.conf: mark hyperv_drm as external\n- tcp: call tcp_measure_rcv_mss() for ooo packets (git-fixes).\n- tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650).\n- thermal/drivers/mediatek/lvts_thermal: Add lvts commands and their sizes to driver data (stable-fixes).\n- thermal/drivers/mediatek/lvts_thermal: Add mt7988 lvts commands (stable-fixes).\n- thermal/drivers/mediatek/lvts_thermal: Change lvts commands array to static const (stable-fixes).\n- thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required (stable-fixes).\n- thermal/drivers/qcom/lmh: Add missing IRQ includes (git-fixes).\n- thermal: sysfs: Return ENODATA instead of EAGAIN for reads (stable-fixes).\n- thunderbolt: Compare HMAC values in constant time (git-fixes).\n- thunderbolt: Fix copy+paste error in match_service_id() (git-fixes).\n- tools/power turbostat: Clustered Uncore MHz counters should honor show/hide options (stable-fixes).\n- tools/power turbostat: Fix bogus SysWatt for forked program (git-fixes).\n- tools/power turbostat: Fix build with musl (stable-fixes).\n- tools/power turbostat: Handle cap_get_proc() ENOSYS (stable-fixes).\n- tools/power turbostat: Handle non-root legacy-uncore sysfs permissions (stable-fixes).\n- tools/resolve_btfids: Fix build when cross compiling kernel with clang (git-fixes).\n- tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single (git-fixes).\n- trace/fgraph: Fix error handling (git-fixes).\n- trace/ring-buffer: Do not use TP_printk() formatting for boot mapped buffers (git-fixes).\n- tracepoint: Print the function symbol when tracepoint_debug is set (jsc#PED-13631).\n- tracing/kprobe: Make trace_kprobe\u0027s module callback called after jump_label update (git-fixes).\n- tracing/kprobes: Fix to free objects when failed to copy a symbol (git-fixes).\n- tracing: Correct the refcount if the hist/hist_debug file fails to open (git-fixes).\n- tracing: Fix filter string testing (git-fixes).\n- tracing: Fix using ret variable in tracing_set_tracer() (git-fixes).\n- tracing: Remove unneeded goto out logic (bsc#1249286).\n- tracing: Switch trace.c code over to use guard() (git-fixes).\n- tracing: Switch trace_events_hist.c code over to use guard() (git-fixes).\n- tracing: fprobe events: Fix possible UAF on modules (git-fixes).\n- tracing: tprobe-events: Fix leakage of module refcount (git-fixes).\n- tty: hvc_console: Call hvc_kick in hvc_write unconditionally (bsc#1230062).\n- tty: n_gsm: Do not block input queue by waiting MSC (git-fixes).\n- tty: serial: fix print format specifiers (stable-fixes).\n- ublk: sanity check add_dev input for underflow (git-fixes).\n- ublk: use vmalloc for ublk_device\u0027s __queues (git-fixes).\n- ucount: fix atomic_long_inc_below() argument type (git-fixes).\n- uio: uio_pdrv_genirq: Remove MODULE_DEVICE_TABLE (git-fixes).\n- usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() (git-fixes).\n- usb: cdns3: cdnsp-pci: remove redundant pci_disable_device() call (git-fixes).\n- usb: core: Add 0x prefix to quirks debug output (stable-fixes).\n- usb: core: config: Prevent OOB read in SS endpoint companion parsing (stable-fixes).\n- usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test (git-fixes).\n- usb: core: usb_submit_urb: downgrade type check (stable-fixes).\n- usb: dwc3: Ignore late xferNotReady event to prevent halt timeout (git-fixes).\n- usb: dwc3: Remove WARN_ON for device endpoint command timeouts (stable-fixes).\n- usb: dwc3: imx8mp: fix device leak at unbind (git-fixes).\n- usb: dwc3: meson-g12a: fix device leaks at unbind (git-fixes).\n- usb: dwc3: pci: add support for the Intel Wildcat Lake (stable-fixes).\n- usb: dwc3: qcom: Do not leave BCR asserted (git-fixes).\n- usb: early: xhci-dbc: Fix early_ioremap leak (git-fixes).\n- usb: gadget : fix use-after-free in composite_dev_cleanup() (git-fixes).\n- usb: gadget: configfs: Correctly set use_os_string at bind (git-fixes).\n- usb: gadget: midi2: Fix MIDI2 IN EP max packet size (git-fixes).\n- usb: gadget: midi2: Fix missing UMP group attributes initialization (git-fixes).\n- usb: gadget: udc: renesas_usb3: fix device leak at unbind (git-fixes).\n- usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup (git-fixes).\n- usb: host: xhci-plat: fix incorrect type for of_match variable in xhci_plat_probe() (git-fixes).\n- usb: misc: apple-mfi-fastcharge: Make power supply names unique (git-fixes).\n- usb: misc: qcom_eud: Access EUD_MODE_MANAGER2 through secure calls (git-fixes).\n- usb: musb: omap2430: fix device leak at unbind (git-fixes).\n- usb: phy: twl6030: Fix incorrect type for ret (git-fixes).\n- usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive (stable-fixes).\n- usb: renesas-xhci: Fix External ROM access timeouts (git-fixes).\n- usb: storage: realtek_cr: Use correct byte order for bcs-\u003eResidue (git-fixes).\n- usb: typec: fusb302: cache PD RX state (git-fixes).\n- usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn\u0027t present (stable-fixes).\n- usb: typec: maxim_contaminant: disable low power mode when reading comparator values (git-fixes).\n- usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean (git-fixes).\n- usb: typec: tcpm/tcpci_maxim: fix irq wake usage (stable-fixes).\n- usb: typec: tcpm: allow switching to mode accessory to mux properly (stable-fixes).\n- usb: typec: tcpm: allow to use sink in accessory mode (stable-fixes).\n- usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach (git-fixes).\n- usb: typec: tcpm: properly deliver cable vdms to altmode drivers (git-fixes).\n- usb: typec: tipd: Clear interrupts first (git-fixes).\n- usb: typec: ucsi: Update power_supply on power role change (git-fixes).\n- usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default (stable-fixes).\n- usb: typec: ucsi: yoga-c630: fix error and remove paths (git-fixes).\n- usb: vhci-hcd: Prevent suspending virtually attached devices (git-fixes).\n- usb: xhci: Avoid showing errors during surprise removal (stable-fixes).\n- usb: xhci: Avoid showing warnings for dying controller (stable-fixes).\n- usb: xhci: Fix slot_id resource race conflict (git-fixes).\n- usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command (stable-fixes).\n- usb: xhci: print xhci-\u003exhc_state when queue_command failed (stable-fixes).\n- use uniform permission checks for all mount propagation changes (git-fixes).\n- vdpa/mlx5: Fix needs_teardown flag calculation (git-fixes).\n- vdpa: Fix IDR memory leak in VDUSE module exit (git-fixes).\n- vhost-scsi: Fix log flooding with target does not exist errors (git-fixes).\n- vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() (git-fixes).\n- vhost/vsock: Avoid allocating arbitrarily-sized SKBs (git-fixes).\n- vhost: Fix ioctl # for VHOST_[GS]ET_FORK_FROM_OWNER (git-fixes).\n- vhost: Reintroduce kthread API and add mode selection (git-fixes).\n- vhost: fail early when __vhost_add_used() fails (git-fixes).\n- virtchnl2: add flow steering support (jsc#PED-13728).\n- virtchnl2: rename enum virtchnl2_cap_rss (jsc#PED-13728).\n- virtchnl: add PTP virtchnl definitions (jsc#PED-13728 jsc#PED-13762).\n- virtio_net: Enforce minimum TX ring size for reliability (git-fixes).\n- virtio_ring: Fix error reporting in virtqueue_resize (git-fixes).\n- vmci: Prevent the dispatching of uninitialized payloads (git-fixes).\n- vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page (git-fixes).\n- vsock/virtio: Validate length in packet header before skb_put() (git-fixes).\n- vt: defkeymap: Map keycodes above 127 to K_HOLE (git-fixes).\n- vt: keyboard: Do not process Unicode characters in K_OFF mode (git-fixes).\n- watchdog: dw_wdt: Fix default timeout (stable-fixes).\n- watchdog: iTCO_wdt: Report error if timeout configuration fails (stable-fixes).\n- watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog (git-fixes).\n- watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition (stable-fixes).\n- watchdog: ziirave_wdt: check record length in ziirave_firm_verify() (git-fixes).\n- wifi: ath10k: avoid unnecessary wait for service ready message (git-fixes).\n- wifi: ath10k: shutdown driver when hardware is unreliable (stable-fixes).\n- wifi: ath11k: HAL SRNG: do not deinitialize and re-initialize again (git-fixes).\n- wifi: ath11k: clear initialized flag for deinit-ed srng lists (git-fixes).\n- wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() (git-fixes).\n- wifi: ath11k: fix dest ring-buffer corruption (git-fixes).\n- wifi: ath11k: fix dest ring-buffer corruption when ring is full (git-fixes).\n- wifi: ath11k: fix group data packet drops during rekey (git-fixes).\n- wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() (git-fixes).\n- wifi: ath11k: fix source ring-buffer corruption (git-fixes).\n- wifi: ath11k: fix suspend use-after-free after probe failure (git-fixes).\n- wifi: ath12k: Add MODULE_FIRMWARE() entries (bsc#1250952).\n- wifi: ath12k: Add memset and update default rate value in wmi tx completion (stable-fixes).\n- wifi: ath12k: Correct tid cleanup when tid setup fails (stable-fixes).\n- wifi: ath12k: Decrement TID on RX peer frag setup error handling (stable-fixes).\n- wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0 (stable-fixes).\n- wifi: ath12k: Fix station association with MBSSID Non-TX BSS (stable-fixes).\n- wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() (git-fixes).\n- wifi: ath12k: fix dest ring-buffer corruption (git-fixes).\n- wifi: ath12k: fix dest ring-buffer corruption when ring is full (git-fixes).\n- wifi: ath12k: fix endianness handling while accessing wmi service bit (git-fixes).\n- wifi: ath12k: fix memory leak in ath12k_pci_remove() (stable-fixes).\n- wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event (git-fixes).\n- wifi: ath12k: fix source ring-buffer corruption (git-fixes).\n- wifi: ath12k: fix the fetching of combined rssi (git-fixes).\n- wifi: ath12k: fix wrong handling of CCMP256 and GCMP ciphers (git-fixes).\n- wifi: ath12k: fix wrong logging ID used for CE (git-fixes).\n- wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE (git-fixes).\n- wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work (git-fixes).\n- wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() (git-fixes).\n- wifi: cfg80211: Fix interface type validation (stable-fixes).\n- wifi: cfg80211: fix use-after-free in cmp_bss() (git-fixes).\n- wifi: cfg80211: reject HTC bit for management frames (stable-fixes).\n- wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() (git-fixes).\n- wifi: cw1200: cap SSID length in cw1200_do_join() (git-fixes).\n- wifi: iwlegacy: Check rate_idx range after addition (stable-fixes).\n- wifi: iwlwifi: Add missing firmware info for bz-b0-* models (bsc#1252084).\n- wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start() (git-fixes).\n- wifi: iwlwifi: Fix memory leak in iwl_mvm_init() (git-fixes).\n- wifi: iwlwifi: Remove redundant header files (git-fixes).\n- wifi: iwlwifi: config: unify fw/pnvm MODULE_FIRMWARE (bsc#1252084).\n- wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() (stable-fixes).\n- wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect (stable-fixes).\n- wifi: iwlwifi: mvm: avoid outdated reorder buffer head_sn (stable-fixes).\n- wifi: iwlwifi: mvm: fix scan request validation (stable-fixes).\n- wifi: iwlwifi: mvm: set gtk id also in older FWs (stable-fixes).\n- wifi: iwlwifi: return ERR_PTR from opmode start() (stable-fixes).\n- wifi: iwlwifi: uefi: check DSM item validity (git-fixes).\n- wifi: libertas: cap SSID len in lbs_associate() (git-fixes).\n- wifi: mac80211: Check 802.11 encaps offloading in ieee80211_tx_h_select_key() (git-fixes).\n- wifi: mac80211: Do not call fq_flow_idx() for management frames (git-fixes).\n- wifi: mac80211: Do not schedule stopped TXQs (git-fixes).\n- wifi: mac80211: Write cnt before copying in ieee80211_copy_rnr_beacon() (git-fixes).\n- wifi: mac80211: avoid weird state in error path (stable-fixes).\n- wifi: mac80211: do not complete management TX on SAE commit (stable-fixes).\n- wifi: mac80211: do not unreserve never reserved chanctx (stable-fixes).\n- wifi: mac80211: fix Rx packet handling when pubsta information is not available (git-fixes).\n- wifi: mac80211: fix incorrect type for ret (stable-fixes).\n- wifi: mac80211: fix rx link assignment for non-MLO stations (stable-fixes).\n- wifi: mac80211: increase scan_ies_len for S1G (stable-fixes).\n- wifi: mac80211: reject TDLS operations when station is not associated (git-fixes).\n- wifi: mac80211: update radar_required in channel context after channel switch (stable-fixes).\n- wifi: mt76: fix linked list corruption (git-fixes).\n- wifi: mt76: fix potential memory leak in mt76_wmac_probe() (git-fixes).\n- wifi: mt76: free pending offchannel tx frames on wcid cleanup (git-fixes).\n- wifi: mt76: mt7915: fix mt7981 pre-calibration (git-fixes).\n- wifi: mt76: mt7915: mcu: re-init MCU before loading FW patch (stable-fixes).\n- wifi: mt76: mt7925: adjust rm BSS flow to prevent next connection failure (git-fixes).\n- wifi: mt76: mt7925: fix locking in mt7925_change_vif_links() (git-fixes).\n- wifi: mt76: mt7925: fix the wrong bss cleanup for SAP (git-fixes).\n- wifi: mt76: mt7925u: use connac3 tx aggr check in tx complete (git-fixes).\n- wifi: mt76: mt7996: Convert mt7996_wed_rro_addr to LE (git-fixes).\n- wifi: mt76: mt7996: Fix RX packets configuration for primary WED device (git-fixes).\n- wifi: mt76: mt7996: Initialize hdr before passing to skb_put_data() (git-fixes).\n- wifi: mt76: prevent non-offchannel mgmt tx during scan/roc (git-fixes).\n- wifi: mwifiex: Initialize the chan_stats array to zero (git-fixes).\n- wifi: mwifiex: send world regulatory domain to driver (git-fixes).\n- wifi: nl80211: Set num_sub_specs before looping through sub_specs (git-fixes).\n- wifi: plfxlc: Fix error handling in usb driver probe (git-fixes).\n- wifi: rtl818x: Kill URBs before clearing tx status queue (git-fixes).\n- wifi: rtl8xxxu: Do not claim USB ID 07b8:8188 (stable-fixes).\n- wifi: rtl8xxxu: Fix RX skb size for aggregation disabled (git-fixes).\n- wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc() (stable-fixes).\n- wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()` (stable-fixes).\n- wifi: rtlwifi: rtl8192cu: Do not claim USB ID 07b8:8188 (stable-fixes).\n- wifi: rtw88: Fix macid assigned to TDLS station (git-fixes).\n- wifi: rtw89: Fix rtw89_mac_power_switch() for USB (stable-fixes).\n- wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB (stable-fixes).\n- wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band (git-fixes).\n- wifi: rtw89: avoid circular locking dependency in ser_state_run() (git-fixes).\n- wifi: rtw89: scan abort when assign/unassign_vif (stable-fixes).\n- wifi: rtw89: wow: Add Basic Rate IE to probe request in scheduled scan mode (stable-fixes).\n- wifi: virt_wifi: Fix page fault on connect (stable-fixes).\n- wifi: wilc1000: avoid buffer overflow in WID string configuration (stable-fixes).\n- writeback: Avoid contention on wb-\u003elist_lock when switching inodes (bsc#1237776).\n- writeback: Avoid contention on wb-\u003elist_lock when switching inodes (kABI fixup) (bsc#1237776).\n- writeback: Avoid excessively long inode switching times (bsc#1237776).\n- writeback: Avoid softlockup when switching many inodes (bsc#1237776).\n- x86/CPU/AMD: Add CPUID faulting support (jsc#PED-13704).\n- x86/Kconfig: Add arch attack vector support (git-fixes).\n- x86/Kconfig: Always enable ARCH_SPARSEMEM_ENABLE (git-fixes).\n- x86/boot: Sanitize boot params before parsing command line (git-fixes).\n- x86/bugs: Add SRSO_MITIGATION_NOSMT (git-fixes).\n- x86/bugs: Add attack vector controls for BHI (git-fixes).\n- x86/bugs: Add attack vector controls for GDS (git-fixes).\n- x86/bugs: Add attack vector controls for ITS (git-fixes).\n- x86/bugs: Add attack vector controls for L1TF (git-fixes).\n- x86/bugs: Add attack vector controls for MDS (git-fixes).\n- x86/bugs: Add attack vector controls for MMIO (git-fixes).\n- x86/bugs: Add attack vector controls for RFDS (git-fixes).\n- x86/bugs: Add attack vector controls for SRBDS (git-fixes).\n- x86/bugs: Add attack vector controls for SRSO (git-fixes).\n- x86/bugs: Add attack vector controls for SSB (git-fixes).\n- x86/bugs: Add attack vector controls for TAA (git-fixes).\n- x86/bugs: Add attack vector controls for TSA (git-fixes).\n- x86/bugs: Add attack vector controls for retbleed (git-fixes).\n- x86/bugs: Add attack vector controls for spectre_v1 (git-fixes).\n- x86/bugs: Add attack vector controls for spectre_v2 (git-fixes).\n- x86/bugs: Add attack vector controls for spectre_v2_user (git-fixes).\n- x86/bugs: Allow ITS stuffing in eIBRS+retpoline mode also (git-fixes).\n- x86/bugs: Avoid AUTO after the select step in the retbleed mitigation (git-fixes).\n- x86/bugs: Avoid warning when overriding return thunk (git-fixes).\n- x86/bugs: Clean up SRSO microcode handling (git-fixes).\n- x86/bugs: Define attack vectors relevant for each bug (git-fixes).\n- x86/bugs: Fix GDS mitigation selecting when mitigation is off (git-fixes).\n- x86/bugs: Introduce cdt_possible() (git-fixes).\n- x86/bugs: Print enabled attack vectors (git-fixes).\n- x86/bugs: Remove its=stuff dependency on retbleed (git-fixes).\n- x86/bugs: Select best SRSO mitigation (git-fixes).\n- x86/bugs: Simplify the retbleed=stuff checks (git-fixes).\n- x86/bugs: Use IBPB for retbleed if used by SRSO (git-fixes).\n- x86/bugs: Use switch/case in its_apply_mitigation() (git-fixes).\n- x86/cacheinfo: Properly parse CPUID(0x80000005) L1d/L1i associativity (git-fixes).\n- x86/cacheinfo: Properly parse CPUID(0x80000006) L2/L3 associativity (git-fixes).\n- x86/cpu: Sanitize CPUID(0x80000000) output (git-fixes).\n- x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 (git-fixes).\n- x86/fpu/xstate: Fix inconsistencies in guest FPU xfeatures (git-fixes).\n- x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct() (git-fixes).\n- x86/fpu: Delay instruction pointer fixup until after warning (git-fixes).\n- x86/fpu: Fix guest FPU state buffer allocation size (git-fixes).\n- x86/fpu: Fully optimize out WARN_ON_FPU() (git-fixes).\n- x86/fpu: Refactor xfeature bitmask update code for sigframe XSAVE (git-fixes).\n- x86/fred/signal: Prevent immediate repeat of single step trap on return from SIGTRAP handler (git-fixes).\n- x86/headers: Replace __ASSEMBLY__ with __ASSEMBLER__ in UAPI headers (git-fixes).\n- x86/locking: Use ALT_OUTPUT_SP() for percpu_{,try_}cmpxchg{64,128}_op() (git-fixes).\n- x86/mce/amd: Add default names for MCA banks and blocks (git-fixes).\n- x86/mce: Do not remove sysfs if thresholding sysfs init fails (git-fixes).\n- x86/mce: Ensure user polling settings are honored when restarting timer (git-fixes).\n- x86/mce: Make sure CMCI banks are cleared during shutdown on Intel (git-fixes).\n- x86/microcode/AMD: Handle the case of no BIOS microcode (git-fixes).\n- x86/microcode: Consolidate the loader enablement checking (git-fixes).\n- x86/microcode: Update the Intel processor flag scan check (git-fixes).\n- x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() (git-fixes).\n- x86/mm/pat: do not collapse pages without PSE set (git-fixes).\n- x86/nmi: Add an emergency handler in nmi_desc \u0026 use it in nmi_shootdown_cpus() (git-fixes).\n- x86/percpu: Disable named address spaces for UBSAN_BOOL with KASAN for GCC \u0026lt; 14.2 (git-fixes).\n- x86/pkeys: Simplify PKRU update in signal frame (git-fixes).\n- x86/platform/olpc: Remove unused variable \u0027len\u0027 in olpc_dt_compatible_match() (git-fixes).\n- x86/pti: Add attack vector controls for PTI (git-fixes).\n- x86/rdrand: Disable RDSEED on AMD Cyan Skillfish (git-fixes).\n- x86/smp: Allow calling mwait_play_dead with an arbitrary hint (jsc#PED-13815).\n- x86/smp: Fix mwait_play_dead() and acpi_processor_ffh_play_dead() noreturn behavior (jsc#PED-13815).\n- x86/smp: PM/hibernate: Split arch_resume_nosmt() (jsc#PED-13815).\n- x86/smpboot: Fix INIT delay assignment for extended Intel Families (git-fixes).\n- x86/topology: Implement topology_is_core_online() to address SMT regression (jsc#PED-13815).\n- x86/traps: Initialize DR6 by writing its architectural reset value (git-fixes).\n- xen/gntdev: remove struct gntdev_copy_batch from stack (git-fixes).\n- xen/netfront: Fix TX response spurious interrupts (git-fixes).\n- xen: fix UAF in dmabuf_exp_from_pages() (git-fixes).\n- xfrm: replay: Fix the update of replay_esn-\u003eoseq_hi for GSO (git-fixes).\n- xfs: change xfs_xattr_class from a TRACE_EVENT() to DECLARE_EVENT_CLASS() (git-fixes).\n- xfs: do not propagate ENODATA disk errors into xattr code (git-fixes).\n- xfs: fix scrub trace with null pointer in quotacheck (git-fixes).\n- xfs: only create event xfs_file_compat_ioctl when CONFIG_COMPAT is configure (git-fixes).\n- xfs: remove unused event xfs_alloc_near_error (git-fixes).\n- xfs: remove unused event xfs_alloc_near_nominleft (git-fixes).\n- xfs: remove unused event xfs_attr_node_removename (git-fixes).\n- xfs: remove unused event xfs_ioctl_clone (git-fixes).\n- xfs: remove unused event xfs_pagecache_inval (git-fixes).\n- xfs: remove unused event xlog_iclog_want_sync (git-fixes).\n- xfs: remove unused trace event xfs_attr_remove_iter_return (git-fixes).\n- xfs: remove unused trace event xfs_attr_rmtval_set (git-fixes).\n- xfs: remove unused trace event xfs_discard_rtrelax (git-fixes).\n- xfs: remove unused trace event xfs_log_cil_return (git-fixes).\n- xfs: remove unused trace event xfs_reflink_cow_enospc (git-fixes).\n- xfs: remove unused xfs_attr events (git-fixes).\n- xfs: remove unused xfs_reflink_compare_extents events (git-fixes).\n- xfs: remove usused xfs_end_io_direct events (git-fixes).\n- xhci: dbc: Fix full DbC transfer ring after several reconnects (git-fixes).\n- xhci: dbc: decouple endpoint allocation from initialization (git-fixes).\n- xhci: fix memory leak regression when freeing xhci vdev devices depth first (git-fixes).\n- xirc2ps_cs: fix register access when enabling FullDuplex (git-fixes).\n- zram: permit only one post-processing operation at a time (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-HA-16.0-50",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_21179-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:21179-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202521179-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:21179-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-December/023499.html"
},
{
"category": "self",
"summary": "SUSE Bug 1215199",
"url": "https://bugzilla.suse.com/1215199"
},
{
"category": "self",
"summary": "SUSE Bug 1218644",
"url": "https://bugzilla.suse.com/1218644"
},
{
"category": "self",
"summary": "SUSE Bug 1230062",
"url": "https://bugzilla.suse.com/1230062"
},
{
"category": "self",
"summary": "SUSE Bug 1234634",
"url": "https://bugzilla.suse.com/1234634"
},
{
"category": "self",
"summary": "SUSE Bug 1234693",
"url": "https://bugzilla.suse.com/1234693"
},
{
"category": "self",
"summary": "SUSE Bug 1234863",
"url": "https://bugzilla.suse.com/1234863"
},
{
"category": "self",
"summary": "SUSE Bug 1235953",
"url": "https://bugzilla.suse.com/1235953"
},
{
"category": "self",
"summary": "SUSE Bug 1236897",
"url": "https://bugzilla.suse.com/1236897"
},
{
"category": "self",
"summary": "SUSE Bug 1237108",
"url": "https://bugzilla.suse.com/1237108"
},
{
"category": "self",
"summary": "SUSE Bug 1237131",
"url": "https://bugzilla.suse.com/1237131"
},
{
"category": "self",
"summary": "SUSE Bug 1237542",
"url": "https://bugzilla.suse.com/1237542"
},
{
"category": "self",
"summary": "SUSE Bug 1237776",
"url": "https://bugzilla.suse.com/1237776"
},
{
"category": "self",
"summary": "SUSE Bug 1238972",
"url": "https://bugzilla.suse.com/1238972"
},
{
"category": "self",
"summary": "SUSE Bug 1239206",
"url": "https://bugzilla.suse.com/1239206"
},
{
"category": "self",
"summary": "SUSE Bug 1240324",
"url": "https://bugzilla.suse.com/1240324"
},
{
"category": "self",
"summary": "SUSE Bug 1240696",
"url": "https://bugzilla.suse.com/1240696"
},
{
"category": "self",
"summary": "SUSE Bug 1240966",
"url": "https://bugzilla.suse.com/1240966"
},
{
"category": "self",
"summary": "SUSE Bug 1240998",
"url": "https://bugzilla.suse.com/1240998"
},
{
"category": "self",
"summary": "SUSE Bug 1241166",
"url": "https://bugzilla.suse.com/1241166"
},
{
"category": "self",
"summary": "SUSE Bug 1241353",
"url": "https://bugzilla.suse.com/1241353"
},
{
"category": "self",
"summary": "SUSE Bug 1241403",
"url": "https://bugzilla.suse.com/1241403"
},
{
"category": "self",
"summary": "SUSE Bug 1241435",
"url": "https://bugzilla.suse.com/1241435"
},
{
"category": "self",
"summary": "SUSE Bug 1242034",
"url": "https://bugzilla.suse.com/1242034"
},
{
"category": "self",
"summary": "SUSE Bug 1242086",
"url": "https://bugzilla.suse.com/1242086"
},
{
"category": "self",
"summary": "SUSE Bug 1242414",
"url": "https://bugzilla.suse.com/1242414"
},
{
"category": "self",
"summary": "SUSE Bug 1242782",
"url": "https://bugzilla.suse.com/1242782"
},
{
"category": "self",
"summary": "SUSE Bug 1242864",
"url": "https://bugzilla.suse.com/1242864"
},
{
"category": "self",
"summary": "SUSE Bug 1242965",
"url": "https://bugzilla.suse.com/1242965"
},
{
"category": "self",
"summary": "SUSE Bug 1242995",
"url": "https://bugzilla.suse.com/1242995"
},
{
"category": "self",
"summary": "SUSE Bug 1243000",
"url": "https://bugzilla.suse.com/1243000"
},
{
"category": "self",
"summary": "SUSE Bug 1243055",
"url": "https://bugzilla.suse.com/1243055"
},
{
"category": "self",
"summary": "SUSE Bug 1243068",
"url": "https://bugzilla.suse.com/1243068"
},
{
"category": "self",
"summary": "SUSE Bug 1243100",
"url": "https://bugzilla.suse.com/1243100"
},
{
"category": "self",
"summary": "SUSE Bug 1243112",
"url": "https://bugzilla.suse.com/1243112"
},
{
"category": "self",
"summary": "SUSE Bug 1243774",
"url": "https://bugzilla.suse.com/1243774"
},
{
"category": "self",
"summary": "SUSE Bug 1244309",
"url": "https://bugzilla.suse.com/1244309"
},
{
"category": "self",
"summary": "SUSE Bug 1244723",
"url": "https://bugzilla.suse.com/1244723"
},
{
"category": "self",
"summary": "SUSE Bug 1244734",
"url": "https://bugzilla.suse.com/1244734"
},
{
"category": "self",
"summary": "SUSE Bug 1244749",
"url": "https://bugzilla.suse.com/1244749"
},
{
"category": "self",
"summary": "SUSE Bug 1244792",
"url": "https://bugzilla.suse.com/1244792"
},
{
"category": "self",
"summary": "SUSE Bug 1244812",
"url": "https://bugzilla.suse.com/1244812"
},
{
"category": "self",
"summary": "SUSE Bug 1244930",
"url": "https://bugzilla.suse.com/1244930"
},
{
"category": "self",
"summary": "SUSE Bug 1244939",
"url": "https://bugzilla.suse.com/1244939"
},
{
"category": "self",
"summary": "SUSE Bug 1245000",
"url": "https://bugzilla.suse.com/1245000"
},
{
"category": "self",
"summary": "SUSE Bug 1245151",
"url": "https://bugzilla.suse.com/1245151"
},
{
"category": "self",
"summary": "SUSE Bug 1245193",
"url": "https://bugzilla.suse.com/1245193"
},
{
"category": "self",
"summary": "SUSE Bug 1245206",
"url": "https://bugzilla.suse.com/1245206"
},
{
"category": "self",
"summary": "SUSE Bug 1245216",
"url": "https://bugzilla.suse.com/1245216"
},
{
"category": "self",
"summary": "SUSE Bug 1245260",
"url": "https://bugzilla.suse.com/1245260"
},
{
"category": "self",
"summary": "SUSE Bug 1245410",
"url": "https://bugzilla.suse.com/1245410"
},
{
"category": "self",
"summary": "SUSE Bug 1245457",
"url": "https://bugzilla.suse.com/1245457"
},
{
"category": "self",
"summary": "SUSE Bug 1245504",
"url": "https://bugzilla.suse.com/1245504"
},
{
"category": "self",
"summary": "SUSE Bug 1245506",
"url": "https://bugzilla.suse.com/1245506"
},
{
"category": "self",
"summary": "SUSE Bug 1245508",
"url": "https://bugzilla.suse.com/1245508"
},
{
"category": "self",
"summary": "SUSE Bug 1245510",
"url": "https://bugzilla.suse.com/1245510"
},
{
"category": "self",
"summary": "SUSE Bug 1245596",
"url": "https://bugzilla.suse.com/1245596"
},
{
"category": "self",
"summary": "SUSE Bug 1245621",
"url": "https://bugzilla.suse.com/1245621"
},
{
"category": "self",
"summary": "SUSE Bug 1245630",
"url": "https://bugzilla.suse.com/1245630"
},
{
"category": "self",
"summary": "SUSE Bug 1245654",
"url": "https://bugzilla.suse.com/1245654"
},
{
"category": "self",
"summary": "SUSE Bug 1245657",
"url": "https://bugzilla.suse.com/1245657"
},
{
"category": "self",
"summary": "SUSE Bug 1245658",
"url": "https://bugzilla.suse.com/1245658"
},
{
"category": "self",
"summary": "SUSE Bug 1245659",
"url": "https://bugzilla.suse.com/1245659"
},
{
"category": "self",
"summary": "SUSE Bug 1245663",
"url": "https://bugzilla.suse.com/1245663"
},
{
"category": "self",
"summary": "SUSE Bug 1245664",
"url": "https://bugzilla.suse.com/1245664"
},
{
"category": "self",
"summary": "SUSE Bug 1245665",
"url": "https://bugzilla.suse.com/1245665"
},
{
"category": "self",
"summary": "SUSE Bug 1245666",
"url": "https://bugzilla.suse.com/1245666"
},
{
"category": "self",
"summary": "SUSE Bug 1245668",
"url": "https://bugzilla.suse.com/1245668"
},
{
"category": "self",
"summary": "SUSE Bug 1245669",
"url": "https://bugzilla.suse.com/1245669"
},
{
"category": "self",
"summary": "SUSE Bug 1245670",
"url": "https://bugzilla.suse.com/1245670"
},
{
"category": "self",
"summary": "SUSE Bug 1245671",
"url": "https://bugzilla.suse.com/1245671"
},
{
"category": "self",
"summary": "SUSE Bug 1245675",
"url": "https://bugzilla.suse.com/1245675"
},
{
"category": "self",
"summary": "SUSE Bug 1245676",
"url": "https://bugzilla.suse.com/1245676"
},
{
"category": "self",
"summary": "SUSE Bug 1245678",
"url": "https://bugzilla.suse.com/1245678"
},
{
"category": "self",
"summary": "SUSE Bug 1245683",
"url": "https://bugzilla.suse.com/1245683"
},
{
"category": "self",
"summary": "SUSE Bug 1245684",
"url": "https://bugzilla.suse.com/1245684"
},
{
"category": "self",
"summary": "SUSE Bug 1245686",
"url": "https://bugzilla.suse.com/1245686"
},
{
"category": "self",
"summary": "SUSE Bug 1245688",
"url": "https://bugzilla.suse.com/1245688"
},
{
"category": "self",
"summary": "SUSE Bug 1245690",
"url": "https://bugzilla.suse.com/1245690"
},
{
"category": "self",
"summary": "SUSE Bug 1245691",
"url": "https://bugzilla.suse.com/1245691"
},
{
"category": "self",
"summary": "SUSE Bug 1245695",
"url": "https://bugzilla.suse.com/1245695"
},
{
"category": "self",
"summary": "SUSE Bug 1245700",
"url": "https://bugzilla.suse.com/1245700"
},
{
"category": "self",
"summary": "SUSE Bug 1245703",
"url": "https://bugzilla.suse.com/1245703"
},
{
"category": "self",
"summary": "SUSE Bug 1245705",
"url": "https://bugzilla.suse.com/1245705"
},
{
"category": "self",
"summary": "SUSE Bug 1245710",
"url": "https://bugzilla.suse.com/1245710"
},
{
"category": "self",
"summary": "SUSE Bug 1245711",
"url": "https://bugzilla.suse.com/1245711"
},
{
"category": "self",
"summary": "SUSE Bug 1245713",
"url": "https://bugzilla.suse.com/1245713"
},
{
"category": "self",
"summary": "SUSE Bug 1245714",
"url": "https://bugzilla.suse.com/1245714"
},
{
"category": "self",
"summary": "SUSE Bug 1245715",
"url": "https://bugzilla.suse.com/1245715"
},
{
"category": "self",
"summary": "SUSE Bug 1245717",
"url": "https://bugzilla.suse.com/1245717"
},
{
"category": "self",
"summary": "SUSE Bug 1245719",
"url": "https://bugzilla.suse.com/1245719"
},
{
"category": "self",
"summary": "SUSE Bug 1245721",
"url": "https://bugzilla.suse.com/1245721"
},
{
"category": "self",
"summary": "SUSE Bug 1245723",
"url": "https://bugzilla.suse.com/1245723"
},
{
"category": "self",
"summary": "SUSE Bug 1245726",
"url": "https://bugzilla.suse.com/1245726"
},
{
"category": "self",
"summary": "SUSE Bug 1245728",
"url": "https://bugzilla.suse.com/1245728"
},
{
"category": "self",
"summary": "SUSE Bug 1245729",
"url": "https://bugzilla.suse.com/1245729"
},
{
"category": "self",
"summary": "SUSE Bug 1245730",
"url": "https://bugzilla.suse.com/1245730"
},
{
"category": "self",
"summary": "SUSE Bug 1245731",
"url": "https://bugzilla.suse.com/1245731"
},
{
"category": "self",
"summary": "SUSE Bug 1245735",
"url": "https://bugzilla.suse.com/1245735"
},
{
"category": "self",
"summary": "SUSE Bug 1245737",
"url": "https://bugzilla.suse.com/1245737"
},
{
"category": "self",
"summary": "SUSE Bug 1245744",
"url": "https://bugzilla.suse.com/1245744"
},
{
"category": "self",
"summary": "SUSE Bug 1245745",
"url": "https://bugzilla.suse.com/1245745"
},
{
"category": "self",
"summary": "SUSE Bug 1245746",
"url": "https://bugzilla.suse.com/1245746"
},
{
"category": "self",
"summary": "SUSE Bug 1245747",
"url": "https://bugzilla.suse.com/1245747"
},
{
"category": "self",
"summary": "SUSE Bug 1245748",
"url": "https://bugzilla.suse.com/1245748"
},
{
"category": "self",
"summary": "SUSE Bug 1245749",
"url": "https://bugzilla.suse.com/1245749"
},
{
"category": "self",
"summary": "SUSE Bug 1245751",
"url": "https://bugzilla.suse.com/1245751"
},
{
"category": "self",
"summary": "SUSE Bug 1245757",
"url": "https://bugzilla.suse.com/1245757"
},
{
"category": "self",
"summary": "SUSE Bug 1245763",
"url": "https://bugzilla.suse.com/1245763"
},
{
"category": "self",
"summary": "SUSE Bug 1245765",
"url": "https://bugzilla.suse.com/1245765"
},
{
"category": "self",
"summary": "SUSE Bug 1245767",
"url": "https://bugzilla.suse.com/1245767"
},
{
"category": "self",
"summary": "SUSE Bug 1245769",
"url": "https://bugzilla.suse.com/1245769"
},
{
"category": "self",
"summary": "SUSE Bug 1245777",
"url": "https://bugzilla.suse.com/1245777"
},
{
"category": "self",
"summary": "SUSE Bug 1245780",
"url": "https://bugzilla.suse.com/1245780"
},
{
"category": "self",
"summary": "SUSE Bug 1245781",
"url": "https://bugzilla.suse.com/1245781"
},
{
"category": "self",
"summary": "SUSE Bug 1245784",
"url": "https://bugzilla.suse.com/1245784"
},
{
"category": "self",
"summary": "SUSE Bug 1245785",
"url": "https://bugzilla.suse.com/1245785"
},
{
"category": "self",
"summary": "SUSE Bug 1245787",
"url": "https://bugzilla.suse.com/1245787"
},
{
"category": "self",
"summary": "SUSE Bug 1245812",
"url": "https://bugzilla.suse.com/1245812"
},
{
"category": "self",
"summary": "SUSE Bug 1245814",
"url": "https://bugzilla.suse.com/1245814"
},
{
"category": "self",
"summary": "SUSE Bug 1245815",
"url": "https://bugzilla.suse.com/1245815"
},
{
"category": "self",
"summary": "SUSE Bug 1245937",
"url": "https://bugzilla.suse.com/1245937"
},
{
"category": "self",
"summary": "SUSE Bug 1245945",
"url": "https://bugzilla.suse.com/1245945"
},
{
"category": "self",
"summary": "SUSE Bug 1245952",
"url": "https://bugzilla.suse.com/1245952"
},
{
"category": "self",
"summary": "SUSE Bug 1245955",
"url": "https://bugzilla.suse.com/1245955"
},
{
"category": "self",
"summary": "SUSE Bug 1245956",
"url": "https://bugzilla.suse.com/1245956"
},
{
"category": "self",
"summary": "SUSE Bug 1245963",
"url": "https://bugzilla.suse.com/1245963"
},
{
"category": "self",
"summary": "SUSE Bug 1245966",
"url": "https://bugzilla.suse.com/1245966"
},
{
"category": "self",
"summary": "SUSE Bug 1245970",
"url": "https://bugzilla.suse.com/1245970"
},
{
"category": "self",
"summary": "SUSE Bug 1245973",
"url": "https://bugzilla.suse.com/1245973"
},
{
"category": "self",
"summary": "SUSE Bug 1245976",
"url": "https://bugzilla.suse.com/1245976"
},
{
"category": "self",
"summary": "SUSE Bug 1245977",
"url": "https://bugzilla.suse.com/1245977"
},
{
"category": "self",
"summary": "SUSE Bug 1245986",
"url": "https://bugzilla.suse.com/1245986"
},
{
"category": "self",
"summary": "SUSE Bug 1246000",
"url": "https://bugzilla.suse.com/1246000"
},
{
"category": "self",
"summary": "SUSE Bug 1246002",
"url": "https://bugzilla.suse.com/1246002"
},
{
"category": "self",
"summary": "SUSE Bug 1246005",
"url": "https://bugzilla.suse.com/1246005"
},
{
"category": "self",
"summary": "SUSE Bug 1246008",
"url": "https://bugzilla.suse.com/1246008"
},
{
"category": "self",
"summary": "SUSE Bug 1246012",
"url": "https://bugzilla.suse.com/1246012"
},
{
"category": "self",
"summary": "SUSE Bug 1246022",
"url": "https://bugzilla.suse.com/1246022"
},
{
"category": "self",
"summary": "SUSE Bug 1246023",
"url": "https://bugzilla.suse.com/1246023"
},
{
"category": "self",
"summary": "SUSE Bug 1246031",
"url": "https://bugzilla.suse.com/1246031"
},
{
"category": "self",
"summary": "SUSE Bug 1246034",
"url": "https://bugzilla.suse.com/1246034"
},
{
"category": "self",
"summary": "SUSE Bug 1246037",
"url": "https://bugzilla.suse.com/1246037"
},
{
"category": "self",
"summary": "SUSE Bug 1246041",
"url": "https://bugzilla.suse.com/1246041"
},
{
"category": "self",
"summary": "SUSE Bug 1246042",
"url": "https://bugzilla.suse.com/1246042"
},
{
"category": "self",
"summary": "SUSE Bug 1246047",
"url": "https://bugzilla.suse.com/1246047"
},
{
"category": "self",
"summary": "SUSE Bug 1246049",
"url": "https://bugzilla.suse.com/1246049"
},
{
"category": "self",
"summary": "SUSE Bug 1246050",
"url": "https://bugzilla.suse.com/1246050"
},
{
"category": "self",
"summary": "SUSE Bug 1246053",
"url": "https://bugzilla.suse.com/1246053"
},
{
"category": "self",
"summary": "SUSE Bug 1246054",
"url": "https://bugzilla.suse.com/1246054"
},
{
"category": "self",
"summary": "SUSE Bug 1246055",
"url": "https://bugzilla.suse.com/1246055"
},
{
"category": "self",
"summary": "SUSE Bug 1246057",
"url": "https://bugzilla.suse.com/1246057"
},
{
"category": "self",
"summary": "SUSE Bug 1246098",
"url": "https://bugzilla.suse.com/1246098"
},
{
"category": "self",
"summary": "SUSE Bug 1246109",
"url": "https://bugzilla.suse.com/1246109"
},
{
"category": "self",
"summary": "SUSE Bug 1246125",
"url": "https://bugzilla.suse.com/1246125"
},
{
"category": "self",
"summary": "SUSE Bug 1246166",
"url": "https://bugzilla.suse.com/1246166"
},
{
"category": "self",
"summary": "SUSE Bug 1246171",
"url": "https://bugzilla.suse.com/1246171"
},
{
"category": "self",
"summary": "SUSE Bug 1246176",
"url": "https://bugzilla.suse.com/1246176"
},
{
"category": "self",
"summary": "SUSE Bug 1246181",
"url": "https://bugzilla.suse.com/1246181"
},
{
"category": "self",
"summary": "SUSE Bug 1246183",
"url": "https://bugzilla.suse.com/1246183"
},
{
"category": "self",
"summary": "SUSE Bug 1246185",
"url": "https://bugzilla.suse.com/1246185"
},
{
"category": "self",
"summary": "SUSE Bug 1246186",
"url": "https://bugzilla.suse.com/1246186"
},
{
"category": "self",
"summary": "SUSE Bug 1246188",
"url": "https://bugzilla.suse.com/1246188"
},
{
"category": "self",
"summary": "SUSE Bug 1246190",
"url": "https://bugzilla.suse.com/1246190"
},
{
"category": "self",
"summary": "SUSE Bug 1246192",
"url": "https://bugzilla.suse.com/1246192"
},
{
"category": "self",
"summary": "SUSE Bug 1246193",
"url": "https://bugzilla.suse.com/1246193"
},
{
"category": "self",
"summary": "SUSE Bug 1246195",
"url": "https://bugzilla.suse.com/1246195"
},
{
"category": "self",
"summary": "SUSE Bug 1246220",
"url": "https://bugzilla.suse.com/1246220"
},
{
"category": "self",
"summary": "SUSE Bug 1246234",
"url": "https://bugzilla.suse.com/1246234"
},
{
"category": "self",
"summary": "SUSE Bug 1246236",
"url": "https://bugzilla.suse.com/1246236"
},
{
"category": "self",
"summary": "SUSE Bug 1246240",
"url": "https://bugzilla.suse.com/1246240"
},
{
"category": "self",
"summary": "SUSE Bug 1246243",
"url": "https://bugzilla.suse.com/1246243"
},
{
"category": "self",
"summary": "SUSE Bug 1246244",
"url": "https://bugzilla.suse.com/1246244"
},
{
"category": "self",
"summary": "SUSE Bug 1246245",
"url": "https://bugzilla.suse.com/1246245"
},
{
"category": "self",
"summary": "SUSE Bug 1246246",
"url": "https://bugzilla.suse.com/1246246"
},
{
"category": "self",
"summary": "SUSE Bug 1246248",
"url": "https://bugzilla.suse.com/1246248"
},
{
"category": "self",
"summary": "SUSE Bug 1246250",
"url": "https://bugzilla.suse.com/1246250"
},
{
"category": "self",
"summary": "SUSE Bug 1246252",
"url": "https://bugzilla.suse.com/1246252"
},
{
"category": "self",
"summary": "SUSE Bug 1246253",
"url": "https://bugzilla.suse.com/1246253"
},
{
"category": "self",
"summary": "SUSE Bug 1246255",
"url": "https://bugzilla.suse.com/1246255"
},
{
"category": "self",
"summary": "SUSE Bug 1246258",
"url": "https://bugzilla.suse.com/1246258"
},
{
"category": "self",
"summary": "SUSE Bug 1246259",
"url": "https://bugzilla.suse.com/1246259"
},
{
"category": "self",
"summary": "SUSE Bug 1246260",
"url": "https://bugzilla.suse.com/1246260"
},
{
"category": "self",
"summary": "SUSE Bug 1246262",
"url": "https://bugzilla.suse.com/1246262"
},
{
"category": "self",
"summary": "SUSE Bug 1246266",
"url": "https://bugzilla.suse.com/1246266"
},
{
"category": "self",
"summary": "SUSE Bug 1246268",
"url": "https://bugzilla.suse.com/1246268"
},
{
"category": "self",
"summary": "SUSE Bug 1246283",
"url": "https://bugzilla.suse.com/1246283"
},
{
"category": "self",
"summary": "SUSE Bug 1246285",
"url": "https://bugzilla.suse.com/1246285"
},
{
"category": "self",
"summary": "SUSE Bug 1246286",
"url": "https://bugzilla.suse.com/1246286"
},
{
"category": "self",
"summary": "SUSE Bug 1246287",
"url": "https://bugzilla.suse.com/1246287"
},
{
"category": "self",
"summary": "SUSE Bug 1246290",
"url": "https://bugzilla.suse.com/1246290"
},
{
"category": "self",
"summary": "SUSE Bug 1246292",
"url": "https://bugzilla.suse.com/1246292"
},
{
"category": "self",
"summary": "SUSE Bug 1246293",
"url": "https://bugzilla.suse.com/1246293"
},
{
"category": "self",
"summary": "SUSE Bug 1246295",
"url": "https://bugzilla.suse.com/1246295"
},
{
"category": "self",
"summary": "SUSE Bug 1246297",
"url": "https://bugzilla.suse.com/1246297"
},
{
"category": "self",
"summary": "SUSE Bug 1246333",
"url": "https://bugzilla.suse.com/1246333"
},
{
"category": "self",
"summary": "SUSE Bug 1246334",
"url": "https://bugzilla.suse.com/1246334"
},
{
"category": "self",
"summary": "SUSE Bug 1246337",
"url": "https://bugzilla.suse.com/1246337"
},
{
"category": "self",
"summary": "SUSE Bug 1246342",
"url": "https://bugzilla.suse.com/1246342"
},
{
"category": "self",
"summary": "SUSE Bug 1246349",
"url": "https://bugzilla.suse.com/1246349"
},
{
"category": "self",
"summary": "SUSE Bug 1246351",
"url": "https://bugzilla.suse.com/1246351"
},
{
"category": "self",
"summary": "SUSE Bug 1246353",
"url": "https://bugzilla.suse.com/1246353"
},
{
"category": "self",
"summary": "SUSE Bug 1246354",
"url": "https://bugzilla.suse.com/1246354"
},
{
"category": "self",
"summary": "SUSE Bug 1246358",
"url": "https://bugzilla.suse.com/1246358"
},
{
"category": "self",
"summary": "SUSE Bug 1246364",
"url": "https://bugzilla.suse.com/1246364"
},
{
"category": "self",
"summary": "SUSE Bug 1246366",
"url": "https://bugzilla.suse.com/1246366"
},
{
"category": "self",
"summary": "SUSE Bug 1246370",
"url": "https://bugzilla.suse.com/1246370"
},
{
"category": "self",
"summary": "SUSE Bug 1246375",
"url": "https://bugzilla.suse.com/1246375"
},
{
"category": "self",
"summary": "SUSE Bug 1246376",
"url": "https://bugzilla.suse.com/1246376"
},
{
"category": "self",
"summary": "SUSE Bug 1246385",
"url": "https://bugzilla.suse.com/1246385"
},
{
"category": "self",
"summary": "SUSE Bug 1246386",
"url": "https://bugzilla.suse.com/1246386"
},
{
"category": "self",
"summary": "SUSE Bug 1246387",
"url": "https://bugzilla.suse.com/1246387"
},
{
"category": "self",
"summary": "SUSE Bug 1246438",
"url": "https://bugzilla.suse.com/1246438"
},
{
"category": "self",
"summary": "SUSE Bug 1246443",
"url": "https://bugzilla.suse.com/1246443"
},
{
"category": "self",
"summary": "SUSE Bug 1246444",
"url": "https://bugzilla.suse.com/1246444"
},
{
"category": "self",
"summary": "SUSE Bug 1246447",
"url": "https://bugzilla.suse.com/1246447"
},
{
"category": "self",
"summary": "SUSE Bug 1246450",
"url": "https://bugzilla.suse.com/1246450"
},
{
"category": "self",
"summary": "SUSE Bug 1246453",
"url": "https://bugzilla.suse.com/1246453"
},
{
"category": "self",
"summary": "SUSE Bug 1246473",
"url": "https://bugzilla.suse.com/1246473"
},
{
"category": "self",
"summary": "SUSE Bug 1246490",
"url": "https://bugzilla.suse.com/1246490"
},
{
"category": "self",
"summary": "SUSE Bug 1246509",
"url": "https://bugzilla.suse.com/1246509"
},
{
"category": "self",
"summary": "SUSE Bug 1246547",
"url": "https://bugzilla.suse.com/1246547"
},
{
"category": "self",
"summary": "SUSE Bug 1246631",
"url": "https://bugzilla.suse.com/1246631"
},
{
"category": "self",
"summary": "SUSE Bug 1246651",
"url": "https://bugzilla.suse.com/1246651"
},
{
"category": "self",
"summary": "SUSE Bug 1246688",
"url": "https://bugzilla.suse.com/1246688"
},
{
"category": "self",
"summary": "SUSE Bug 1246777",
"url": "https://bugzilla.suse.com/1246777"
},
{
"category": "self",
"summary": "SUSE Bug 1246781",
"url": "https://bugzilla.suse.com/1246781"
},
{
"category": "self",
"summary": "SUSE Bug 1246782",
"url": "https://bugzilla.suse.com/1246782"
},
{
"category": "self",
"summary": "SUSE Bug 1246868",
"url": "https://bugzilla.suse.com/1246868"
},
{
"category": "self",
"summary": "SUSE Bug 1246896",
"url": "https://bugzilla.suse.com/1246896"
},
{
"category": "self",
"summary": "SUSE Bug 1246911",
"url": "https://bugzilla.suse.com/1246911"
},
{
"category": "self",
"summary": "SUSE Bug 1246979",
"url": "https://bugzilla.suse.com/1246979"
},
{
"category": "self",
"summary": "SUSE Bug 1247018",
"url": "https://bugzilla.suse.com/1247018"
},
{
"category": "self",
"summary": "SUSE Bug 1247020",
"url": "https://bugzilla.suse.com/1247020"
},
{
"category": "self",
"summary": "SUSE Bug 1247022",
"url": "https://bugzilla.suse.com/1247022"
},
{
"category": "self",
"summary": "SUSE Bug 1247023",
"url": "https://bugzilla.suse.com/1247023"
},
{
"category": "self",
"summary": "SUSE Bug 1247024",
"url": "https://bugzilla.suse.com/1247024"
},
{
"category": "self",
"summary": "SUSE Bug 1247027",
"url": "https://bugzilla.suse.com/1247027"
},
{
"category": "self",
"summary": "SUSE Bug 1247028",
"url": "https://bugzilla.suse.com/1247028"
},
{
"category": "self",
"summary": "SUSE Bug 1247031",
"url": "https://bugzilla.suse.com/1247031"
},
{
"category": "self",
"summary": "SUSE Bug 1247033",
"url": "https://bugzilla.suse.com/1247033"
},
{
"category": "self",
"summary": "SUSE Bug 1247035",
"url": "https://bugzilla.suse.com/1247035"
},
{
"category": "self",
"summary": "SUSE Bug 1247061",
"url": "https://bugzilla.suse.com/1247061"
},
{
"category": "self",
"summary": "SUSE Bug 1247062",
"url": "https://bugzilla.suse.com/1247062"
},
{
"category": "self",
"summary": "SUSE Bug 1247064",
"url": "https://bugzilla.suse.com/1247064"
},
{
"category": "self",
"summary": "SUSE Bug 1247076",
"url": "https://bugzilla.suse.com/1247076"
},
{
"category": "self",
"summary": "SUSE Bug 1247078",
"url": "https://bugzilla.suse.com/1247078"
},
{
"category": "self",
"summary": "SUSE Bug 1247079",
"url": "https://bugzilla.suse.com/1247079"
},
{
"category": "self",
"summary": "SUSE Bug 1247088",
"url": "https://bugzilla.suse.com/1247088"
},
{
"category": "self",
"summary": "SUSE Bug 1247089",
"url": "https://bugzilla.suse.com/1247089"
},
{
"category": "self",
"summary": "SUSE Bug 1247091",
"url": "https://bugzilla.suse.com/1247091"
},
{
"category": "self",
"summary": "SUSE Bug 1247097",
"url": "https://bugzilla.suse.com/1247097"
},
{
"category": "self",
"summary": "SUSE Bug 1247098",
"url": "https://bugzilla.suse.com/1247098"
},
{
"category": "self",
"summary": "SUSE Bug 1247099",
"url": "https://bugzilla.suse.com/1247099"
},
{
"category": "self",
"summary": "SUSE Bug 1247101",
"url": "https://bugzilla.suse.com/1247101"
},
{
"category": "self",
"summary": "SUSE Bug 1247102",
"url": "https://bugzilla.suse.com/1247102"
},
{
"category": "self",
"summary": "SUSE Bug 1247103",
"url": "https://bugzilla.suse.com/1247103"
},
{
"category": "self",
"summary": "SUSE Bug 1247104",
"url": "https://bugzilla.suse.com/1247104"
},
{
"category": "self",
"summary": "SUSE Bug 1247112",
"url": "https://bugzilla.suse.com/1247112"
},
{
"category": "self",
"summary": "SUSE Bug 1247113",
"url": "https://bugzilla.suse.com/1247113"
},
{
"category": "self",
"summary": "SUSE Bug 1247116",
"url": "https://bugzilla.suse.com/1247116"
},
{
"category": "self",
"summary": "SUSE Bug 1247118",
"url": "https://bugzilla.suse.com/1247118"
},
{
"category": "self",
"summary": "SUSE Bug 1247119",
"url": "https://bugzilla.suse.com/1247119"
},
{
"category": "self",
"summary": "SUSE Bug 1247123",
"url": "https://bugzilla.suse.com/1247123"
},
{
"category": "self",
"summary": "SUSE Bug 1247125",
"url": "https://bugzilla.suse.com/1247125"
},
{
"category": "self",
"summary": "SUSE Bug 1247126",
"url": "https://bugzilla.suse.com/1247126"
},
{
"category": "self",
"summary": "SUSE Bug 1247128",
"url": "https://bugzilla.suse.com/1247128"
},
{
"category": "self",
"summary": "SUSE Bug 1247130",
"url": "https://bugzilla.suse.com/1247130"
},
{
"category": "self",
"summary": "SUSE Bug 1247131",
"url": "https://bugzilla.suse.com/1247131"
},
{
"category": "self",
"summary": "SUSE Bug 1247132",
"url": "https://bugzilla.suse.com/1247132"
},
{
"category": "self",
"summary": "SUSE Bug 1247136",
"url": "https://bugzilla.suse.com/1247136"
},
{
"category": "self",
"summary": "SUSE Bug 1247137",
"url": "https://bugzilla.suse.com/1247137"
},
{
"category": "self",
"summary": "SUSE Bug 1247138",
"url": "https://bugzilla.suse.com/1247138"
},
{
"category": "self",
"summary": "SUSE Bug 1247141",
"url": "https://bugzilla.suse.com/1247141"
},
{
"category": "self",
"summary": "SUSE Bug 1247143",
"url": "https://bugzilla.suse.com/1247143"
},
{
"category": "self",
"summary": "SUSE Bug 1247145",
"url": "https://bugzilla.suse.com/1247145"
},
{
"category": "self",
"summary": "SUSE Bug 1247146",
"url": "https://bugzilla.suse.com/1247146"
},
{
"category": "self",
"summary": "SUSE Bug 1247147",
"url": "https://bugzilla.suse.com/1247147"
},
{
"category": "self",
"summary": "SUSE Bug 1247149",
"url": "https://bugzilla.suse.com/1247149"
},
{
"category": "self",
"summary": "SUSE Bug 1247150",
"url": "https://bugzilla.suse.com/1247150"
},
{
"category": "self",
"summary": "SUSE Bug 1247151",
"url": "https://bugzilla.suse.com/1247151"
},
{
"category": "self",
"summary": "SUSE Bug 1247152",
"url": "https://bugzilla.suse.com/1247152"
},
{
"category": "self",
"summary": "SUSE Bug 1247153",
"url": "https://bugzilla.suse.com/1247153"
},
{
"category": "self",
"summary": "SUSE Bug 1247154",
"url": "https://bugzilla.suse.com/1247154"
},
{
"category": "self",
"summary": "SUSE Bug 1247155",
"url": "https://bugzilla.suse.com/1247155"
},
{
"category": "self",
"summary": "SUSE Bug 1247156",
"url": "https://bugzilla.suse.com/1247156"
},
{
"category": "self",
"summary": "SUSE Bug 1247157",
"url": "https://bugzilla.suse.com/1247157"
},
{
"category": "self",
"summary": "SUSE Bug 1247160",
"url": "https://bugzilla.suse.com/1247160"
},
{
"category": "self",
"summary": "SUSE Bug 1247162",
"url": "https://bugzilla.suse.com/1247162"
},
{
"category": "self",
"summary": "SUSE Bug 1247163",
"url": "https://bugzilla.suse.com/1247163"
},
{
"category": "self",
"summary": "SUSE Bug 1247164",
"url": "https://bugzilla.suse.com/1247164"
},
{
"category": "self",
"summary": "SUSE Bug 1247167",
"url": "https://bugzilla.suse.com/1247167"
},
{
"category": "self",
"summary": "SUSE Bug 1247169",
"url": "https://bugzilla.suse.com/1247169"
},
{
"category": "self",
"summary": "SUSE Bug 1247170",
"url": "https://bugzilla.suse.com/1247170"
},
{
"category": "self",
"summary": "SUSE Bug 1247171",
"url": "https://bugzilla.suse.com/1247171"
},
{
"category": "self",
"summary": "SUSE Bug 1247174",
"url": "https://bugzilla.suse.com/1247174"
},
{
"category": "self",
"summary": "SUSE Bug 1247176",
"url": "https://bugzilla.suse.com/1247176"
},
{
"category": "self",
"summary": "SUSE Bug 1247177",
"url": "https://bugzilla.suse.com/1247177"
},
{
"category": "self",
"summary": "SUSE Bug 1247178",
"url": "https://bugzilla.suse.com/1247178"
},
{
"category": "self",
"summary": "SUSE Bug 1247181",
"url": "https://bugzilla.suse.com/1247181"
},
{
"category": "self",
"summary": "SUSE Bug 1247209",
"url": "https://bugzilla.suse.com/1247209"
},
{
"category": "self",
"summary": "SUSE Bug 1247210",
"url": "https://bugzilla.suse.com/1247210"
},
{
"category": "self",
"summary": "SUSE Bug 1247220",
"url": "https://bugzilla.suse.com/1247220"
},
{
"category": "self",
"summary": "SUSE Bug 1247223",
"url": "https://bugzilla.suse.com/1247223"
},
{
"category": "self",
"summary": "SUSE Bug 1247227",
"url": "https://bugzilla.suse.com/1247227"
},
{
"category": "self",
"summary": "SUSE Bug 1247229",
"url": "https://bugzilla.suse.com/1247229"
},
{
"category": "self",
"summary": "SUSE Bug 1247231",
"url": "https://bugzilla.suse.com/1247231"
},
{
"category": "self",
"summary": "SUSE Bug 1247233",
"url": "https://bugzilla.suse.com/1247233"
},
{
"category": "self",
"summary": "SUSE Bug 1247234",
"url": "https://bugzilla.suse.com/1247234"
},
{
"category": "self",
"summary": "SUSE Bug 1247235",
"url": "https://bugzilla.suse.com/1247235"
},
{
"category": "self",
"summary": "SUSE Bug 1247236",
"url": "https://bugzilla.suse.com/1247236"
},
{
"category": "self",
"summary": "SUSE Bug 1247238",
"url": "https://bugzilla.suse.com/1247238"
},
{
"category": "self",
"summary": "SUSE Bug 1247239",
"url": "https://bugzilla.suse.com/1247239"
},
{
"category": "self",
"summary": "SUSE Bug 1247241",
"url": "https://bugzilla.suse.com/1247241"
},
{
"category": "self",
"summary": "SUSE Bug 1247243",
"url": "https://bugzilla.suse.com/1247243"
},
{
"category": "self",
"summary": "SUSE Bug 1247250",
"url": "https://bugzilla.suse.com/1247250"
},
{
"category": "self",
"summary": "SUSE Bug 1247251",
"url": "https://bugzilla.suse.com/1247251"
},
{
"category": "self",
"summary": "SUSE Bug 1247252",
"url": "https://bugzilla.suse.com/1247252"
},
{
"category": "self",
"summary": "SUSE Bug 1247253",
"url": "https://bugzilla.suse.com/1247253"
},
{
"category": "self",
"summary": "SUSE Bug 1247255",
"url": "https://bugzilla.suse.com/1247255"
},
{
"category": "self",
"summary": "SUSE Bug 1247262",
"url": "https://bugzilla.suse.com/1247262"
},
{
"category": "self",
"summary": "SUSE Bug 1247265",
"url": "https://bugzilla.suse.com/1247265"
},
{
"category": "self",
"summary": "SUSE Bug 1247270",
"url": "https://bugzilla.suse.com/1247270"
},
{
"category": "self",
"summary": "SUSE Bug 1247271",
"url": "https://bugzilla.suse.com/1247271"
},
{
"category": "self",
"summary": "SUSE Bug 1247273",
"url": "https://bugzilla.suse.com/1247273"
},
{
"category": "self",
"summary": "SUSE Bug 1247274",
"url": "https://bugzilla.suse.com/1247274"
},
{
"category": "self",
"summary": "SUSE Bug 1247276",
"url": "https://bugzilla.suse.com/1247276"
},
{
"category": "self",
"summary": "SUSE Bug 1247277",
"url": "https://bugzilla.suse.com/1247277"
},
{
"category": "self",
"summary": "SUSE Bug 1247278",
"url": "https://bugzilla.suse.com/1247278"
},
{
"category": "self",
"summary": "SUSE Bug 1247279",
"url": "https://bugzilla.suse.com/1247279"
},
{
"category": "self",
"summary": "SUSE Bug 1247280",
"url": "https://bugzilla.suse.com/1247280"
},
{
"category": "self",
"summary": "SUSE Bug 1247282",
"url": "https://bugzilla.suse.com/1247282"
},
{
"category": "self",
"summary": "SUSE Bug 1247283",
"url": "https://bugzilla.suse.com/1247283"
},
{
"category": "self",
"summary": "SUSE Bug 1247284",
"url": "https://bugzilla.suse.com/1247284"
},
{
"category": "self",
"summary": "SUSE Bug 1247285",
"url": "https://bugzilla.suse.com/1247285"
},
{
"category": "self",
"summary": "SUSE Bug 1247288",
"url": "https://bugzilla.suse.com/1247288"
},
{
"category": "self",
"summary": "SUSE Bug 1247289",
"url": "https://bugzilla.suse.com/1247289"
},
{
"category": "self",
"summary": "SUSE Bug 1247290",
"url": "https://bugzilla.suse.com/1247290"
},
{
"category": "self",
"summary": "SUSE Bug 1247293",
"url": "https://bugzilla.suse.com/1247293"
},
{
"category": "self",
"summary": "SUSE Bug 1247308",
"url": "https://bugzilla.suse.com/1247308"
},
{
"category": "self",
"summary": "SUSE Bug 1247311",
"url": "https://bugzilla.suse.com/1247311"
},
{
"category": "self",
"summary": "SUSE Bug 1247313",
"url": "https://bugzilla.suse.com/1247313"
},
{
"category": "self",
"summary": "SUSE Bug 1247314",
"url": "https://bugzilla.suse.com/1247314"
},
{
"category": "self",
"summary": "SUSE Bug 1247317",
"url": "https://bugzilla.suse.com/1247317"
},
{
"category": "self",
"summary": "SUSE Bug 1247325",
"url": "https://bugzilla.suse.com/1247325"
},
{
"category": "self",
"summary": "SUSE Bug 1247347",
"url": "https://bugzilla.suse.com/1247347"
},
{
"category": "self",
"summary": "SUSE Bug 1247348",
"url": "https://bugzilla.suse.com/1247348"
},
{
"category": "self",
"summary": "SUSE Bug 1247349",
"url": "https://bugzilla.suse.com/1247349"
},
{
"category": "self",
"summary": "SUSE Bug 1247366",
"url": "https://bugzilla.suse.com/1247366"
},
{
"category": "self",
"summary": "SUSE Bug 1247372",
"url": "https://bugzilla.suse.com/1247372"
},
{
"category": "self",
"summary": "SUSE Bug 1247376",
"url": "https://bugzilla.suse.com/1247376"
},
{
"category": "self",
"summary": "SUSE Bug 1247426",
"url": "https://bugzilla.suse.com/1247426"
},
{
"category": "self",
"summary": "SUSE Bug 1247437",
"url": "https://bugzilla.suse.com/1247437"
},
{
"category": "self",
"summary": "SUSE Bug 1247442",
"url": "https://bugzilla.suse.com/1247442"
},
{
"category": "self",
"summary": "SUSE Bug 1247483",
"url": "https://bugzilla.suse.com/1247483"
},
{
"category": "self",
"summary": "SUSE Bug 1247500",
"url": "https://bugzilla.suse.com/1247500"
},
{
"category": "self",
"summary": "SUSE Bug 1247712",
"url": "https://bugzilla.suse.com/1247712"
},
{
"category": "self",
"summary": "SUSE Bug 1247837",
"url": "https://bugzilla.suse.com/1247837"
},
{
"category": "self",
"summary": "SUSE Bug 1247838",
"url": "https://bugzilla.suse.com/1247838"
},
{
"category": "self",
"summary": "SUSE Bug 1247935",
"url": "https://bugzilla.suse.com/1247935"
},
{
"category": "self",
"summary": "SUSE Bug 1247936",
"url": "https://bugzilla.suse.com/1247936"
},
{
"category": "self",
"summary": "SUSE Bug 1247949",
"url": "https://bugzilla.suse.com/1247949"
},
{
"category": "self",
"summary": "SUSE Bug 1247950",
"url": "https://bugzilla.suse.com/1247950"
},
{
"category": "self",
"summary": "SUSE Bug 1247963",
"url": "https://bugzilla.suse.com/1247963"
},
{
"category": "self",
"summary": "SUSE Bug 1247976",
"url": "https://bugzilla.suse.com/1247976"
},
{
"category": "self",
"summary": "SUSE Bug 1248088",
"url": "https://bugzilla.suse.com/1248088"
},
{
"category": "self",
"summary": "SUSE Bug 1248111",
"url": "https://bugzilla.suse.com/1248111"
},
{
"category": "self",
"summary": "SUSE Bug 1248121",
"url": "https://bugzilla.suse.com/1248121"
},
{
"category": "self",
"summary": "SUSE Bug 1248183",
"url": "https://bugzilla.suse.com/1248183"
},
{
"category": "self",
"summary": "SUSE Bug 1248186",
"url": "https://bugzilla.suse.com/1248186"
},
{
"category": "self",
"summary": "SUSE Bug 1248190",
"url": "https://bugzilla.suse.com/1248190"
},
{
"category": "self",
"summary": "SUSE Bug 1248192",
"url": "https://bugzilla.suse.com/1248192"
},
{
"category": "self",
"summary": "SUSE Bug 1248194",
"url": "https://bugzilla.suse.com/1248194"
},
{
"category": "self",
"summary": "SUSE Bug 1248198",
"url": "https://bugzilla.suse.com/1248198"
},
{
"category": "self",
"summary": "SUSE Bug 1248199",
"url": "https://bugzilla.suse.com/1248199"
},
{
"category": "self",
"summary": "SUSE Bug 1248200",
"url": "https://bugzilla.suse.com/1248200"
},
{
"category": "self",
"summary": "SUSE Bug 1248202",
"url": "https://bugzilla.suse.com/1248202"
},
{
"category": "self",
"summary": "SUSE Bug 1248205",
"url": "https://bugzilla.suse.com/1248205"
},
{
"category": "self",
"summary": "SUSE Bug 1248211",
"url": "https://bugzilla.suse.com/1248211"
},
{
"category": "self",
"summary": "SUSE Bug 1248223",
"url": "https://bugzilla.suse.com/1248223"
},
{
"category": "self",
"summary": "SUSE Bug 1248224",
"url": "https://bugzilla.suse.com/1248224"
},
{
"category": "self",
"summary": "SUSE Bug 1248225",
"url": "https://bugzilla.suse.com/1248225"
},
{
"category": "self",
"summary": "SUSE Bug 1248230",
"url": "https://bugzilla.suse.com/1248230"
},
{
"category": "self",
"summary": "SUSE Bug 1248235",
"url": "https://bugzilla.suse.com/1248235"
},
{
"category": "self",
"summary": "SUSE Bug 1248255",
"url": "https://bugzilla.suse.com/1248255"
},
{
"category": "self",
"summary": "SUSE Bug 1248296",
"url": "https://bugzilla.suse.com/1248296"
},
{
"category": "self",
"summary": "SUSE Bug 1248297",
"url": "https://bugzilla.suse.com/1248297"
},
{
"category": "self",
"summary": "SUSE Bug 1248299",
"url": "https://bugzilla.suse.com/1248299"
},
{
"category": "self",
"summary": "SUSE Bug 1248302",
"url": "https://bugzilla.suse.com/1248302"
},
{
"category": "self",
"summary": "SUSE Bug 1248304",
"url": "https://bugzilla.suse.com/1248304"
},
{
"category": "self",
"summary": "SUSE Bug 1248306",
"url": "https://bugzilla.suse.com/1248306"
},
{
"category": "self",
"summary": "SUSE Bug 1248312",
"url": "https://bugzilla.suse.com/1248312"
},
{
"category": "self",
"summary": "SUSE Bug 1248333",
"url": "https://bugzilla.suse.com/1248333"
},
{
"category": "self",
"summary": "SUSE Bug 1248334",
"url": "https://bugzilla.suse.com/1248334"
},
{
"category": "self",
"summary": "SUSE Bug 1248337",
"url": "https://bugzilla.suse.com/1248337"
},
{
"category": "self",
"summary": "SUSE Bug 1248338",
"url": "https://bugzilla.suse.com/1248338"
},
{
"category": "self",
"summary": "SUSE Bug 1248340",
"url": "https://bugzilla.suse.com/1248340"
},
{
"category": "self",
"summary": "SUSE Bug 1248341",
"url": "https://bugzilla.suse.com/1248341"
},
{
"category": "self",
"summary": "SUSE Bug 1248343",
"url": "https://bugzilla.suse.com/1248343"
},
{
"category": "self",
"summary": "SUSE Bug 1248345",
"url": "https://bugzilla.suse.com/1248345"
},
{
"category": "self",
"summary": "SUSE Bug 1248349",
"url": "https://bugzilla.suse.com/1248349"
},
{
"category": "self",
"summary": "SUSE Bug 1248350",
"url": "https://bugzilla.suse.com/1248350"
},
{
"category": "self",
"summary": "SUSE Bug 1248354",
"url": "https://bugzilla.suse.com/1248354"
},
{
"category": "self",
"summary": "SUSE Bug 1248355",
"url": "https://bugzilla.suse.com/1248355"
},
{
"category": "self",
"summary": "SUSE Bug 1248357",
"url": "https://bugzilla.suse.com/1248357"
},
{
"category": "self",
"summary": "SUSE Bug 1248359",
"url": "https://bugzilla.suse.com/1248359"
},
{
"category": "self",
"summary": "SUSE Bug 1248361",
"url": "https://bugzilla.suse.com/1248361"
},
{
"category": "self",
"summary": "SUSE Bug 1248363",
"url": "https://bugzilla.suse.com/1248363"
},
{
"category": "self",
"summary": "SUSE Bug 1248365",
"url": "https://bugzilla.suse.com/1248365"
},
{
"category": "self",
"summary": "SUSE Bug 1248367",
"url": "https://bugzilla.suse.com/1248367"
},
{
"category": "self",
"summary": "SUSE Bug 1248368",
"url": "https://bugzilla.suse.com/1248368"
},
{
"category": "self",
"summary": "SUSE Bug 1248374",
"url": "https://bugzilla.suse.com/1248374"
},
{
"category": "self",
"summary": "SUSE Bug 1248377",
"url": "https://bugzilla.suse.com/1248377"
},
{
"category": "self",
"summary": "SUSE Bug 1248378",
"url": "https://bugzilla.suse.com/1248378"
},
{
"category": "self",
"summary": "SUSE Bug 1248380",
"url": "https://bugzilla.suse.com/1248380"
},
{
"category": "self",
"summary": "SUSE Bug 1248386",
"url": "https://bugzilla.suse.com/1248386"
},
{
"category": "self",
"summary": "SUSE Bug 1248390",
"url": "https://bugzilla.suse.com/1248390"
},
{
"category": "self",
"summary": "SUSE Bug 1248392",
"url": "https://bugzilla.suse.com/1248392"
},
{
"category": "self",
"summary": "SUSE Bug 1248395",
"url": "https://bugzilla.suse.com/1248395"
},
{
"category": "self",
"summary": "SUSE Bug 1248396",
"url": "https://bugzilla.suse.com/1248396"
},
{
"category": "self",
"summary": "SUSE Bug 1248399",
"url": "https://bugzilla.suse.com/1248399"
},
{
"category": "self",
"summary": "SUSE Bug 1248401",
"url": "https://bugzilla.suse.com/1248401"
},
{
"category": "self",
"summary": "SUSE Bug 1248511",
"url": "https://bugzilla.suse.com/1248511"
},
{
"category": "self",
"summary": "SUSE Bug 1248512",
"url": "https://bugzilla.suse.com/1248512"
},
{
"category": "self",
"summary": "SUSE Bug 1248573",
"url": "https://bugzilla.suse.com/1248573"
},
{
"category": "self",
"summary": "SUSE Bug 1248575",
"url": "https://bugzilla.suse.com/1248575"
},
{
"category": "self",
"summary": "SUSE Bug 1248577",
"url": "https://bugzilla.suse.com/1248577"
},
{
"category": "self",
"summary": "SUSE Bug 1248609",
"url": "https://bugzilla.suse.com/1248609"
},
{
"category": "self",
"summary": "SUSE Bug 1248610",
"url": "https://bugzilla.suse.com/1248610"
},
{
"category": "self",
"summary": "SUSE Bug 1248616",
"url": "https://bugzilla.suse.com/1248616"
},
{
"category": "self",
"summary": "SUSE Bug 1248617",
"url": "https://bugzilla.suse.com/1248617"
},
{
"category": "self",
"summary": "SUSE Bug 1248619",
"url": "https://bugzilla.suse.com/1248619"
},
{
"category": "self",
"summary": "SUSE Bug 1248621",
"url": "https://bugzilla.suse.com/1248621"
},
{
"category": "self",
"summary": "SUSE Bug 1248622",
"url": "https://bugzilla.suse.com/1248622"
},
{
"category": "self",
"summary": "SUSE Bug 1248624",
"url": "https://bugzilla.suse.com/1248624"
},
{
"category": "self",
"summary": "SUSE Bug 1248627",
"url": "https://bugzilla.suse.com/1248627"
},
{
"category": "self",
"summary": "SUSE Bug 1248628",
"url": "https://bugzilla.suse.com/1248628"
},
{
"category": "self",
"summary": "SUSE Bug 1248634",
"url": "https://bugzilla.suse.com/1248634"
},
{
"category": "self",
"summary": "SUSE Bug 1248635",
"url": "https://bugzilla.suse.com/1248635"
},
{
"category": "self",
"summary": "SUSE Bug 1248639",
"url": "https://bugzilla.suse.com/1248639"
},
{
"category": "self",
"summary": "SUSE Bug 1248643",
"url": "https://bugzilla.suse.com/1248643"
},
{
"category": "self",
"summary": "SUSE Bug 1248647",
"url": "https://bugzilla.suse.com/1248647"
},
{
"category": "self",
"summary": "SUSE Bug 1248648",
"url": "https://bugzilla.suse.com/1248648"
},
{
"category": "self",
"summary": "SUSE Bug 1248652",
"url": "https://bugzilla.suse.com/1248652"
},
{
"category": "self",
"summary": "SUSE Bug 1248655",
"url": "https://bugzilla.suse.com/1248655"
},
{
"category": "self",
"summary": "SUSE Bug 1248662",
"url": "https://bugzilla.suse.com/1248662"
},
{
"category": "self",
"summary": "SUSE Bug 1248664",
"url": "https://bugzilla.suse.com/1248664"
},
{
"category": "self",
"summary": "SUSE Bug 1248666",
"url": "https://bugzilla.suse.com/1248666"
},
{
"category": "self",
"summary": "SUSE Bug 1248669",
"url": "https://bugzilla.suse.com/1248669"
},
{
"category": "self",
"summary": "SUSE Bug 1248674",
"url": "https://bugzilla.suse.com/1248674"
},
{
"category": "self",
"summary": "SUSE Bug 1248681",
"url": "https://bugzilla.suse.com/1248681"
},
{
"category": "self",
"summary": "SUSE Bug 1248727",
"url": "https://bugzilla.suse.com/1248727"
},
{
"category": "self",
"summary": "SUSE Bug 1248728",
"url": "https://bugzilla.suse.com/1248728"
},
{
"category": "self",
"summary": "SUSE Bug 1248748",
"url": "https://bugzilla.suse.com/1248748"
},
{
"category": "self",
"summary": "SUSE Bug 1248754",
"url": "https://bugzilla.suse.com/1248754"
},
{
"category": "self",
"summary": "SUSE Bug 1248775",
"url": "https://bugzilla.suse.com/1248775"
},
{
"category": "self",
"summary": "SUSE Bug 1249022",
"url": "https://bugzilla.suse.com/1249022"
},
{
"category": "self",
"summary": "SUSE Bug 1249038",
"url": "https://bugzilla.suse.com/1249038"
},
{
"category": "self",
"summary": "SUSE Bug 1249060",
"url": "https://bugzilla.suse.com/1249060"
},
{
"category": "self",
"summary": "SUSE Bug 1249061",
"url": "https://bugzilla.suse.com/1249061"
},
{
"category": "self",
"summary": "SUSE Bug 1249062",
"url": "https://bugzilla.suse.com/1249062"
},
{
"category": "self",
"summary": "SUSE Bug 1249064",
"url": "https://bugzilla.suse.com/1249064"
},
{
"category": "self",
"summary": "SUSE Bug 1249065",
"url": "https://bugzilla.suse.com/1249065"
},
{
"category": "self",
"summary": "SUSE Bug 1249066",
"url": "https://bugzilla.suse.com/1249066"
},
{
"category": "self",
"summary": "SUSE Bug 1249126",
"url": "https://bugzilla.suse.com/1249126"
},
{
"category": "self",
"summary": "SUSE Bug 1249143",
"url": "https://bugzilla.suse.com/1249143"
},
{
"category": "self",
"summary": "SUSE Bug 1249156",
"url": "https://bugzilla.suse.com/1249156"
},
{
"category": "self",
"summary": "SUSE Bug 1249159",
"url": "https://bugzilla.suse.com/1249159"
},
{
"category": "self",
"summary": "SUSE Bug 1249160",
"url": "https://bugzilla.suse.com/1249160"
},
{
"category": "self",
"summary": "SUSE Bug 1249163",
"url": "https://bugzilla.suse.com/1249163"
},
{
"category": "self",
"summary": "SUSE Bug 1249164",
"url": "https://bugzilla.suse.com/1249164"
},
{
"category": "self",
"summary": "SUSE Bug 1249166",
"url": "https://bugzilla.suse.com/1249166"
},
{
"category": "self",
"summary": "SUSE Bug 1249167",
"url": "https://bugzilla.suse.com/1249167"
},
{
"category": "self",
"summary": "SUSE Bug 1249169",
"url": "https://bugzilla.suse.com/1249169"
},
{
"category": "self",
"summary": "SUSE Bug 1249170",
"url": "https://bugzilla.suse.com/1249170"
},
{
"category": "self",
"summary": "SUSE Bug 1249172",
"url": "https://bugzilla.suse.com/1249172"
},
{
"category": "self",
"summary": "SUSE Bug 1249176",
"url": "https://bugzilla.suse.com/1249176"
},
{
"category": "self",
"summary": "SUSE Bug 1249177",
"url": "https://bugzilla.suse.com/1249177"
},
{
"category": "self",
"summary": "SUSE Bug 1249182",
"url": "https://bugzilla.suse.com/1249182"
},
{
"category": "self",
"summary": "SUSE Bug 1249186",
"url": "https://bugzilla.suse.com/1249186"
},
{
"category": "self",
"summary": "SUSE Bug 1249190",
"url": "https://bugzilla.suse.com/1249190"
},
{
"category": "self",
"summary": "SUSE Bug 1249193",
"url": "https://bugzilla.suse.com/1249193"
},
{
"category": "self",
"summary": "SUSE Bug 1249195",
"url": "https://bugzilla.suse.com/1249195"
},
{
"category": "self",
"summary": "SUSE Bug 1249199",
"url": "https://bugzilla.suse.com/1249199"
},
{
"category": "self",
"summary": "SUSE Bug 1249201",
"url": "https://bugzilla.suse.com/1249201"
},
{
"category": "self",
"summary": "SUSE Bug 1249202",
"url": "https://bugzilla.suse.com/1249202"
},
{
"category": "self",
"summary": "SUSE Bug 1249203",
"url": "https://bugzilla.suse.com/1249203"
},
{
"category": "self",
"summary": "SUSE Bug 1249204",
"url": "https://bugzilla.suse.com/1249204"
},
{
"category": "self",
"summary": "SUSE Bug 1249206",
"url": "https://bugzilla.suse.com/1249206"
},
{
"category": "self",
"summary": "SUSE Bug 1249215",
"url": "https://bugzilla.suse.com/1249215"
},
{
"category": "self",
"summary": "SUSE Bug 1249220",
"url": "https://bugzilla.suse.com/1249220"
},
{
"category": "self",
"summary": "SUSE Bug 1249221",
"url": "https://bugzilla.suse.com/1249221"
},
{
"category": "self",
"summary": "SUSE Bug 1249254",
"url": "https://bugzilla.suse.com/1249254"
},
{
"category": "self",
"summary": "SUSE Bug 1249258",
"url": "https://bugzilla.suse.com/1249258"
},
{
"category": "self",
"summary": "SUSE Bug 1249262",
"url": "https://bugzilla.suse.com/1249262"
},
{
"category": "self",
"summary": "SUSE Bug 1249263",
"url": "https://bugzilla.suse.com/1249263"
},
{
"category": "self",
"summary": "SUSE Bug 1249265",
"url": "https://bugzilla.suse.com/1249265"
},
{
"category": "self",
"summary": "SUSE Bug 1249266",
"url": "https://bugzilla.suse.com/1249266"
},
{
"category": "self",
"summary": "SUSE Bug 1249269",
"url": "https://bugzilla.suse.com/1249269"
},
{
"category": "self",
"summary": "SUSE Bug 1249271",
"url": "https://bugzilla.suse.com/1249271"
},
{
"category": "self",
"summary": "SUSE Bug 1249272",
"url": "https://bugzilla.suse.com/1249272"
},
{
"category": "self",
"summary": "SUSE Bug 1249273",
"url": "https://bugzilla.suse.com/1249273"
},
{
"category": "self",
"summary": "SUSE Bug 1249274",
"url": "https://bugzilla.suse.com/1249274"
},
{
"category": "self",
"summary": "SUSE Bug 1249278",
"url": "https://bugzilla.suse.com/1249278"
},
{
"category": "self",
"summary": "SUSE Bug 1249279",
"url": "https://bugzilla.suse.com/1249279"
},
{
"category": "self",
"summary": "SUSE Bug 1249281",
"url": "https://bugzilla.suse.com/1249281"
},
{
"category": "self",
"summary": "SUSE Bug 1249282",
"url": "https://bugzilla.suse.com/1249282"
},
{
"category": "self",
"summary": "SUSE Bug 1249284",
"url": "https://bugzilla.suse.com/1249284"
},
{
"category": "self",
"summary": "SUSE Bug 1249285",
"url": "https://bugzilla.suse.com/1249285"
},
{
"category": "self",
"summary": "SUSE Bug 1249286",
"url": "https://bugzilla.suse.com/1249286"
},
{
"category": "self",
"summary": "SUSE Bug 1249288",
"url": "https://bugzilla.suse.com/1249288"
},
{
"category": "self",
"summary": "SUSE Bug 1249290",
"url": "https://bugzilla.suse.com/1249290"
},
{
"category": "self",
"summary": "SUSE Bug 1249292",
"url": "https://bugzilla.suse.com/1249292"
},
{
"category": "self",
"summary": "SUSE Bug 1249295",
"url": "https://bugzilla.suse.com/1249295"
},
{
"category": "self",
"summary": "SUSE Bug 1249296",
"url": "https://bugzilla.suse.com/1249296"
},
{
"category": "self",
"summary": "SUSE Bug 1249297",
"url": "https://bugzilla.suse.com/1249297"
},
{
"category": "self",
"summary": "SUSE Bug 1249299",
"url": "https://bugzilla.suse.com/1249299"
},
{
"category": "self",
"summary": "SUSE Bug 1249300",
"url": "https://bugzilla.suse.com/1249300"
},
{
"category": "self",
"summary": "SUSE Bug 1249301",
"url": "https://bugzilla.suse.com/1249301"
},
{
"category": "self",
"summary": "SUSE Bug 1249303",
"url": "https://bugzilla.suse.com/1249303"
},
{
"category": "self",
"summary": "SUSE Bug 1249304",
"url": "https://bugzilla.suse.com/1249304"
},
{
"category": "self",
"summary": "SUSE Bug 1249305",
"url": "https://bugzilla.suse.com/1249305"
},
{
"category": "self",
"summary": "SUSE Bug 1249306",
"url": "https://bugzilla.suse.com/1249306"
},
{
"category": "self",
"summary": "SUSE Bug 1249308",
"url": "https://bugzilla.suse.com/1249308"
},
{
"category": "self",
"summary": "SUSE Bug 1249309",
"url": "https://bugzilla.suse.com/1249309"
},
{
"category": "self",
"summary": "SUSE Bug 1249312",
"url": "https://bugzilla.suse.com/1249312"
},
{
"category": "self",
"summary": "SUSE Bug 1249313",
"url": "https://bugzilla.suse.com/1249313"
},
{
"category": "self",
"summary": "SUSE Bug 1249314",
"url": "https://bugzilla.suse.com/1249314"
},
{
"category": "self",
"summary": "SUSE Bug 1249315",
"url": "https://bugzilla.suse.com/1249315"
},
{
"category": "self",
"summary": "SUSE Bug 1249316",
"url": "https://bugzilla.suse.com/1249316"
},
{
"category": "self",
"summary": "SUSE Bug 1249318",
"url": "https://bugzilla.suse.com/1249318"
},
{
"category": "self",
"summary": "SUSE Bug 1249319",
"url": "https://bugzilla.suse.com/1249319"
},
{
"category": "self",
"summary": "SUSE Bug 1249320",
"url": "https://bugzilla.suse.com/1249320"
},
{
"category": "self",
"summary": "SUSE Bug 1249321",
"url": "https://bugzilla.suse.com/1249321"
},
{
"category": "self",
"summary": "SUSE Bug 1249322",
"url": "https://bugzilla.suse.com/1249322"
},
{
"category": "self",
"summary": "SUSE Bug 1249323",
"url": "https://bugzilla.suse.com/1249323"
},
{
"category": "self",
"summary": "SUSE Bug 1249324",
"url": "https://bugzilla.suse.com/1249324"
},
{
"category": "self",
"summary": "SUSE Bug 1249333",
"url": "https://bugzilla.suse.com/1249333"
},
{
"category": "self",
"summary": "SUSE Bug 1249334",
"url": "https://bugzilla.suse.com/1249334"
},
{
"category": "self",
"summary": "SUSE Bug 1249338",
"url": "https://bugzilla.suse.com/1249338"
},
{
"category": "self",
"summary": "SUSE Bug 1249346",
"url": "https://bugzilla.suse.com/1249346"
},
{
"category": "self",
"summary": "SUSE Bug 1249374",
"url": "https://bugzilla.suse.com/1249374"
},
{
"category": "self",
"summary": "SUSE Bug 1249413",
"url": "https://bugzilla.suse.com/1249413"
},
{
"category": "self",
"summary": "SUSE Bug 1249477",
"url": "https://bugzilla.suse.com/1249477"
},
{
"category": "self",
"summary": "SUSE Bug 1249478",
"url": "https://bugzilla.suse.com/1249478"
},
{
"category": "self",
"summary": "SUSE Bug 1249479",
"url": "https://bugzilla.suse.com/1249479"
},
{
"category": "self",
"summary": "SUSE Bug 1249486",
"url": "https://bugzilla.suse.com/1249486"
},
{
"category": "self",
"summary": "SUSE Bug 1249490",
"url": "https://bugzilla.suse.com/1249490"
},
{
"category": "self",
"summary": "SUSE Bug 1249494",
"url": "https://bugzilla.suse.com/1249494"
},
{
"category": "self",
"summary": "SUSE Bug 1249500",
"url": "https://bugzilla.suse.com/1249500"
},
{
"category": "self",
"summary": "SUSE Bug 1249504",
"url": "https://bugzilla.suse.com/1249504"
},
{
"category": "self",
"summary": "SUSE Bug 1249506",
"url": "https://bugzilla.suse.com/1249506"
},
{
"category": "self",
"summary": "SUSE Bug 1249508",
"url": "https://bugzilla.suse.com/1249508"
},
{
"category": "self",
"summary": "SUSE Bug 1249509",
"url": "https://bugzilla.suse.com/1249509"
},
{
"category": "self",
"summary": "SUSE Bug 1249510",
"url": "https://bugzilla.suse.com/1249510"
},
{
"category": "self",
"summary": "SUSE Bug 1249513",
"url": "https://bugzilla.suse.com/1249513"
},
{
"category": "self",
"summary": "SUSE Bug 1249515",
"url": "https://bugzilla.suse.com/1249515"
},
{
"category": "self",
"summary": "SUSE Bug 1249516",
"url": "https://bugzilla.suse.com/1249516"
},
{
"category": "self",
"summary": "SUSE Bug 1249522",
"url": "https://bugzilla.suse.com/1249522"
},
{
"category": "self",
"summary": "SUSE Bug 1249523",
"url": "https://bugzilla.suse.com/1249523"
},
{
"category": "self",
"summary": "SUSE Bug 1249524",
"url": "https://bugzilla.suse.com/1249524"
},
{
"category": "self",
"summary": "SUSE Bug 1249526",
"url": "https://bugzilla.suse.com/1249526"
},
{
"category": "self",
"summary": "SUSE Bug 1249533",
"url": "https://bugzilla.suse.com/1249533"
},
{
"category": "self",
"summary": "SUSE Bug 1249538",
"url": "https://bugzilla.suse.com/1249538"
},
{
"category": "self",
"summary": "SUSE Bug 1249540",
"url": "https://bugzilla.suse.com/1249540"
},
{
"category": "self",
"summary": "SUSE Bug 1249542",
"url": "https://bugzilla.suse.com/1249542"
},
{
"category": "self",
"summary": "SUSE Bug 1249545",
"url": "https://bugzilla.suse.com/1249545"
},
{
"category": "self",
"summary": "SUSE Bug 1249547",
"url": "https://bugzilla.suse.com/1249547"
},
{
"category": "self",
"summary": "SUSE Bug 1249548",
"url": "https://bugzilla.suse.com/1249548"
},
{
"category": "self",
"summary": "SUSE Bug 1249550",
"url": "https://bugzilla.suse.com/1249550"
},
{
"category": "self",
"summary": "SUSE Bug 1249552",
"url": "https://bugzilla.suse.com/1249552"
},
{
"category": "self",
"summary": "SUSE Bug 1249554",
"url": "https://bugzilla.suse.com/1249554"
},
{
"category": "self",
"summary": "SUSE Bug 1249562",
"url": "https://bugzilla.suse.com/1249562"
},
{
"category": "self",
"summary": "SUSE Bug 1249566",
"url": "https://bugzilla.suse.com/1249566"
},
{
"category": "self",
"summary": "SUSE Bug 1249587",
"url": "https://bugzilla.suse.com/1249587"
},
{
"category": "self",
"summary": "SUSE Bug 1249598",
"url": "https://bugzilla.suse.com/1249598"
},
{
"category": "self",
"summary": "SUSE Bug 1249604",
"url": "https://bugzilla.suse.com/1249604"
},
{
"category": "self",
"summary": "SUSE Bug 1249608",
"url": "https://bugzilla.suse.com/1249608"
},
{
"category": "self",
"summary": "SUSE Bug 1249615",
"url": "https://bugzilla.suse.com/1249615"
},
{
"category": "self",
"summary": "SUSE Bug 1249618",
"url": "https://bugzilla.suse.com/1249618"
},
{
"category": "self",
"summary": "SUSE Bug 1249774",
"url": "https://bugzilla.suse.com/1249774"
},
{
"category": "self",
"summary": "SUSE Bug 1249833",
"url": "https://bugzilla.suse.com/1249833"
},
{
"category": "self",
"summary": "SUSE Bug 1249887",
"url": "https://bugzilla.suse.com/1249887"
},
{
"category": "self",
"summary": "SUSE Bug 1249888",
"url": "https://bugzilla.suse.com/1249888"
},
{
"category": "self",
"summary": "SUSE Bug 1249901",
"url": "https://bugzilla.suse.com/1249901"
},
{
"category": "self",
"summary": "SUSE Bug 1249904",
"url": "https://bugzilla.suse.com/1249904"
},
{
"category": "self",
"summary": "SUSE Bug 1249906",
"url": "https://bugzilla.suse.com/1249906"
},
{
"category": "self",
"summary": "SUSE Bug 1249915",
"url": "https://bugzilla.suse.com/1249915"
},
{
"category": "self",
"summary": "SUSE Bug 1249974",
"url": "https://bugzilla.suse.com/1249974"
},
{
"category": "self",
"summary": "SUSE Bug 1249975",
"url": "https://bugzilla.suse.com/1249975"
},
{
"category": "self",
"summary": "SUSE Bug 1250002",
"url": "https://bugzilla.suse.com/1250002"
},
{
"category": "self",
"summary": "SUSE Bug 1250007",
"url": "https://bugzilla.suse.com/1250007"
},
{
"category": "self",
"summary": "SUSE Bug 1250021",
"url": "https://bugzilla.suse.com/1250021"
},
{
"category": "self",
"summary": "SUSE Bug 1250025",
"url": "https://bugzilla.suse.com/1250025"
},
{
"category": "self",
"summary": "SUSE Bug 1250028",
"url": "https://bugzilla.suse.com/1250028"
},
{
"category": "self",
"summary": "SUSE Bug 1250032",
"url": "https://bugzilla.suse.com/1250032"
},
{
"category": "self",
"summary": "SUSE Bug 1250087",
"url": "https://bugzilla.suse.com/1250087"
},
{
"category": "self",
"summary": "SUSE Bug 1250088",
"url": "https://bugzilla.suse.com/1250088"
},
{
"category": "self",
"summary": "SUSE Bug 1250119",
"url": "https://bugzilla.suse.com/1250119"
},
{
"category": "self",
"summary": "SUSE Bug 1250123",
"url": "https://bugzilla.suse.com/1250123"
},
{
"category": "self",
"summary": "SUSE Bug 1250124",
"url": "https://bugzilla.suse.com/1250124"
},
{
"category": "self",
"summary": "SUSE Bug 1250177",
"url": "https://bugzilla.suse.com/1250177"
},
{
"category": "self",
"summary": "SUSE Bug 1250179",
"url": "https://bugzilla.suse.com/1250179"
},
{
"category": "self",
"summary": "SUSE Bug 1250203",
"url": "https://bugzilla.suse.com/1250203"
},
{
"category": "self",
"summary": "SUSE Bug 1250204",
"url": "https://bugzilla.suse.com/1250204"
},
{
"category": "self",
"summary": "SUSE Bug 1250205",
"url": "https://bugzilla.suse.com/1250205"
},
{
"category": "self",
"summary": "SUSE Bug 1250237",
"url": "https://bugzilla.suse.com/1250237"
},
{
"category": "self",
"summary": "SUSE Bug 1250242",
"url": "https://bugzilla.suse.com/1250242"
},
{
"category": "self",
"summary": "SUSE Bug 1250247",
"url": "https://bugzilla.suse.com/1250247"
},
{
"category": "self",
"summary": "SUSE Bug 1250249",
"url": "https://bugzilla.suse.com/1250249"
},
{
"category": "self",
"summary": "SUSE Bug 1250251",
"url": "https://bugzilla.suse.com/1250251"
},
{
"category": "self",
"summary": "SUSE Bug 1250258",
"url": "https://bugzilla.suse.com/1250258"
},
{
"category": "self",
"summary": "SUSE Bug 1250262",
"url": "https://bugzilla.suse.com/1250262"
},
{
"category": "self",
"summary": "SUSE Bug 1250266",
"url": "https://bugzilla.suse.com/1250266"
},
{
"category": "self",
"summary": "SUSE Bug 1250267",
"url": "https://bugzilla.suse.com/1250267"
},
{
"category": "self",
"summary": "SUSE Bug 1250268",
"url": "https://bugzilla.suse.com/1250268"
},
{
"category": "self",
"summary": "SUSE Bug 1250275",
"url": "https://bugzilla.suse.com/1250275"
},
{
"category": "self",
"summary": "SUSE Bug 1250276",
"url": "https://bugzilla.suse.com/1250276"
},
{
"category": "self",
"summary": "SUSE Bug 1250281",
"url": "https://bugzilla.suse.com/1250281"
},
{
"category": "self",
"summary": "SUSE Bug 1250291",
"url": "https://bugzilla.suse.com/1250291"
},
{
"category": "self",
"summary": "SUSE Bug 1250292",
"url": "https://bugzilla.suse.com/1250292"
},
{
"category": "self",
"summary": "SUSE Bug 1250294",
"url": "https://bugzilla.suse.com/1250294"
},
{
"category": "self",
"summary": "SUSE Bug 1250296",
"url": "https://bugzilla.suse.com/1250296"
},
{
"category": "self",
"summary": "SUSE Bug 1250297",
"url": "https://bugzilla.suse.com/1250297"
},
{
"category": "self",
"summary": "SUSE Bug 1250298",
"url": "https://bugzilla.suse.com/1250298"
},
{
"category": "self",
"summary": "SUSE Bug 1250334",
"url": "https://bugzilla.suse.com/1250334"
},
{
"category": "self",
"summary": "SUSE Bug 1250344",
"url": "https://bugzilla.suse.com/1250344"
},
{
"category": "self",
"summary": "SUSE Bug 1250365",
"url": "https://bugzilla.suse.com/1250365"
},
{
"category": "self",
"summary": "SUSE Bug 1250371",
"url": "https://bugzilla.suse.com/1250371"
},
{
"category": "self",
"summary": "SUSE Bug 1250377",
"url": "https://bugzilla.suse.com/1250377"
},
{
"category": "self",
"summary": "SUSE Bug 1250386",
"url": "https://bugzilla.suse.com/1250386"
},
{
"category": "self",
"summary": "SUSE Bug 1250389",
"url": "https://bugzilla.suse.com/1250389"
},
{
"category": "self",
"summary": "SUSE Bug 1250398",
"url": "https://bugzilla.suse.com/1250398"
},
{
"category": "self",
"summary": "SUSE Bug 1250402",
"url": "https://bugzilla.suse.com/1250402"
},
{
"category": "self",
"summary": "SUSE Bug 1250406",
"url": "https://bugzilla.suse.com/1250406"
},
{
"category": "self",
"summary": "SUSE Bug 1250407",
"url": "https://bugzilla.suse.com/1250407"
},
{
"category": "self",
"summary": "SUSE Bug 1250408",
"url": "https://bugzilla.suse.com/1250408"
},
{
"category": "self",
"summary": "SUSE Bug 1250450",
"url": "https://bugzilla.suse.com/1250450"
},
{
"category": "self",
"summary": "SUSE Bug 1250491",
"url": "https://bugzilla.suse.com/1250491"
},
{
"category": "self",
"summary": "SUSE Bug 1250519",
"url": "https://bugzilla.suse.com/1250519"
},
{
"category": "self",
"summary": "SUSE Bug 1250522",
"url": "https://bugzilla.suse.com/1250522"
},
{
"category": "self",
"summary": "SUSE Bug 1250650",
"url": "https://bugzilla.suse.com/1250650"
},
{
"category": "self",
"summary": "SUSE Bug 1250655",
"url": "https://bugzilla.suse.com/1250655"
},
{
"category": "self",
"summary": "SUSE Bug 1250671",
"url": "https://bugzilla.suse.com/1250671"
},
{
"category": "self",
"summary": "SUSE Bug 1250702",
"url": "https://bugzilla.suse.com/1250702"
},
{
"category": "self",
"summary": "SUSE Bug 1250711",
"url": "https://bugzilla.suse.com/1250711"
},
{
"category": "self",
"summary": "SUSE Bug 1250712",
"url": "https://bugzilla.suse.com/1250712"
},
{
"category": "self",
"summary": "SUSE Bug 1250713",
"url": "https://bugzilla.suse.com/1250713"
},
{
"category": "self",
"summary": "SUSE Bug 1250716",
"url": "https://bugzilla.suse.com/1250716"
},
{
"category": "self",
"summary": "SUSE Bug 1250719",
"url": "https://bugzilla.suse.com/1250719"
},
{
"category": "self",
"summary": "SUSE Bug 1250722",
"url": "https://bugzilla.suse.com/1250722"
},
{
"category": "self",
"summary": "SUSE Bug 1250729",
"url": "https://bugzilla.suse.com/1250729"
},
{
"category": "self",
"summary": "SUSE Bug 1250736",
"url": "https://bugzilla.suse.com/1250736"
},
{
"category": "self",
"summary": "SUSE Bug 1250737",
"url": "https://bugzilla.suse.com/1250737"
},
{
"category": "self",
"summary": "SUSE Bug 1250739",
"url": "https://bugzilla.suse.com/1250739"
},
{
"category": "self",
"summary": "SUSE Bug 1250741",
"url": "https://bugzilla.suse.com/1250741"
},
{
"category": "self",
"summary": "SUSE Bug 1250742",
"url": "https://bugzilla.suse.com/1250742"
},
{
"category": "self",
"summary": "SUSE Bug 1250758",
"url": "https://bugzilla.suse.com/1250758"
},
{
"category": "self",
"summary": "SUSE Bug 1250952",
"url": "https://bugzilla.suse.com/1250952"
},
{
"category": "self",
"summary": "SUSE Bug 1251100",
"url": "https://bugzilla.suse.com/1251100"
},
{
"category": "self",
"summary": "SUSE Bug 1251114",
"url": "https://bugzilla.suse.com/1251114"
},
{
"category": "self",
"summary": "SUSE Bug 1251134",
"url": "https://bugzilla.suse.com/1251134"
},
{
"category": "self",
"summary": "SUSE Bug 1251135",
"url": "https://bugzilla.suse.com/1251135"
},
{
"category": "self",
"summary": "SUSE Bug 1251143",
"url": "https://bugzilla.suse.com/1251143"
},
{
"category": "self",
"summary": "SUSE Bug 1251146",
"url": "https://bugzilla.suse.com/1251146"
},
{
"category": "self",
"summary": "SUSE Bug 1251186",
"url": "https://bugzilla.suse.com/1251186"
},
{
"category": "self",
"summary": "SUSE Bug 1251216",
"url": "https://bugzilla.suse.com/1251216"
},
{
"category": "self",
"summary": "SUSE Bug 1251230",
"url": "https://bugzilla.suse.com/1251230"
},
{
"category": "self",
"summary": "SUSE Bug 1251810",
"url": "https://bugzilla.suse.com/1251810"
},
{
"category": "self",
"summary": "SUSE Bug 1252084",
"url": "https://bugzilla.suse.com/1252084"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53164 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53164/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57891 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57891/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57951 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57951/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57952 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57952/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58090 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58090/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22034 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22034/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22077 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22077/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23141 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23141/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37798 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37798/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37821 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37849 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37849/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37856 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37856/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37861 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37864 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38006 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38006/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38008 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38008/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38019 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38019/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38034 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38034/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38038 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38038/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38052 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38058 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38062 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38062/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38075 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38075/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38087 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38087/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38088 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38088/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38089 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38089/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38090 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38090/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38091 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38091/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38095 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38095/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38096 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38096/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38098 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38098/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38099 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38099/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38101 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38101/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38102 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38102/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38103 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38103/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38106 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38106/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38107 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38107/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38108 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38108/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38109 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38109/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38110 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38110/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38111 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38111/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38112 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38112/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38113 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38113/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38114 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38114/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38117 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38117/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38118 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38118/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38119 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38119/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38120 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38120/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38122 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38123 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38124 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38124/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38125 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38127 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38127/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38128 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38128/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38129 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38129/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38134 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38134/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38135 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38136 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38137 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38137/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38138 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38138/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38140 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38140/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38141 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38141/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38142 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38142/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38143 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38143/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38145 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38145/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38146 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38146/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38148 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38148/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38149 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38149/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38151 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38151/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38153 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38153/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38154 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38154/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38155 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38155/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38156 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38156/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38157 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38157/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38159 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38159/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38160 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38160/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38161 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38161/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38165 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38165/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38168 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38168/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38169 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38169/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38170 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38170/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38172 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38172/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38173 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38173/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38174 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38174/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38177 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38177/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38180 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38180/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38181 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38182 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38182/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38184 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38184/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38185 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38185/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38186 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38186/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38188 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38188/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38189 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38189/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38190 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38190/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38193 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38193/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38197 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38197/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38198 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38198/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38201 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38201/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38205 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38205/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38208 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38208/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38209 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38209/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38211 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38211/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38213 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38213/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38214 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38214/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38215 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38215/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38216 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38216/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38217 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38217/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38220 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38220/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38222 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38222/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38224 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38224/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38225 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38225/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38226 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38226/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38227 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38227/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38228 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38228/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38229 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38229/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38231 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38231/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38232 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38232/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38233 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38233/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38234 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38234/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38242 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38242/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38244 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38244/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38245 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38245/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38246 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38246/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38249 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38249/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38251 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38251/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38253 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38253/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38255 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38255/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38256 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38256/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38257 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38257/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38258 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38258/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38259 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38259/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38263 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38263/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38265 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38265/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38267 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38267/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38268 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38268/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38270 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38270/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38272 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38272/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38273 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38273/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38274 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38274/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38275 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38275/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38277 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38277/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38278 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38278/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38286 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38286/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38287 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38287/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38288 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38288/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38289 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38289/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38290 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38290/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38291 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38291/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38292 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38292/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38293 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38293/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38299 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38299/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38300 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38300/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38301 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38301/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38302 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38302/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38303 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38303/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38304 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38304/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38305 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38305/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38306 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38306/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38307 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38307/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38311 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38311/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38312 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38312/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38313 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38313/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38315 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38315/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38317 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38317/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38318 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38318/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38319 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38319/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38322 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38322/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38323 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38323/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38326 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38326/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38332 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38332/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38335 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38335/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38336 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38336/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38337 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38337/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38338 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38338/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38339 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38339/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38341 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38341/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38342 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38342/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38343 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38343/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38344 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38344/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38345 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38345/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38348 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38348/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38349 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38349/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38350 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38350/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38351 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38351/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38352 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38352/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38353 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38353/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38354 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38354/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38355 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38355/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38356 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38356/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38359 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38359/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38360 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38360/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38361 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38361/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38362 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38362/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38363 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38363/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38364 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38364/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38365 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38365/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38368 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38368/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38369 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38369/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38371 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38371/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38372 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38372/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38373 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38373/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38374 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38374/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38375 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38375/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38376 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38376/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38377 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38377/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38380 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38380/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38381 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38381/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38382 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38382/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38383 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38383/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38384 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38384/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38385 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38385/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38386 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38386/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38387 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38387/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38389 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38389/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38390 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38390/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38391 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38391/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38392 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38392/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38393 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38393/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38395 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38395/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38396 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38396/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38397 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38397/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38399 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38399/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38400 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38400/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38401 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38401/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38402 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38402/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38403 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38403/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38404 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38404/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38405 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38405/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38406 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38406/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38408 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38408/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38409 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38409/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38410 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38410/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38412 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38412/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38413 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38413/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38414 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38414/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38415 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38415/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38416 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38416/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38417 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38417/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38418 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38418/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38419 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38419/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38420 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38420/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38421 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38421/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38424 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38424/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38425 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38425/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38426 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38426/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38427 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38427/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38428 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38428/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38429 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38429/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38430 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38430/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38436 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38436/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38438 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38438/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38439 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38439/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38440 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38440/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38441 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38441/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38443 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38443/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38444 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38444/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38445 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38445/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38446 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38446/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38448 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38448/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38449 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38449/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38450 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38450/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38451 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38451/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38453 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38453/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38454 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38454/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38455 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38455/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38456 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38456/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38457 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38457/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38458 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38458/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38459 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38459/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38460 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38460/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38461 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38461/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38462 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38462/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38463 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38463/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38464 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38464/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38465 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38465/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38466 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38466/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38467 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38467/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38468 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38468/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38470 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38470/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38472 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38472/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38473 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38473/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38474 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38474/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38475 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38475/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38476 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38476/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38477 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38477/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38478 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38478/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38480 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38480/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38481 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38481/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38482 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38482/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38483 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38483/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38484 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38484/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38485 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38485/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38487 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38487/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38488 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38488/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38489 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38489/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38490 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38490/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38491 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38491/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38493 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38493/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38494 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38494/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38495 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38495/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38496 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38496/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38497 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38497/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38499 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38499/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38500 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38500/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38503 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38503/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38506 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38508 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38508/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38514 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38514/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38524 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38524/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38526 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38526/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38527 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38527/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38528 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38528/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38531 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38531/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38533 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38533/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38539 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38544 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38544/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38545 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38545/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38546 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38546/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38549 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38549/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38552 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38552/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38553 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38553/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38554 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38554/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38555 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38555/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38556 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38556/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38557 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38557/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38559 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38559/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38560 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38560/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38563 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38563/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38564 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38564/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38565 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38565/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38566 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38566/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38568 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38568/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38571 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38571/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38572 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38572/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38573 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38573/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38574 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38574/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38576 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38576/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38581 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38581/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38582 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38582/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38583 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38583/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38584 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38584/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38585 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38585/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38586 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38586/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38587 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38587/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38588 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38588/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38591 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38591/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38593 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38593/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38595 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38595/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38597 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38597/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38601 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38601/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38602 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38602/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38604 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38604/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38605 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38605/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38608 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38608/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38609 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38609/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38610 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38610/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38612 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38612/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38614 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38614/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38616 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38616/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38617 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38617/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38618 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38618/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38619 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38619/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38621 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38621/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38622 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38622/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38623 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38623/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38624 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38624/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38628 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38628/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38630 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38630/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38631 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38631/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38632 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38632/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38634 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38634/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38635 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38635/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38639 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38639/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38640 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38640/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38643 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38643/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38644 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38644/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38646 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38646/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38648 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38648/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38656 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38656/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38658 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38658/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38659 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38659/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38660 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38660/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38662 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38662/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38664 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38664/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38665 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38665/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38668 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38670 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38670/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38671 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38671/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38676 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38676/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38678 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38678/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38679 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38679/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38680 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38681 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38683 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38683/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38684 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38684/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38685 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38685/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38686 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38686/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38687 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38687/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38691 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38691/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38692 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38692/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38693 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38693/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38694 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38694/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38695 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38695/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38700 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38700/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38701 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38702 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38703 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38705 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38705/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38706 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38706/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38709 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38709/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38710 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38710/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38717 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38717/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38721 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38721/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38722 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38722/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38724 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38724/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38725 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38727 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38729 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38729/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38730 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38730/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38732 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38732/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38733 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38734 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38735 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38735/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38736 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39673 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39675 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39675/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39677 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39677/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39678 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39678/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39679 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39679/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39681 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39682 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39682/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39683 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39683/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39684 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39684/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39685 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39685/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39686 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39686/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39687 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39687/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39691 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39691/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39693 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39693/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39694 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39694/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39695 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39695/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39697 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39698 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39698/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39700 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39700/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39701 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39703 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39705 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39705/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39706 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39706/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39707 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39707/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39709 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39709/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39710 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39710/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39711 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39711/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39712 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39712/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39713 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39713/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39714 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39714/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39718 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39719 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39719/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39721 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39721/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39722 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39722/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39723 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39723/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39724 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39724/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39726 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39726/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39727 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39730 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39730/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39732 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39732/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39738 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39738/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39739 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39739/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39742 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39742/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39744 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39744/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39746 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39746/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39747 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39747/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39748 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39748/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39749 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39749/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39750 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39750/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39751 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39751/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39757 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39757/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39758 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39758/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39759 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39759/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39760 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39760/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39761 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39761/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39763 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39763/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39764 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39764/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39765 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39765/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39766 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39766/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39770 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39770/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39772 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39772/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39773 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39773/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39775 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39775/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39782 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39782/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39783 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39783/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39787 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39787/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39788 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39788/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39790 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39790/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39791 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39791/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39792 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39792/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39797 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39797/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39798 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39798/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39800 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39800/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39801 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39801/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39806 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39806/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39807 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39807/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39808 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39808/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39810 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39810/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39811 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39811/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39813 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39816 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39816/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39823 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39823/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39824 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39824/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39825 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39825/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39826 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39826/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39827 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39827/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39828 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39830 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39832 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39833 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39833/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39834 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39835 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39836 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39836/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39838 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39838/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39839 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39839/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39841 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39841/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39842 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39842/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39844 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39844/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39845 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39845/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39847 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39847/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39848 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39848/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39849 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39849/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39850 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39850/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39851 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39851/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39852 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39852/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39853 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39853/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39854 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39854/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39857 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39857/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39860 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39860/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39861 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39863 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39863/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39864 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39865 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39865/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39869 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39870 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39871 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39871/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39873 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39875 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39877 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39877/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39882 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39882/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39884 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39884/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39885 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39885/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39889 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39889/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39890 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39891 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39891/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39896 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39896/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39898 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39898/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39899 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39899/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39900 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39900/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39902 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39902/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39907 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39907/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39909 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39909/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39916 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39916/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39918 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39918/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39922 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39922/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39923 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39923/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39925 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39925/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39926 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39926/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39931 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39931/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39934 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39934/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39937 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39937/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39938 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39938/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39945 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39945/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39946 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39946/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39952 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39952/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39957 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39957/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40300 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40300/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-38264 page",
"url": "https://www.suse.com/security/cve/CVE-2026-38264/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-11-25T07:34:55Z",
"generator": {
"date": "2025-11-25T07:34:55Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:21179-1",
"initial_release_date": "2025-11-25T07:34:55Z",
"revision_history": [
{
"date": "2025-11-25T07:34:55Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"product": {
"name": "cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"product_id": "cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"product": {
"name": "dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"product_id": "dlm-kmp-default-6.12.0-160000.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"product": {
"name": "gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"product_id": "gfs2-kmp-default-6.12.0-160000.6.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"product": {
"name": "cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"product_id": "cluster-md-kmp-default-6.12.0-160000.6.1.s390x"
}
},
{
"category": "product_version",
"name": "dlm-kmp-default-6.12.0-160000.6.1.s390x",
"product": {
"name": "dlm-kmp-default-6.12.0-160000.6.1.s390x",
"product_id": "dlm-kmp-default-6.12.0-160000.6.1.s390x"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"product": {
"name": "gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"product_id": "gfs2-kmp-default-6.12.0-160000.6.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"product": {
"name": "cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"product_id": "cluster-md-kmp-default-6.12.0-160000.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"product": {
"name": "dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"product_id": "dlm-kmp-default-6.12.0-160000.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-default-6.12.0-160000.6.1.x86_64",
"product": {
"name": "gfs2-kmp-default-6.12.0-160000.6.1.x86_64",
"product_id": "gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Availability Extension 16.0",
"product": {
"name": "SUSE Linux Enterprise High Availability Extension 16.0",
"product_id": "SUSE Linux Enterprise High Availability Extension 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-ha:16.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le as component of SUSE Linux Enterprise High Availability Extension 16.0",
"product_id": "SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le"
},
"product_reference": "cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-default-6.12.0-160000.6.1.s390x as component of SUSE Linux Enterprise High Availability Extension 16.0",
"product_id": "SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x"
},
"product_reference": "cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-default-6.12.0-160000.6.1.x86_64 as component of SUSE Linux Enterprise High Availability Extension 16.0",
"product_id": "SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64"
},
"product_reference": "cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-default-6.12.0-160000.6.1.ppc64le as component of SUSE Linux Enterprise High Availability Extension 16.0",
"product_id": "SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le"
},
"product_reference": "dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-default-6.12.0-160000.6.1.s390x as component of SUSE Linux Enterprise High Availability Extension 16.0",
"product_id": "SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x"
},
"product_reference": "dlm-kmp-default-6.12.0-160000.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-default-6.12.0-160000.6.1.x86_64 as component of SUSE Linux Enterprise High Availability Extension 16.0",
"product_id": "SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64"
},
"product_reference": "dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-default-6.12.0-160000.6.1.ppc64le as component of SUSE Linux Enterprise High Availability Extension 16.0",
"product_id": "SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le"
},
"product_reference": "gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-default-6.12.0-160000.6.1.s390x as component of SUSE Linux Enterprise High Availability Extension 16.0",
"product_id": "SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x"
},
"product_reference": "gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-default-6.12.0-160000.6.1.x86_64 as component of SUSE Linux Enterprise High Availability Extension 16.0",
"product_id": "SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
},
"product_reference": "gfs2-kmp-default-6.12.0-160000.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-53164",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53164"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix ordering of qlen adjustment\n\nChanges to sch-\u003eq.qlen around qdisc_tree_reduce_backlog() need to happen\n_before_ a call to said function because otherwise it may fail to notify\nparent qdiscs when the child is about to become empty.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53164",
"url": "https://www.suse.com/security/cve/CVE-2024-53164"
},
{
"category": "external",
"summary": "SUSE Bug 1234863 for CVE-2024-53164",
"url": "https://bugzilla.suse.com/1234863"
},
{
"category": "external",
"summary": "SUSE Bug 1246019 for CVE-2024-53164",
"url": "https://bugzilla.suse.com/1246019"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2024-53164"
},
{
"cve": "CVE-2024-57891",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57891"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched_ext: Fix invalid irq restore in scx_ops_bypass()\n\nWhile adding outer irqsave/restore locking, 0e7ffff1b811 (\"scx: Fix raciness\nin scx_ops_bypass()\") forgot to convert an inner rq_unlock_irqrestore() to\nrq_unlock() which could re-enable IRQ prematurely leading to the following\nwarning:\n\n raw_local_irq_restore() called with IRQs enabled\n WARNING: CPU: 1 PID: 96 at kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x30/0x40\n ...\n Sched_ext: create_dsq (enabling)\n pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : warn_bogus_irq_restore+0x30/0x40\n lr : warn_bogus_irq_restore+0x30/0x40\n ...\n Call trace:\n warn_bogus_irq_restore+0x30/0x40 (P)\n warn_bogus_irq_restore+0x30/0x40 (L)\n scx_ops_bypass+0x224/0x3b8\n scx_ops_enable.isra.0+0x2c8/0xaa8\n bpf_scx_reg+0x18/0x30\n ...\n irq event stamp: 33739\n hardirqs last enabled at (33739): [\u003cffff8000800b699c\u003e] scx_ops_bypass+0x174/0x3b8\n hardirqs last disabled at (33738): [\u003cffff800080d48ad4\u003e] _raw_spin_lock_irqsave+0xb4/0xd8\n\nDrop the stray _irqrestore().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57891",
"url": "https://www.suse.com/security/cve/CVE-2024-57891"
},
{
"category": "external",
"summary": "SUSE Bug 1235953 for CVE-2024-57891",
"url": "https://bugzilla.suse.com/1235953"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2024-57891"
},
{
"cve": "CVE-2024-57951",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57951"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhrtimers: Handle CPU state correctly on hotplug\n\nConsider a scenario where a CPU transitions from CPUHP_ONLINE to halfway\nthrough a CPU hotunplug down to CPUHP_HRTIMERS_PREPARE, and then back to\nCPUHP_ONLINE:\n\nSince hrtimers_prepare_cpu() does not run, cpu_base.hres_active remains set\nto 1 throughout. However, during a CPU unplug operation, the tick and the\nclockevents are shut down at CPUHP_AP_TICK_DYING. On return to the online\nstate, for instance CFS incorrectly assumes that the hrtick is already\nactive, and the chance of the clockevent device to transition to oneshot\nmode is also lost forever for the CPU, unless it goes back to a lower state\nthan CPUHP_HRTIMERS_PREPARE once.\n\nThis round-trip reveals another issue; cpu_base.online is not set to 1\nafter the transition, which appears as a WARN_ON_ONCE in enqueue_hrtimer().\n\nAside of that, the bulk of the per CPU state is not reset either, which\nmeans there are dangling pointers in the worst case.\n\nAddress this by adding a corresponding startup() callback, which resets the\nstale per CPU state and sets the online flag.\n\n[ tglx: Make the new callback unconditionally available, remove the online\n \tmodification in the prepare() callback and clear the remaining\n \tstate in the starting callback instead of the prepare callback ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57951",
"url": "https://www.suse.com/security/cve/CVE-2024-57951"
},
{
"category": "external",
"summary": "SUSE Bug 1237108 for CVE-2024-57951",
"url": "https://bugzilla.suse.com/1237108"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2024-57951"
},
{
"cve": "CVE-2024-57952",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57952"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"libfs: fix infinite directory reads for offset dir\"\n\nThe current directory offset allocator (based on mtree_alloc_cyclic)\nstores the next offset value to return in octx-\u003enext_offset. This\nmechanism typically returns values that increase monotonically over\ntime. Eventually, though, the newly allocated offset value wraps\nback to a low number (say, 2) which is smaller than other already-\nallocated offset values.\n\nYu Kuai \u003cyukuai3@huawei.com\u003e reports that, after commit 64a7ce76fb90\n(\"libfs: fix infinite directory reads for offset dir\"), if a\ndirectory\u0027s offset allocator wraps, existing entries are no longer\nvisible via readdir/getdents because offset_readdir() stops listing\nentries once an entry\u0027s offset is larger than octx-\u003enext_offset.\nThese entries vanish persistently -- they can be looked up, but will\nnever again appear in readdir(3) output.\n\nThe reason for this is that the commit treats directory offsets as\nmonotonically increasing integer values rather than opaque cookies,\nand introduces this comparison:\n\n\tif (dentry2offset(dentry) \u003e= last_index) {\n\nOn 64-bit platforms, the directory offset value upper bound is\n2^63 - 1. Directory offsets will monotonically increase for millions\nof years without wrapping.\n\nOn 32-bit platforms, however, LONG_MAX is 2^31 - 1. The allocator\ncan wrap after only a few weeks (at worst).\n\nRevert commit 64a7ce76fb90 (\"libfs: fix infinite directory reads for\noffset dir\") to prepare for a fix that can work properly on 32-bit\nsystems and might apply to recent LTS kernels where shmem employs\nthe simple_offset mechanism.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57952",
"url": "https://www.suse.com/security/cve/CVE-2024-57952"
},
{
"category": "external",
"summary": "SUSE Bug 1237131 for CVE-2024-57952",
"url": "https://bugzilla.suse.com/1237131"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2024-57952"
},
{
"cve": "CVE-2024-58090",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58090"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/core: Prevent rescheduling when interrupts are disabled\n\nDavid reported a warning observed while loop testing kexec jump:\n\n Interrupts enabled after irqrouter_resume+0x0/0x50\n WARNING: CPU: 0 PID: 560 at drivers/base/syscore.c:103 syscore_resume+0x18a/0x220\n kernel_kexec+0xf6/0x180\n __do_sys_reboot+0x206/0x250\n do_syscall_64+0x95/0x180\n\nThe corresponding interrupt flag trace:\n\n hardirqs last enabled at (15573): [\u003cffffffffa8281b8e\u003e] __up_console_sem+0x7e/0x90\n hardirqs last disabled at (15580): [\u003cffffffffa8281b73\u003e] __up_console_sem+0x63/0x90\n\nThat means __up_console_sem() was invoked with interrupts enabled. Further\ninstrumentation revealed that in the interrupt disabled section of kexec\njump one of the syscore_suspend() callbacks woke up a task, which set the\nNEED_RESCHED flag. A later callback in the resume path invoked\ncond_resched() which in turn led to the invocation of the scheduler:\n\n __cond_resched+0x21/0x60\n down_timeout+0x18/0x60\n acpi_os_wait_semaphore+0x4c/0x80\n acpi_ut_acquire_mutex+0x3d/0x100\n acpi_ns_get_node+0x27/0x60\n acpi_ns_evaluate+0x1cb/0x2d0\n acpi_rs_set_srs_method_data+0x156/0x190\n acpi_pci_link_set+0x11c/0x290\n irqrouter_resume+0x54/0x60\n syscore_resume+0x6a/0x200\n kernel_kexec+0x145/0x1c0\n __do_sys_reboot+0xeb/0x240\n do_syscall_64+0x95/0x180\n\nThis is a long standing problem, which probably got more visible with\nthe recent printk changes. Something does a task wakeup and the\nscheduler sets the NEED_RESCHED flag. cond_resched() sees it set and\ninvokes schedule() from a completely bogus context. The scheduler\nenables interrupts after context switching, which causes the above\nwarning at the end.\n\nQuite some of the code paths in syscore_suspend()/resume() can result in\ntriggering a wakeup with the exactly same consequences. They might not\nhave done so yet, but as they share a lot of code with normal operations\nit\u0027s just a question of time.\n\nThe problem only affects the PREEMPT_NONE and PREEMPT_VOLUNTARY scheduling\nmodels. Full preemption is not affected as cond_resched() is disabled and\nthe preemption check preemptible() takes the interrupt disabled flag into\naccount.\n\nCure the problem by adding a corresponding check into cond_resched().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58090",
"url": "https://www.suse.com/security/cve/CVE-2024-58090"
},
{
"category": "external",
"summary": "SUSE Bug 1240324 for CVE-2024-58090",
"url": "https://bugzilla.suse.com/1240324"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2024-58090"
},
{
"cve": "CVE-2025-22034",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22034"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/gup: reject FOLL_SPLIT_PMD with hugetlb VMAs\n\nPatch series \"mm: fixes for device-exclusive entries (hmm)\", v2.\n\nDiscussing the PageTail() call in make_device_exclusive_range() with\nWilly, I recently discovered [1] that device-exclusive handling does not\nproperly work with THP, making the hmm-tests selftests fail if THPs are\nenabled on the system.\n\nLooking into more details, I found that hugetlb is not properly fenced,\nand I realized that something that was bugging me for longer -- how\ndevice-exclusive entries interact with mapcounts -- completely breaks\nmigration/swapout/split/hwpoison handling of these folios while they have\ndevice-exclusive PTEs.\n\nThe program below can be used to allocate 1 GiB worth of pages and making\nthem device-exclusive on a kernel with CONFIG_TEST_HMM.\n\nOnce they are device-exclusive, these folios cannot get swapped out\n(proc$pid/smaps_rollup will always indicate 1 GiB RSS no matter how much\none forces memory reclaim), and when having a memory block onlined to\nZONE_MOVABLE, trying to offline it will loop forever and complain about\nfailed migration of a page that should be movable.\n\n# echo offline \u003e /sys/devices/system/memory/memory136/state\n# echo online_movable \u003e /sys/devices/system/memory/memory136/state\n# ./hmm-swap \u0026\n... wait until everything is device-exclusive\n# echo offline \u003e /sys/devices/system/memory/memory136/state\n[ 285.193431][T14882] page: refcount:2 mapcount:0 mapping:0000000000000000\n index:0x7f20671f7 pfn:0x442b6a\n[ 285.196618][T14882] memcg:ffff888179298000\n[ 285.198085][T14882] anon flags: 0x5fff0000002091c(referenced|uptodate|\n dirty|active|owner_2|swapbacked|node=1|zone=3|lastcpupid=0x7ff)\n[ 285.201734][T14882] raw: ...\n[ 285.204464][T14882] raw: ...\n[ 285.207196][T14882] page dumped because: migration failure\n[ 285.209072][T14882] page_owner tracks the page as allocated\n[ 285.210915][T14882] page last allocated via order 0, migratetype\n Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO),\n id 14926, tgid 14926 (hmm-swap), ts 254506295376, free_ts 227402023774\n[ 285.216765][T14882] post_alloc_hook+0x197/0x1b0\n[ 285.218874][T14882] get_page_from_freelist+0x76e/0x3280\n[ 285.220864][T14882] __alloc_frozen_pages_noprof+0x38e/0x2740\n[ 285.223302][T14882] alloc_pages_mpol+0x1fc/0x540\n[ 285.225130][T14882] folio_alloc_mpol_noprof+0x36/0x340\n[ 285.227222][T14882] vma_alloc_folio_noprof+0xee/0x1a0\n[ 285.229074][T14882] __handle_mm_fault+0x2b38/0x56a0\n[ 285.230822][T14882] handle_mm_fault+0x368/0x9f0\n...\n\nThis series fixes all issues I found so far. There is no easy way to fix\nwithout a bigger rework/cleanup. I have a bunch of cleanups on top (some\nprevious sent, some the result of the discussion in v1) that I will send\nout separately once this landed and I get to it.\n\nI wish we could just use some special present PROT_NONE PTEs instead of\nthese (non-present, non-none) fake-swap entries; but that just results in\nthe same problem we keep having (lack of spare PTE bits), and staring at\nother similar fake-swap entries, that ship has sailed.\n\nWith this series, make_device_exclusive() doesn\u0027t actually belong into\nmm/rmap.c anymore, but I\u0027ll leave moving that for another day.\n\nI only tested this series with the hmm-tests selftests due to lack of HW,\nso I\u0027d appreciate some testing, especially if the interaction between two\nGPUs wanting a device-exclusive entry works as expected.\n\n\u003cprogram\u003e\n#include \u003cstdio.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cstdint.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cstdlib.h\u003e\n#include \u003cstring.h\u003e\n#include \u003csys/mman.h\u003e\n#include \u003csys/ioctl.h\u003e\n#include \u003clinux/types.h\u003e\n#include \u003clinux/ioctl.h\u003e\n\n#define HMM_DMIRROR_EXCLUSIVE _IOWR(\u0027H\u0027, 0x05, struct hmm_dmirror_cmd)\n\nstruct hmm_dmirror_cmd {\n\t__u64 addr;\n\t__u64 ptr;\n\t__u64 npages;\n\t__u64 cpages;\n\t__u64 faults;\n};\n\nconst size_t size = 1 * 1024 * 1024 * 1024ul;\nconst size_t chunk_size = 2 * 1024 * 1024ul;\n\nint m\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22034",
"url": "https://www.suse.com/security/cve/CVE-2025-22034"
},
{
"category": "external",
"summary": "SUSE Bug 1241435 for CVE-2025-22034",
"url": "https://bugzilla.suse.com/1241435"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-22034"
},
{
"cve": "CVE-2025-22077",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22077"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"smb: client: fix TCP timers deadlock after rmmod\"\n\nThis reverts commit e9f2517a3e18a54a3943c098d2226b245d488801.\n\nCommit e9f2517a3e18 (\"smb: client: fix TCP timers deadlock after\nrmmod\") is intended to fix a null-ptr-deref in LOCKDEP, which is\nmentioned as CVE-2024-54680, but is actually did not fix anything;\nThe issue can be reproduced on top of it. [0]\n\nAlso, it reverted the change by commit ef7134c7fc48 (\"smb: client:\nFix use-after-free of network namespace.\") and introduced a real\nissue by reviving the kernel TCP socket.\n\nWhen a reconnect happens for a CIFS connection, the socket state\ntransitions to FIN_WAIT_1. Then, inet_csk_clear_xmit_timers_sync()\nin tcp_close() stops all timers for the socket.\n\nIf an incoming FIN packet is lost, the socket will stay at FIN_WAIT_1\nforever, and such sockets could be leaked up to net.ipv4.tcp_max_orphans.\n\nUsually, FIN can be retransmitted by the peer, but if the peer aborts\nthe connection, the issue comes into reality.\n\nI warned about this privately by pointing out the exact report [1],\nbut the bogus fix was finally merged.\n\nSo, we should not stop the timers to finally kill the connection on\nour side in that case, meaning we must not use a kernel socket for\nTCP whose sk-\u003esk_net_refcnt is 0.\n\nThe kernel socket does not have a reference to its netns to make it\npossible to tear down netns without cleaning up every resource in it.\n\nFor example, tunnel devices use a UDP socket internally, but we can\ndestroy netns without removing such devices and let it complete\nduring exit. Otherwise, netns would be leaked when the last application\ndied.\n\nHowever, this is problematic for TCP sockets because TCP has timers to\nclose the connection gracefully even after the socket is close()d. The\nlifetime of the socket and its netns is different from the lifetime of\nthe underlying connection.\n\nIf the socket user does not maintain the netns lifetime, the timer could\nbe fired after the socket is close()d and its netns is freed up, resulting\nin use-after-free.\n\nActually, we have seen so many similar issues and converted such sockets\nto have a reference to netns.\n\nThat\u0027s why I converted the CIFS client socket to have a reference to\nnetns (sk-\u003esk_net_refcnt == 1), which is somehow mentioned as out-of-scope\nof CIFS and technically wrong in e9f2517a3e18, but **is in-scope and right\nfix**.\n\nRegarding the LOCKDEP issue, we can prevent the module unload by\nbumping the module refcount when switching the LOCKDDEP key in\nsock_lock_init_class_and_name(). [2]\n\nFor a while, let\u0027s revert the bogus fix.\n\nNote that now we can use sk_net_refcnt_upgrade() for the socket\nconversion, but I\u0027ll do so later separately to make backport easy.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22077",
"url": "https://www.suse.com/security/cve/CVE-2025-22077"
},
{
"category": "external",
"summary": "SUSE Bug 1241403 for CVE-2025-22077",
"url": "https://bugzilla.suse.com/1241403"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-22077"
},
{
"cve": "CVE-2025-23141",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23141"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses\n\nAcquire a lock on kvm-\u003esrcu when userspace is getting MP state to handle a\nrather extreme edge case where \"accepting\" APIC events, i.e. processing\npending INIT or SIPI, can trigger accesses to guest memory. If the vCPU\nis in L2 with INIT *and* a TRIPLE_FAULT request pending, then getting MP\nstate will trigger a nested VM-Exit by way of -\u003echeck_nested_events(), and\nemuating the nested VM-Exit can access guest memory.\n\nThe splat was originally hit by syzkaller on a Google-internal kernel, and\nreproduced on an upstream kernel by hacking the triple_fault_event_test\nselftest to stuff a pending INIT, store an MSR on VM-Exit (to generate a\nmemory access on VMX), and do vcpu_mp_state_get() to trigger the scenario.\n\n =============================\n WARNING: suspicious RCU usage\n 6.14.0-rc3-b112d356288b-vmx/pi_lockdep_false_pos-lock #3 Not tainted\n -----------------------------\n include/linux/kvm_host.h:1058 suspicious rcu_dereference_check() usage!\n\n other info that might help us debug this:\n\n rcu_scheduler_active = 2, debug_locks = 1\n 1 lock held by triple_fault_ev/1256:\n #0: ffff88810df5a330 (\u0026vcpu-\u003emutex){+.+.}-{4:4}, at: kvm_vcpu_ioctl+0x8b/0x9a0 [kvm]\n\n stack backtrace:\n CPU: 11 UID: 1000 PID: 1256 Comm: triple_fault_ev Not tainted 6.14.0-rc3-b112d356288b-vmx #3\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x7f/0x90\n lockdep_rcu_suspicious+0x144/0x190\n kvm_vcpu_gfn_to_memslot+0x156/0x180 [kvm]\n kvm_vcpu_read_guest+0x3e/0x90 [kvm]\n read_and_check_msr_entry+0x2e/0x180 [kvm_intel]\n __nested_vmx_vmexit+0x550/0xde0 [kvm_intel]\n kvm_check_nested_events+0x1b/0x30 [kvm]\n kvm_apic_accept_events+0x33/0x100 [kvm]\n kvm_arch_vcpu_ioctl_get_mpstate+0x30/0x1d0 [kvm]\n kvm_vcpu_ioctl+0x33e/0x9a0 [kvm]\n __x64_sys_ioctl+0x8b/0xb0\n do_syscall_64+0x6c/0x170\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23141",
"url": "https://www.suse.com/security/cve/CVE-2025-23141"
},
{
"category": "external",
"summary": "SUSE Bug 1242782 for CVE-2025-23141",
"url": "https://bugzilla.suse.com/1242782"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-23141"
},
{
"cve": "CVE-2025-37798",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37798"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncodel: remove sch-\u003eq.qlen check before qdisc_tree_reduce_backlog()\n\nAfter making all -\u003eqlen_notify() callbacks idempotent, now it is safe to\nremove the check of qlen!=0 from both fq_codel_dequeue() and\ncodel_qdisc_dequeue().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37798",
"url": "https://www.suse.com/security/cve/CVE-2025-37798"
},
{
"category": "external",
"summary": "SUSE Bug 1242414 for CVE-2025-37798",
"url": "https://bugzilla.suse.com/1242414"
},
{
"category": "external",
"summary": "SUSE Bug 1242417 for CVE-2025-37798",
"url": "https://bugzilla.suse.com/1242417"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-37798"
},
{
"cve": "CVE-2025-37821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37821"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/eevdf: Fix se-\u003eslice being set to U64_MAX and resulting crash\n\nThere is a code path in dequeue_entities() that can set the slice of a\nsched_entity to U64_MAX, which sometimes results in a crash.\n\nThe offending case is when dequeue_entities() is called to dequeue a\ndelayed group entity, and then the entity\u0027s parent\u0027s dequeue is delayed.\nIn that case:\n\n1. In the if (entity_is_task(se)) else block at the beginning of\n dequeue_entities(), slice is set to\n cfs_rq_min_slice(group_cfs_rq(se)). If the entity was delayed, then\n it has no queued tasks, so cfs_rq_min_slice() returns U64_MAX.\n2. The first for_each_sched_entity() loop dequeues the entity.\n3. If the entity was its parent\u0027s only child, then the next iteration\n tries to dequeue the parent.\n4. If the parent\u0027s dequeue needs to be delayed, then it breaks from the\n first for_each_sched_entity() loop _without updating slice_.\n5. The second for_each_sched_entity() loop sets the parent\u0027s -\u003eslice to\n the saved slice, which is still U64_MAX.\n\nThis throws off subsequent calculations with potentially catastrophic\nresults. A manifestation we saw in production was:\n\n6. In update_entity_lag(), se-\u003eslice is used to calculate limit, which\n ends up as a huge negative number.\n7. limit is used in se-\u003evlag = clamp(vlag, -limit, limit). Because limit\n is negative, vlag \u003e limit, so se-\u003evlag is set to the same huge\n negative number.\n8. In place_entity(), se-\u003evlag is scaled, which overflows and results in\n another huge (positive or negative) number.\n9. The adjusted lag is subtracted from se-\u003evruntime, which increases or\n decreases se-\u003evruntime by a huge number.\n10. pick_eevdf() calls entity_eligible()/vruntime_eligible(), which\n incorrectly returns false because the vruntime is so far from the\n other vruntimes on the queue, causing the\n (vruntime - cfs_rq-\u003emin_vruntime) * load calulation to overflow.\n11. Nothing appears to be eligible, so pick_eevdf() returns NULL.\n12. pick_next_entity() tries to dereference the return value of\n pick_eevdf() and crashes.\n\nDumping the cfs_rq states from the core dumps with drgn showed tell-tale\nhuge vruntime ranges and bogus vlag values, and I also traced se-\u003eslice\nbeing set to U64_MAX on live systems (which was usually \"benign\" since\nthe rest of the runqueue needed to be in a particular state to crash).\n\nFix it in dequeue_entities() by always setting slice from the first\nnon-empty cfs_rq.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37821",
"url": "https://www.suse.com/security/cve/CVE-2025-37821"
},
{
"category": "external",
"summary": "SUSE Bug 1242864 for CVE-2025-37821",
"url": "https://bugzilla.suse.com/1242864"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-37821"
},
{
"cve": "CVE-2025-37849",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37849"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Tear down vGIC on failed vCPU creation\n\nIf kvm_arch_vcpu_create() fails to share the vCPU page with the\nhypervisor, we propagate the error back to the ioctl but leave the\nvGIC vCPU data initialised. Note only does this leak the corresponding\nmemory when the vCPU is destroyed but it can also lead to use-after-free\nif the redistributor device handling tries to walk into the vCPU.\n\nAdd the missing cleanup to kvm_arch_vcpu_create(), ensuring that the\nvGIC vCPU structures are destroyed on error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37849",
"url": "https://www.suse.com/security/cve/CVE-2025-37849"
},
{
"category": "external",
"summary": "SUSE Bug 1243000 for CVE-2025-37849",
"url": "https://bugzilla.suse.com/1243000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-37849"
},
{
"cve": "CVE-2025-37856",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37856"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: harden block_group::bg_list against list_del() races\n\nAs far as I can tell, these calls of list_del_init() on bg_list cannot\nrun concurrently with btrfs_mark_bg_unused() or btrfs_mark_bg_to_reclaim(),\nas they are in transaction error paths and situations where the block\ngroup is readonly.\n\nHowever, if there is any chance at all of racing with mark_bg_unused(),\nor a different future user of bg_list, better to be safe than sorry.\n\nOtherwise we risk the following interleaving (bg_list refcount in parens)\n\nT1 (some random op) T2 (btrfs_mark_bg_unused)\n !list_empty(\u0026bg-\u003ebg_list); (1)\nlist_del_init(\u0026bg-\u003ebg_list); (1)\n list_move_tail (1)\nbtrfs_put_block_group (0)\n btrfs_delete_unused_bgs\n bg = list_first_entry\n list_del_init(\u0026bg-\u003ebg_list);\n btrfs_put_block_group(bg); (-1)\n\nUltimately, this results in a broken ref count that hits zero one deref\nearly and the real final deref underflows the refcount, resulting in a WARNING.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37856",
"url": "https://www.suse.com/security/cve/CVE-2025-37856"
},
{
"category": "external",
"summary": "SUSE Bug 1243068 for CVE-2025-37856",
"url": "https://bugzilla.suse.com/1243068"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-37856"
},
{
"cve": "CVE-2025-37861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37861"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue\n\nWhen the task management thread processes reply queues while the reset\nthread resets them, the task management thread accesses an invalid queue ID\n(0xFFFF), set by the reset thread, which points to unallocated memory,\ncausing a crash.\n\nAdd flag \u0027io_admin_reset_sync\u0027 to synchronize access between the reset,\nI/O, and admin threads. Before a reset, the reset handler sets this flag to\nblock I/O and admin processing threads. If any thread bypasses the initial\ncheck, the reset thread waits up to 10 seconds for processing to finish. If\nthe wait exceeds 10 seconds, the controller is marked as unrecoverable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37861",
"url": "https://www.suse.com/security/cve/CVE-2025-37861"
},
{
"category": "external",
"summary": "SUSE Bug 1243055 for CVE-2025-37861",
"url": "https://bugzilla.suse.com/1243055"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-37861"
},
{
"cve": "CVE-2025-37864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37864"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: clean up FDB, MDB, VLAN entries on unbind\n\nAs explained in many places such as commit b117e1e8a86d (\"net: dsa:\ndelete dsa_legacy_fdb_add and dsa_legacy_fdb_del\"), DSA is written given\nthe assumption that higher layers have balanced additions/deletions.\nAs such, it only makes sense to be extremely vocal when those\nassumptions are violated and the driver unbinds with entries still\npresent.\n\nBut Ido Schimmel points out a very simple situation where that is wrong:\nhttps://lore.kernel.org/netdev/ZDazSM5UsPPjQuKr@shredder/\n(also briefly discussed by me in the aforementioned commit).\n\nBasically, while the bridge bypass operations are not something that DSA\nexplicitly documents, and for the majority of DSA drivers this API\nsimply causes them to go to promiscuous mode, that isn\u0027t the case for\nall drivers. Some have the necessary requirements for bridge bypass\noperations to do something useful - see dsa_switch_supports_uc_filtering().\n\nAlthough in tools/testing/selftests/net/forwarding/local_termination.sh,\nwe made an effort to popularize better mechanisms to manage address\nfilters on DSA interfaces from user space - namely macvlan for unicast,\nand setsockopt(IP_ADD_MEMBERSHIP) - through mtools - for multicast, the\nfact is that \u0027bridge fdb add ... self static local\u0027 also exists as\nkernel UAPI, and might be useful to someone, even if only for a quick\nhack.\n\nIt seems counter-productive to block that path by implementing shim\n.ndo_fdb_add and .ndo_fdb_del operations which just return -EOPNOTSUPP\nin order to prevent the ndo_dflt_fdb_add() and ndo_dflt_fdb_del() from\nrunning, although we could do that.\n\nAccepting that cleanup is necessary seems to be the only option.\nEspecially since we appear to be coming back at this from a different\nangle as well. Russell King is noticing that the WARN_ON() triggers even\nfor VLANs:\nhttps://lore.kernel.org/netdev/Z_li8Bj8bD4-BYKQ@shell.armlinux.org.uk/\n\nWhat happens in the bug report above is that dsa_port_do_vlan_del() fails,\nthen the VLAN entry lingers on, and then we warn on unbind and leak it.\n\nThis is not a straight revert of the blamed commit, but we now add an\ninformational print to the kernel log (to still have a way to see\nthat bugs exist), and some extra comments gathered from past years\u0027\nexperience, to justify the logic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37864",
"url": "https://www.suse.com/security/cve/CVE-2025-37864"
},
{
"category": "external",
"summary": "SUSE Bug 1242965 for CVE-2025-37864",
"url": "https://bugzilla.suse.com/1242965"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-37864"
},
{
"cve": "CVE-2025-38006",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38006"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mctp: Don\u0027t access ifa_index when missing\n\nIn mctp_dump_addrinfo, ifa_index can be used to filter interfaces, but\nonly when the struct ifaddrmsg is provided. Otherwise it will be\ncomparing to uninitialised memory - reproducible in the syzkaller case from\ndhcpd, or busybox \"ip addr show\".\n\nThe kernel MCTP implementation has always filtered by ifa_index, so\nexisting userspace programs expecting to dump MCTP addresses must\nalready be passing a valid ifa_index value (either 0 or a real index).\n\nBUG: KMSAN: uninit-value in mctp_dump_addrinfo+0x208/0xac0 net/mctp/device.c:128\n mctp_dump_addrinfo+0x208/0xac0 net/mctp/device.c:128\n rtnl_dump_all+0x3ec/0x5b0 net/core/rtnetlink.c:4380\n rtnl_dumpit+0xd5/0x2f0 net/core/rtnetlink.c:6824\n netlink_dump+0x97b/0x1690 net/netlink/af_netlink.c:2309",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38006",
"url": "https://www.suse.com/security/cve/CVE-2025-38006"
},
{
"category": "external",
"summary": "SUSE Bug 1244930 for CVE-2025-38006",
"url": "https://bugzilla.suse.com/1244930"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38006"
},
{
"cve": "CVE-2025-38008",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38008"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/page_alloc: fix race condition in unaccepted memory handling\n\nThe page allocator tracks the number of zones that have unaccepted memory\nusing static_branch_enc/dec() and uses that static branch in hot paths to\ndetermine if it needs to deal with unaccepted memory.\n\nBorislav and Thomas pointed out that the tracking is racy: operations on\nstatic_branch are not serialized against adding/removing unaccepted pages\nto/from the zone.\n\nSanity checks inside static_branch machinery detects it:\n\nWARNING: CPU: 0 PID: 10 at kernel/jump_label.c:276 __static_key_slow_dec_cpuslocked+0x8e/0xa0\n\nThe comment around the WARN() explains the problem:\n\n\t/*\n\t * Warn about the \u0027-1\u0027 case though; since that means a\n\t * decrement is concurrent with a first (0-\u003e1) increment. IOW\n\t * people are trying to disable something that wasn\u0027t yet fully\n\t * enabled. This suggests an ordering problem on the user side.\n\t */\n\nThe effect of this static_branch optimization is only visible on\nmicrobenchmark.\n\nInstead of adding more complexity around it, remove it altogether.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38008",
"url": "https://www.suse.com/security/cve/CVE-2025-38008"
},
{
"category": "external",
"summary": "SUSE Bug 1244939 for CVE-2025-38008",
"url": "https://bugzilla.suse.com/1244939"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38008"
},
{
"cve": "CVE-2025-38019",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38019"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_router: Fix use-after-free when deleting GRE net devices\n\nThe driver only offloads neighbors that are constructed on top of net\ndevices registered by it or their uppers (which are all Ethernet). The\ndevice supports GRE encapsulation and decapsulation of forwarded\ntraffic, but the driver will not offload dummy neighbors constructed on\ntop of GRE net devices as they are not uppers of its net devices:\n\n # ip link add name gre1 up type gre tos inherit local 192.0.2.1 remote 198.51.100.1\n # ip neigh add 0.0.0.0 lladdr 0.0.0.0 nud noarp dev gre1\n $ ip neigh show dev gre1 nud noarp\n 0.0.0.0 lladdr 0.0.0.0 NOARP\n\n(Note that the neighbor is not marked with \u0027offload\u0027)\n\nWhen the driver is reloaded and the existing configuration is replayed,\nthe driver does not perform the same check regarding existing neighbors\nand offloads the previously added one:\n\n # devlink dev reload pci/0000:01:00.0\n $ ip neigh show dev gre1 nud noarp\n 0.0.0.0 lladdr 0.0.0.0 offload NOARP\n\nIf the neighbor is later deleted, the driver will ignore the\nnotification (given the GRE net device is not its upper) and will\ntherefore keep referencing freed memory, resulting in a use-after-free\n[1] when the net device is deleted:\n\n # ip neigh del 0.0.0.0 lladdr 0.0.0.0 dev gre1\n # ip link del dev gre1\n\nFix by skipping neighbor replay if the net device for which the replay\nis performed is not our upper.\n\n[1]\nBUG: KASAN: slab-use-after-free in mlxsw_sp_neigh_entry_update+0x1ea/0x200\nRead of size 8 at addr ffff888155b0e420 by task ip/2282\n[...]\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x6f/0xa0\n print_address_description.constprop.0+0x6f/0x350\n print_report+0x108/0x205\n kasan_report+0xdf/0x110\n mlxsw_sp_neigh_entry_update+0x1ea/0x200\n mlxsw_sp_router_rif_gone_sync+0x2a8/0x440\n mlxsw_sp_rif_destroy+0x1e9/0x750\n mlxsw_sp_netdevice_ipip_ol_event+0x3c9/0xdc0\n mlxsw_sp_router_netdevice_event+0x3ac/0x15e0\n notifier_call_chain+0xca/0x150\n call_netdevice_notifiers_info+0x7f/0x100\n unregister_netdevice_many_notify+0xc8c/0x1d90\n rtnl_dellink+0x34e/0xa50\n rtnetlink_rcv_msg+0x6fb/0xb70\n netlink_rcv_skb+0x131/0x360\n netlink_unicast+0x426/0x710\n netlink_sendmsg+0x75a/0xc20\n __sock_sendmsg+0xc1/0x150\n ____sys_sendmsg+0x5aa/0x7b0\n ___sys_sendmsg+0xfc/0x180\n __sys_sendmsg+0x121/0x1b0\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38019",
"url": "https://www.suse.com/security/cve/CVE-2025-38019"
},
{
"category": "external",
"summary": "SUSE Bug 1245000 for CVE-2025-38019",
"url": "https://bugzilla.suse.com/1245000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38019"
},
{
"cve": "CVE-2025-38034",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38034"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref\n\nbtrfs_prelim_ref() calls the old and new reference variables in the\nincorrect order. This causes a NULL pointer dereference because oldref\nis passed as NULL to trace_btrfs_prelim_ref_insert().\n\nNote, trace_btrfs_prelim_ref_insert() is being called with newref as\noldref (and oldref as NULL) on purpose in order to print out\nthe values of newref.\n\nTo reproduce:\necho 1 \u003e /sys/kernel/debug/tracing/events/btrfs/btrfs_prelim_ref_insert/enable\n\nPerform some writeback operations.\n\nBacktrace:\nBUG: kernel NULL pointer dereference, address: 0000000000000018\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 115949067 P4D 115949067 PUD 11594a067 PMD 0\n Oops: Oops: 0000 [#1] SMP NOPTI\n CPU: 1 UID: 0 PID: 1188 Comm: fsstress Not tainted 6.15.0-rc2-tester+ #47 PREEMPT(voluntary) 7ca2cef72d5e9c600f0c7718adb6462de8149622\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-2-gc13ff2cd-prebuilt.qemu.org 04/01/2014\n RIP: 0010:trace_event_raw_event_btrfs__prelim_ref+0x72/0x130\n Code: e8 43 81 9f ff 48 85 c0 74 78 4d 85 e4 0f 84 8f 00 00 00 49 8b 94 24 c0 06 00 00 48 8b 0a 48 89 48 08 48 8b 52 08 48 89 50 10 \u003c49\u003e 8b 55 18 48 89 50 18 49 8b 55 20 48 89 50 20 41 0f b6 55 28 88\n RSP: 0018:ffffce44820077a0 EFLAGS: 00010286\n RAX: ffff8c6b403f9014 RBX: ffff8c6b55825730 RCX: 304994edf9cf506b\n RDX: d8b11eb7f0fdb699 RSI: ffff8c6b403f9010 RDI: ffff8c6b403f9010\n RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000010\n R10: 00000000ffffffff R11: 0000000000000000 R12: ffff8c6b4e8fb000\n R13: 0000000000000000 R14: ffffce44820077a8 R15: ffff8c6b4abd1540\n FS: 00007f4dc6813740(0000) GS:ffff8c6c1d378000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000018 CR3: 000000010eb42000 CR4: 0000000000750ef0\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n prelim_ref_insert+0x1c1/0x270\n find_parent_nodes+0x12a6/0x1ee0\n ? __entry_text_end+0x101f06/0x101f09\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? srso_alias_return_thunk+0x5/0xfbef5\n btrfs_is_data_extent_shared+0x167/0x640\n ? fiemap_process_hole+0xd0/0x2c0\n extent_fiemap+0xa5c/0xbc0\n ? __entry_text_end+0x101f05/0x101f09\n btrfs_fiemap+0x7e/0xd0\n do_vfs_ioctl+0x425/0x9d0\n __x64_sys_ioctl+0x75/0xc0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38034",
"url": "https://www.suse.com/security/cve/CVE-2025-38034"
},
{
"category": "external",
"summary": "SUSE Bug 1244792 for CVE-2025-38034",
"url": "https://bugzilla.suse.com/1244792"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38034"
},
{
"cve": "CVE-2025-38038",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38038"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: amd-pstate: Remove unnecessary driver_lock in set_boost\n\nset_boost is a per-policy function call, hence a driver wide lock is\nunnecessary. Also this mutex_acquire can collide with the mutex_acquire\nfrom the mode-switch path in status_store(), which can lead to a\ndeadlock. So, remove it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38038",
"url": "https://www.suse.com/security/cve/CVE-2025-38038"
},
{
"category": "external",
"summary": "SUSE Bug 1244812 for CVE-2025-38038",
"url": "https://bugzilla.suse.com/1244812"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38038"
},
{
"cve": "CVE-2025-38052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38052"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done\n\nSyzbot reported a slab-use-after-free with the following call trace:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in tipc_aead_encrypt_done+0x4bd/0x510 net/tipc/crypto.c:840\n Read of size 8 at addr ffff88807a733000 by task kworker/1:0/25\n\n Call Trace:\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n tipc_aead_encrypt_done+0x4bd/0x510 net/tipc/crypto.c:840\n crypto_request_complete include/crypto/algapi.h:266\n aead_request_complete include/crypto/internal/aead.h:85\n cryptd_aead_crypt+0x3b8/0x750 crypto/cryptd.c:772\n crypto_request_complete include/crypto/algapi.h:266\n cryptd_queue_worker+0x131/0x200 crypto/cryptd.c:181\n process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231\n\n Allocated by task 8355:\n kzalloc_noprof include/linux/slab.h:778\n tipc_crypto_start+0xcc/0x9e0 net/tipc/crypto.c:1466\n tipc_init_net+0x2dd/0x430 net/tipc/core.c:72\n ops_init+0xb9/0x650 net/core/net_namespace.c:139\n setup_net+0x435/0xb40 net/core/net_namespace.c:343\n copy_net_ns+0x2f0/0x670 net/core/net_namespace.c:508\n create_new_namespaces+0x3ea/0xb10 kernel/nsproxy.c:110\n unshare_nsproxy_namespaces+0xc0/0x1f0 kernel/nsproxy.c:228\n ksys_unshare+0x419/0x970 kernel/fork.c:3323\n __do_sys_unshare kernel/fork.c:3394\n\n Freed by task 63:\n kfree+0x12a/0x3b0 mm/slub.c:4557\n tipc_crypto_stop+0x23c/0x500 net/tipc/crypto.c:1539\n tipc_exit_net+0x8c/0x110 net/tipc/core.c:119\n ops_exit_list+0xb0/0x180 net/core/net_namespace.c:173\n cleanup_net+0x5b7/0xbf0 net/core/net_namespace.c:640\n process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231\n\nAfter freed the tipc_crypto tx by delete namespace, tipc_aead_encrypt_done\nmay still visit it in cryptd_queue_worker workqueue.\n\nI reproduce this issue by:\n ip netns add ns1\n ip link add veth1 type veth peer name veth2\n ip link set veth1 netns ns1\n ip netns exec ns1 tipc bearer enable media eth dev veth1\n ip netns exec ns1 tipc node set key this_is_a_master_key master\n ip netns exec ns1 tipc bearer disable media eth dev veth1\n ip netns del ns1\n\nThe key of reproduction is that, simd_aead_encrypt is interrupted, leading\nto crypto_simd_usable() return false. Thus, the cryptd_queue_worker is\ntriggered, and the tipc_crypto tx will be visited.\n\n tipc_disc_timeout\n tipc_bearer_xmit_skb\n tipc_crypto_xmit\n tipc_aead_encrypt\n crypto_aead_encrypt\n // encrypt()\n simd_aead_encrypt\n // crypto_simd_usable() is false\n child = \u0026ctx-\u003ecryptd_tfm-\u003ebase;\n\n simd_aead_encrypt\n crypto_aead_encrypt\n // encrypt()\n cryptd_aead_encrypt_enqueue\n cryptd_aead_enqueue\n cryptd_enqueue_request\n // trigger cryptd_queue_worker\n queue_work_on(smp_processor_id(), cryptd_wq, \u0026cpu_queue-\u003ework)\n\nFix this by holding net reference count before encrypt.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38052",
"url": "https://www.suse.com/security/cve/CVE-2025-38052"
},
{
"category": "external",
"summary": "SUSE Bug 1244749 for CVE-2025-38052",
"url": "https://bugzilla.suse.com/1244749"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38052"
},
{
"cve": "CVE-2025-38058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38058"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\n__legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock\n\n... or we risk stealing final mntput from sync umount - raising mnt_count\nafter umount(2) has verified that victim is not busy, but before it\nhas set MNT_SYNC_UMOUNT; in that case __legitimize_mnt() doesn\u0027t see\nthat it\u0027s safe to quietly undo mnt_count increment and leaves dropping\nthe reference to caller, where it\u0027ll be a full-blown mntput().\n\nCheck under mount_lock is needed; leaving the current one done before\ntaking that makes no sense - it\u0027s nowhere near common enough to bother\nwith.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38058",
"url": "https://www.suse.com/security/cve/CVE-2025-38058"
},
{
"category": "external",
"summary": "SUSE Bug 1245151 for CVE-2025-38058",
"url": "https://bugzilla.suse.com/1245151"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "low"
}
],
"title": "CVE-2025-38058"
},
{
"cve": "CVE-2025-38062",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38062"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngenirq/msi: Store the IOMMU IOVA directly in msi_desc instead of iommu_cookie\n\nThe IOMMU translation for MSI message addresses has been a 2-step process,\nseparated in time:\n\n 1) iommu_dma_prepare_msi(): A cookie pointer containing the IOVA address\n is stored in the MSI descriptor when an MSI interrupt is allocated.\n\n 2) iommu_dma_compose_msi_msg(): this cookie pointer is used to compute a\n translated message address.\n\nThis has an inherent lifetime problem for the pointer stored in the cookie\nthat must remain valid between the two steps. However, there is no locking\nat the irq layer that helps protect the lifetime. Today, this works under\nthe assumption that the iommu domain is not changed while MSI interrupts\nbeing programmed. This is true for normal DMA API users within the kernel,\nas the iommu domain is attached before the driver is probed and cannot be\nchanged while a driver is attached.\n\nClassic VFIO type1 also prevented changing the iommu domain while VFIO was\nrunning as it does not support changing the \"container\" after starting up.\n\nHowever, iommufd has improved this so that the iommu domain can be changed\nduring VFIO operation. This potentially allows userspace to directly race\nVFIO_DEVICE_ATTACH_IOMMUFD_PT (which calls iommu_attach_group()) and\nVFIO_DEVICE_SET_IRQS (which calls into iommu_dma_compose_msi_msg()).\n\nThis potentially causes both the cookie pointer and the unlocked call to\niommu_get_domain_for_dev() on the MSI translation path to become UAFs.\n\nFix the MSI cookie UAF by removing the cookie pointer. The translated IOVA\naddress is already known during iommu_dma_prepare_msi() and cannot change.\nThus, it can simply be stored as an integer in the MSI descriptor.\n\nThe other UAF related to iommu_get_domain_for_dev() will be addressed in\npatch \"iommu: Make iommu_dma_prepare_msi() into a generic operation\" by\nusing the IOMMU group mutex.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38062",
"url": "https://www.suse.com/security/cve/CVE-2025-38062"
},
{
"category": "external",
"summary": "SUSE Bug 1245216 for CVE-2025-38062",
"url": "https://bugzilla.suse.com/1245216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38062"
},
{
"cve": "CVE-2025-38075",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38075"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: iscsi: Fix timeout on deleted connection\n\nNOPIN response timer may expire on a deleted connection and crash with\nsuch logs:\n\nDid not receive response to NOPIN on CID: 0, failing connection for I_T Nexus (null),i,0x00023d000125,iqn.2017-01.com.iscsi.target,t,0x3d\n\nBUG: Kernel NULL pointer dereference on read at 0x00000000\nNIP strlcpy+0x8/0xb0\nLR iscsit_fill_cxn_timeout_err_stats+0x5c/0xc0 [iscsi_target_mod]\nCall Trace:\n iscsit_handle_nopin_response_timeout+0xfc/0x120 [iscsi_target_mod]\n call_timer_fn+0x58/0x1f0\n run_timer_softirq+0x740/0x860\n __do_softirq+0x16c/0x420\n irq_exit+0x188/0x1c0\n timer_interrupt+0x184/0x410\n\nThat is because nopin response timer may be re-started on nopin timer\nexpiration.\n\nStop nopin timer before stopping the nopin response timer to be sure\nthat no one of them will be re-started.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38075",
"url": "https://www.suse.com/security/cve/CVE-2025-38075"
},
{
"category": "external",
"summary": "SUSE Bug 1244734 for CVE-2025-38075",
"url": "https://bugzilla.suse.com/1244734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38075"
},
{
"cve": "CVE-2025-38087",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38087"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: fix use-after-free in taprio_dev_notifier\n\nSince taprio\u0027s taprio_dev_notifier() isn\u0027t protected by an\nRCU read-side critical section, a race with advance_sched()\ncan lead to a use-after-free.\n\nAdding rcu_read_lock() inside taprio_dev_notifier() prevents this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38087",
"url": "https://www.suse.com/security/cve/CVE-2025-38087"
},
{
"category": "external",
"summary": "SUSE Bug 1245504 for CVE-2025-38087",
"url": "https://bugzilla.suse.com/1245504"
},
{
"category": "external",
"summary": "SUSE Bug 1245505 for CVE-2025-38087",
"url": "https://bugzilla.suse.com/1245505"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38087"
},
{
"cve": "CVE-2025-38088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38088"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap\n\nmemtrace mmap issue has an out of bounds issue. This patch fixes the by\nchecking that the requested mapping region size should stay within the\nallocated region size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38088",
"url": "https://www.suse.com/security/cve/CVE-2025-38088"
},
{
"category": "external",
"summary": "SUSE Bug 1245506 for CVE-2025-38088",
"url": "https://bugzilla.suse.com/1245506"
},
{
"category": "external",
"summary": "SUSE Bug 1245507 for CVE-2025-38088",
"url": "https://bugzilla.suse.com/1245507"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38088"
},
{
"cve": "CVE-2025-38089",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38089"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: handle SVC_GARBAGE during svc auth processing as auth error\n\ntianshuo han reported a remotely-triggerable crash if the client sends a\nkernel RPC server a specially crafted packet. If decoding the RPC reply\nfails in such a way that SVC_GARBAGE is returned without setting the\nrq_accept_statp pointer, then that pointer can be dereferenced and a\nvalue stored there.\n\nIf it\u0027s the first time the thread has processed an RPC, then that\npointer will be set to NULL and the kernel will crash. In other cases,\nit could create a memory scribble.\n\nThe server sunrpc code treats a SVC_GARBAGE return from svc_authenticate\nor pg_authenticate as if it should send a GARBAGE_ARGS reply. RFC 5531\nsays that if authentication fails that the RPC should be rejected\ninstead with a status of AUTH_ERR.\n\nHandle a SVC_GARBAGE return as an AUTH_ERROR, with a reason of\nAUTH_BADCRED instead of returning GARBAGE_ARGS in that case. This\nsidesteps the whole problem of touching the rpc_accept_statp pointer in\nthis situation and avoids the crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38089",
"url": "https://www.suse.com/security/cve/CVE-2025-38089"
},
{
"category": "external",
"summary": "SUSE Bug 1245508 for CVE-2025-38089",
"url": "https://bugzilla.suse.com/1245508"
},
{
"category": "external",
"summary": "SUSE Bug 1245509 for CVE-2025-38089",
"url": "https://bugzilla.suse.com/1245509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38089"
},
{
"cve": "CVE-2025-38090",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38090"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers/rapidio/rio_cm.c: prevent possible heap overwrite\n\nIn\n\nriocm_cdev_ioctl(RIO_CM_CHAN_SEND)\n -\u003e cm_chan_msg_send()\n -\u003e riocm_ch_send()\n\ncm_chan_msg_send() checks that userspace didn\u0027t send too much data but\nriocm_ch_send() failed to check that userspace sent sufficient data. The\nresult is that riocm_ch_send() can write to fields in the rio_ch_chan_hdr\nwhich were outside the bounds of the space which cm_chan_msg_send()\nallocated.\n\nAddress this by teaching riocm_ch_send() to check that the entire\nrio_ch_chan_hdr was copied in from userspace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38090",
"url": "https://www.suse.com/security/cve/CVE-2025-38090"
},
{
"category": "external",
"summary": "SUSE Bug 1245510 for CVE-2025-38090",
"url": "https://bugzilla.suse.com/1245510"
},
{
"category": "external",
"summary": "SUSE Bug 1245511 for CVE-2025-38090",
"url": "https://bugzilla.suse.com/1245511"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38090"
},
{
"cve": "CVE-2025-38091",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38091"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: check stream id dml21 wrapper to get plane_id\n\n[Why \u0026 How]\nFix a false positive warning which occurs due to lack of correct checks\nwhen querying plane_id in DML21. This fixes the warning when performing a\nmode1 reset (cat /sys/kernel/debug/dri/1/amdgpu_gpu_recover):\n\n[ 35.751250] WARNING: CPU: 11 PID: 326 at /tmp/amd.PHpyAl7v/amd/amdgpu/../display/dc/dml2/dml2_dc_resource_mgmt.c:91 dml2_map_dc_pipes+0x243d/0x3f40 [amdgpu]\n[ 35.751434] Modules linked in: amdgpu(OE) amddrm_ttm_helper(OE) amdttm(OE) amddrm_buddy(OE) amdxcp(OE) amddrm_exec(OE) amd_sched(OE) amdkcl(OE) drm_suballoc_helper drm_ttm_helper ttm drm_display_helper cec rc_core i2c_algo_bit rfcomm qrtr cmac algif_hash algif_skcipher af_alg bnep amd_atl intel_rapl_msr intel_rapl_common snd_hda_codec_hdmi snd_hda_intel edac_mce_amd snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec kvm_amd snd_hda_core snd_hwdep snd_pcm kvm snd_seq_midi snd_seq_midi_event snd_rawmidi crct10dif_pclmul polyval_clmulni polyval_generic btusb ghash_clmulni_intel sha256_ssse3 btrtl sha1_ssse3 snd_seq btintel aesni_intel btbcm btmtk snd_seq_device crypto_simd sunrpc cryptd bluetooth snd_timer ccp binfmt_misc rapl snd i2c_piix4 wmi_bmof gigabyte_wmi k10temp i2c_smbus soundcore gpio_amdpt mac_hid sch_fq_codel msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs ip_tables x_tables autofs4 hid_generic usbhid hid crc32_pclmul igc ahci xhci_pci libahci xhci_pci_renesas video wmi\n[ 35.751501] CPU: 11 UID: 0 PID: 326 Comm: kworker/u64:9 Tainted: G OE 6.11.0-21-generic #21~24.04.1-Ubuntu\n[ 35.751504] Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n[ 35.751505] Hardware name: Gigabyte Technology Co., Ltd. X670E AORUS PRO X/X670E AORUS PRO X, BIOS F30 05/22/2024\n[ 35.751506] Workqueue: amdgpu-reset-dev amdgpu_debugfs_reset_work [amdgpu]\n[ 35.751638] RIP: 0010:dml2_map_dc_pipes+0x243d/0x3f40 [amdgpu]\n[ 35.751794] Code: 6d 0c 00 00 8b 84 24 88 00 00 00 41 3b 44 9c 20 0f 84 fc 07 00 00 48 83 c3 01 48 83 fb 06 75 b3 4c 8b 64 24 68 4c 8b 6c 24 40 \u003c0f\u003e 0b b8 06 00 00 00 49 8b 94 24 a0 49 00 00 89 c3 83 f8 07 0f 87\n[ 35.751796] RSP: 0018:ffffbfa3805d7680 EFLAGS: 00010246\n[ 35.751798] RAX: 0000000000010000 RBX: 0000000000000006 RCX: 0000000000000000\n[ 35.751799] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000000\n[ 35.751800] RBP: ffffbfa3805d78f0 R08: 0000000000000000 R09: 0000000000000000\n[ 35.751801] R10: 0000000000000000 R11: 0000000000000000 R12: ffffbfa383249000\n[ 35.751802] R13: ffffa0e68f280000 R14: ffffbfa383249658 R15: 0000000000000000\n[ 35.751803] FS: 0000000000000000(0000) GS:ffffa0edbe580000(0000) knlGS:0000000000000000\n[ 35.751804] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 35.751805] CR2: 00005d847ef96c58 CR3: 000000041de3e000 CR4: 0000000000f50ef0\n[ 35.751806] PKRU: 55555554\n[ 35.751807] Call Trace:\n[ 35.751810] \u003cTASK\u003e\n[ 35.751816] ? show_regs+0x6c/0x80\n[ 35.751820] ? __warn+0x88/0x140\n[ 35.751822] ? dml2_map_dc_pipes+0x243d/0x3f40 [amdgpu]\n[ 35.751964] ? report_bug+0x182/0x1b0\n[ 35.751969] ? handle_bug+0x6e/0xb0\n[ 35.751972] ? exc_invalid_op+0x18/0x80\n[ 35.751974] ? asm_exc_invalid_op+0x1b/0x20\n[ 35.751978] ? dml2_map_dc_pipes+0x243d/0x3f40 [amdgpu]\n[ 35.752117] ? math_pow+0x48/0xa0 [amdgpu]\n[ 35.752256] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 35.752260] ? math_pow+0x48/0xa0 [amdgpu]\n[ 35.752400] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 35.752403] ? math_pow+0x11/0xa0 [amdgpu]\n[ 35.752524] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 35.752526] ? core_dcn4_mode_programming+0xe4d/0x20d0 [amdgpu]\n[ 35.752663] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 35.752669] dml21_validate+0x3d4/0x980 [amdgpu]\n\n(cherry picked from commit f8ad62c0a93e5dd94243e10f1b742232e4d6411e)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38091",
"url": "https://www.suse.com/security/cve/CVE-2025-38091"
},
{
"category": "external",
"summary": "SUSE Bug 1245621 for CVE-2025-38091",
"url": "https://bugzilla.suse.com/1245621"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38091"
},
{
"cve": "CVE-2025-38095",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38095"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma-buf: insert memory barrier before updating num_fences\n\nsmp_store_mb() inserts memory barrier after storing operation.\nIt is different with what the comment is originally aiming so Null\npointer dereference can be happened if memory update is reordered.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38095",
"url": "https://www.suse.com/security/cve/CVE-2025-38095"
},
{
"category": "external",
"summary": "SUSE Bug 1245658 for CVE-2025-38095",
"url": "https://bugzilla.suse.com/1245658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38095"
},
{
"cve": "CVE-2025-38096",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38096"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: don\u0027t warn when if there is a FW error\n\niwl_trans_reclaim is warning if it is called when the FW is not alive.\nBut if it is called when there is a pending restart, i.e. after a FW\nerror, there is no need to warn, instead - return silently.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38096",
"url": "https://www.suse.com/security/cve/CVE-2025-38096"
},
{
"category": "external",
"summary": "SUSE Bug 1245657 for CVE-2025-38096",
"url": "https://bugzilla.suse.com/1245657"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38096"
},
{
"cve": "CVE-2025-38098",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38098"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Don\u0027t treat wb connector as physical in create_validate_stream_for_sink\n\nDon\u0027t try to operate on a drm_wb_connector as an amdgpu_dm_connector.\nWhile dereferencing aconnector-\u003ebase will \"work\" it\u0027s wrong and\nmight lead to unknown bad things. Just... don\u0027t.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38098",
"url": "https://www.suse.com/security/cve/CVE-2025-38098"
},
{
"category": "external",
"summary": "SUSE Bug 1245654 for CVE-2025-38098",
"url": "https://bugzilla.suse.com/1245654"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38098"
},
{
"cve": "CVE-2025-38099",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38099"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Disable SCO support if READ_VOICE_SETTING is unsupported/broken\n\nA SCO connection without the proper voice_setting can cause\nthe controller to lock up.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38099",
"url": "https://www.suse.com/security/cve/CVE-2025-38099"
},
{
"category": "external",
"summary": "SUSE Bug 1245671 for CVE-2025-38099",
"url": "https://bugzilla.suse.com/1245671"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38099"
},
{
"cve": "CVE-2025-38101",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38101"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nring-buffer: Fix buffer locking in ring_buffer_subbuf_order_set()\n\nEnlarge the critical section in ring_buffer_subbuf_order_set() to\nensure that error handling takes place with per-buffer mutex held,\nthus preventing list corruption and other concurrency-related issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38101",
"url": "https://www.suse.com/security/cve/CVE-2025-38101"
},
{
"category": "external",
"summary": "SUSE Bug 1245659 for CVE-2025-38101",
"url": "https://bugzilla.suse.com/1245659"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38101"
},
{
"cve": "CVE-2025-38102",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38102"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nVMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify\n\nDuring our test, it is found that a warning can be trigger in try_grab_folio\nas follow:\n\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 1678 at mm/gup.c:147 try_grab_folio+0x106/0x130\n Modules linked in:\n CPU: 0 UID: 0 PID: 1678 Comm: syz.3.31 Not tainted 6.15.0-rc5 #163 PREEMPT(undef)\n RIP: 0010:try_grab_folio+0x106/0x130\n Call Trace:\n \u003cTASK\u003e\n follow_huge_pmd+0x240/0x8e0\n follow_pmd_mask.constprop.0.isra.0+0x40b/0x5c0\n follow_pud_mask.constprop.0.isra.0+0x14a/0x170\n follow_page_mask+0x1c2/0x1f0\n __get_user_pages+0x176/0x950\n __gup_longterm_locked+0x15b/0x1060\n ? gup_fast+0x120/0x1f0\n gup_fast_fallback+0x17e/0x230\n get_user_pages_fast+0x5f/0x80\n vmci_host_unlocked_ioctl+0x21c/0xf80\n RIP: 0033:0x54d2cd\n ---[ end trace 0000000000000000 ]---\n\nDigging into the source, context-\u003enotify_page may init by get_user_pages_fast\nand can be seen in vmci_ctx_unset_notify which will try to put_page. However\nget_user_pages_fast is not finished here and lead to following\ntry_grab_folio warning. The race condition is shown as follow:\n\ncpu0\t\t\tcpu1\nvmci_host_do_set_notify\nvmci_host_setup_notify\nget_user_pages_fast(uva, 1, FOLL_WRITE, \u0026context-\u003enotify_page);\nlockless_pages_from_mm\ngup_pgd_range\ngup_huge_pmd // update \u0026context-\u003enotify_page\n\t\t\tvmci_host_do_set_notify\n\t\t\tvmci_ctx_unset_notify\n\t\t\tnotify_page = context-\u003enotify_page;\n\t\t\tif (notify_page)\n\t\t\tput_page(notify_page);\t// page is freed\n__gup_longterm_locked\n__get_user_pages\nfollow_trans_huge_pmd\ntry_grab_folio // warn here\n\nTo slove this, use local variable page to make notify_page can be seen\nafter finish get_user_pages_fast.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38102",
"url": "https://www.suse.com/security/cve/CVE-2025-38102"
},
{
"category": "external",
"summary": "SUSE Bug 1245669 for CVE-2025-38102",
"url": "https://bugzilla.suse.com/1245669"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38102"
},
{
"cve": "CVE-2025-38103",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38103"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse()\n\nUpdate struct hid_descriptor to better reflect the mandatory and\noptional parts of the HID Descriptor as per USB HID 1.11 specification.\nNote: the kernel currently does not parse any optional HID class\ndescriptors, only the mandatory report descriptor.\n\nUpdate all references to member element desc[0] to rpt_desc.\n\nAdd test to verify bLength and bNumDescriptors values are valid.\n\nReplace the for loop with direct access to the mandatory HID class\ndescriptor member for the report descriptor. This eliminates the\npossibility of getting an out-of-bounds fault.\n\nAdd a warning message if the HID descriptor contains any unsupported\noptional HID class descriptors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38103",
"url": "https://www.suse.com/security/cve/CVE-2025-38103"
},
{
"category": "external",
"summary": "SUSE Bug 1245663 for CVE-2025-38103",
"url": "https://bugzilla.suse.com/1245663"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "low"
}
],
"title": "CVE-2025-38103"
},
{
"cve": "CVE-2025-38106",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38106"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: fix use-after-free of sq-\u003ethread in __io_uring_show_fdinfo()\n\nsyzbot reports:\n\nBUG: KASAN: slab-use-after-free in getrusage+0x1109/0x1a60\nRead of size 8 at addr ffff88810de2d2c8 by task a.out/304\n\nCPU: 0 UID: 0 PID: 304 Comm: a.out Not tainted 6.16.0-rc1 #1 PREEMPT(voluntary)\nHardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x53/0x70\n print_report+0xd0/0x670\n ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n ? getrusage+0x1109/0x1a60\n kasan_report+0xce/0x100\n ? getrusage+0x1109/0x1a60\n getrusage+0x1109/0x1a60\n ? __pfx_getrusage+0x10/0x10\n __io_uring_show_fdinfo+0x9fe/0x1790\n ? ksys_read+0xf7/0x1c0\n ? do_syscall_64+0xa4/0x260\n ? vsnprintf+0x591/0x1100\n ? __pfx___io_uring_show_fdinfo+0x10/0x10\n ? __pfx_vsnprintf+0x10/0x10\n ? mutex_trylock+0xcf/0x130\n ? __pfx_mutex_trylock+0x10/0x10\n ? __pfx_show_fd_locks+0x10/0x10\n ? io_uring_show_fdinfo+0x57/0x80\n io_uring_show_fdinfo+0x57/0x80\n seq_show+0x38c/0x690\n seq_read_iter+0x3f7/0x1180\n ? inode_set_ctime_current+0x160/0x4b0\n seq_read+0x271/0x3e0\n ? __pfx_seq_read+0x10/0x10\n ? __pfx__raw_spin_lock+0x10/0x10\n ? __mark_inode_dirty+0x402/0x810\n ? selinux_file_permission+0x368/0x500\n ? file_update_time+0x10f/0x160\n vfs_read+0x177/0xa40\n ? __pfx___handle_mm_fault+0x10/0x10\n ? __pfx_vfs_read+0x10/0x10\n ? mutex_lock+0x81/0xe0\n ? __pfx_mutex_lock+0x10/0x10\n ? fdget_pos+0x24d/0x4b0\n ksys_read+0xf7/0x1c0\n ? __pfx_ksys_read+0x10/0x10\n ? do_user_addr_fault+0x43b/0x9c0\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f0f74170fc9\nCode: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 8\nRSP: 002b:00007fffece049e8 EFLAGS: 00000206 ORIG_RAX: 0000000000000000\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0f74170fc9\nRDX: 0000000000001000 RSI: 00007fffece049f0 RDI: 0000000000000004\nRBP: 00007fffece05ad0 R08: 0000000000000000 R09: 00007fffece04d90\nR10: 0000000000000000 R11: 0000000000000206 R12: 00005651720a1100\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n \u003c/TASK\u003e\n\nAllocated by task 298:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n __kasan_slab_alloc+0x6e/0x70\n kmem_cache_alloc_node_noprof+0xe8/0x330\n copy_process+0x376/0x5e00\n create_io_thread+0xab/0xf0\n io_sq_offload_create+0x9ed/0xf20\n io_uring_setup+0x12b0/0x1cc0\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 22:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x37/0x50\n kmem_cache_free+0xc4/0x360\n rcu_core+0x5ff/0x19f0\n handle_softirqs+0x18c/0x530\n run_ksoftirqd+0x20/0x30\n smpboot_thread_fn+0x287/0x6c0\n kthread+0x30d/0x630\n ret_from_fork+0xef/0x1a0\n ret_from_fork_asm+0x1a/0x30\n\nLast potentially related work creation:\n kasan_save_stack+0x33/0x60\n kasan_record_aux_stack+0x8c/0xa0\n __call_rcu_common.constprop.0+0x68/0x940\n __schedule+0xff2/0x2930\n __cond_resched+0x4c/0x80\n mutex_lock+0x5c/0xe0\n io_uring_del_tctx_node+0xe1/0x2b0\n io_uring_clean_tctx+0xb7/0x160\n io_uring_cancel_generic+0x34e/0x760\n do_exit+0x240/0x2350\n do_group_exit+0xab/0x220\n __x64_sys_exit_group+0x39/0x40\n x64_sys_call+0x1243/0x1840\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nThe buggy address belongs to the object at ffff88810de2cb00\n which belongs to the cache task_struct of size 3712\nThe buggy address is located 1992 bytes inside of\n freed 3712-byte region [ffff88810de2cb00, ffff88810de2d980)\n\nwhich is caused by the task_struct pointed to by sq-\u003ethread being\nreleased while it is being used in the function\n__io_uring_show_fdinfo(). Holding ctx-\u003euring_lock does not prevent ehre\nrelase or exit of sq-\u003ethread.\n\nFix this by assigning and looking up -\u003ethread under RCU, and grabbing a\nreference to the task_struct. This e\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38106",
"url": "https://www.suse.com/security/cve/CVE-2025-38106"
},
{
"category": "external",
"summary": "SUSE Bug 1245664 for CVE-2025-38106",
"url": "https://bugzilla.suse.com/1245664"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38106"
},
{
"cve": "CVE-2025-38107",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38107"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: ets: fix a race in ets_qdisc_change()\n\nGerrard Tai reported a race condition in ETS, whenever SFQ perturb timer\nfires at the wrong time.\n\nThe race is as follows:\n\nCPU 0 CPU 1\n[1]: lock root\n[2]: qdisc_tree_flush_backlog()\n[3]: unlock root\n |\n | [5]: lock root\n | [6]: rehash\n | [7]: qdisc_tree_reduce_backlog()\n |\n[4]: qdisc_put()\n\nThis can be abused to underflow a parent\u0027s qlen.\n\nCalling qdisc_purge_queue() instead of qdisc_tree_flush_backlog()\nshould fix the race, because all packets will be purged from the qdisc\nbefore releasing the lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38107",
"url": "https://www.suse.com/security/cve/CVE-2025-38107"
},
{
"category": "external",
"summary": "SUSE Bug 1245676 for CVE-2025-38107",
"url": "https://bugzilla.suse.com/1245676"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38107"
},
{
"cve": "CVE-2025-38108",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38108"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: red: fix a race in __red_change()\n\nGerrard Tai reported a race condition in RED, whenever SFQ perturb timer\nfires at the wrong time.\n\nThe race is as follows:\n\nCPU 0 CPU 1\n[1]: lock root\n[2]: qdisc_tree_flush_backlog()\n[3]: unlock root\n |\n | [5]: lock root\n | [6]: rehash\n | [7]: qdisc_tree_reduce_backlog()\n |\n[4]: qdisc_put()\n\nThis can be abused to underflow a parent\u0027s qlen.\n\nCalling qdisc_purge_queue() instead of qdisc_tree_flush_backlog()\nshould fix the race, because all packets will be purged from the qdisc\nbefore releasing the lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38108",
"url": "https://www.suse.com/security/cve/CVE-2025-38108"
},
{
"category": "external",
"summary": "SUSE Bug 1245675 for CVE-2025-38108",
"url": "https://bugzilla.suse.com/1245675"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38108"
},
{
"cve": "CVE-2025-38109",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38109"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix ECVF vports unload on shutdown flow\n\nFix shutdown flow UAF when a virtual function is created on the embedded\nchip (ECVF) of a BlueField device. In such case the vport acl ingress\ntable is not properly destroyed.\n\nECVF functionality is independent of ecpf_vport_exists capability and\nthus functions mlx5_eswitch_(enable|disable)_pf_vf_vports() should not\ntest it when enabling/disabling ECVF vports.\n\nkernel log:\n[] refcount_t: underflow; use-after-free.\n[] WARNING: CPU: 3 PID: 1 at lib/refcount.c:28\n refcount_warn_saturate+0x124/0x220\n----------------\n[] Call trace:\n[] refcount_warn_saturate+0x124/0x220\n[] tree_put_node+0x164/0x1e0 [mlx5_core]\n[] mlx5_destroy_flow_table+0x98/0x2c0 [mlx5_core]\n[] esw_acl_ingress_table_destroy+0x28/0x40 [mlx5_core]\n[] esw_acl_ingress_lgcy_cleanup+0x80/0xf4 [mlx5_core]\n[] esw_legacy_vport_acl_cleanup+0x44/0x60 [mlx5_core]\n[] esw_vport_cleanup+0x64/0x90 [mlx5_core]\n[] mlx5_esw_vport_disable+0xc0/0x1d0 [mlx5_core]\n[] mlx5_eswitch_unload_ec_vf_vports+0xcc/0x150 [mlx5_core]\n[] mlx5_eswitch_disable_sriov+0x198/0x2a0 [mlx5_core]\n[] mlx5_device_disable_sriov+0xb8/0x1e0 [mlx5_core]\n[] mlx5_sriov_detach+0x40/0x50 [mlx5_core]\n[] mlx5_unload+0x40/0xc4 [mlx5_core]\n[] mlx5_unload_one_devl_locked+0x6c/0xe4 [mlx5_core]\n[] mlx5_unload_one+0x3c/0x60 [mlx5_core]\n[] shutdown+0x7c/0xa4 [mlx5_core]\n[] pci_device_shutdown+0x3c/0xa0\n[] device_shutdown+0x170/0x340\n[] __do_sys_reboot+0x1f4/0x2a0\n[] __arm64_sys_reboot+0x2c/0x40\n[] invoke_syscall+0x78/0x100\n[] el0_svc_common.constprop.0+0x54/0x184\n[] do_el0_svc+0x30/0xac\n[] el0_svc+0x48/0x160\n[] el0t_64_sync_handler+0xa4/0x12c\n[] el0t_64_sync+0x1a4/0x1a8\n[] --[ end trace 9c4601d68c70030e ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38109",
"url": "https://www.suse.com/security/cve/CVE-2025-38109"
},
{
"category": "external",
"summary": "SUSE Bug 1245684 for CVE-2025-38109",
"url": "https://bugzilla.suse.com/1245684"
},
{
"category": "external",
"summary": "SUSE Bug 1245685 for CVE-2025-38109",
"url": "https://bugzilla.suse.com/1245685"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38109"
},
{
"cve": "CVE-2025-38110",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38110"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mdiobus: Fix potential out-of-bounds clause 45 read/write access\n\nWhen using publicly available tools like \u0027mdio-tools\u0027 to read/write data\nfrom/to network interface and its PHY via C45 (clause 45) mdiobus,\nthere is no verification of parameters passed to the ioctl and\nit accepts any mdio address.\nCurrently there is support for 32 addresses in kernel via PHY_MAX_ADDR define,\nbut it is possible to pass higher value than that via ioctl.\nWhile read/write operation should generally fail in this case,\nmdiobus provides stats array, where wrong address may allow out-of-bounds\nread/write.\n\nFix that by adding address verification before C45 read/write operation.\nWhile this excludes this access from any statistics, it improves security of\nread/write operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38110",
"url": "https://www.suse.com/security/cve/CVE-2025-38110"
},
{
"category": "external",
"summary": "SUSE Bug 1245665 for CVE-2025-38110",
"url": "https://bugzilla.suse.com/1245665"
},
{
"category": "external",
"summary": "SUSE Bug 1249458 for CVE-2025-38110",
"url": "https://bugzilla.suse.com/1249458"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38110"
},
{
"cve": "CVE-2025-38111",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38111"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mdiobus: Fix potential out-of-bounds read/write access\n\nWhen using publicly available tools like \u0027mdio-tools\u0027 to read/write data\nfrom/to network interface and its PHY via mdiobus, there is no verification of\nparameters passed to the ioctl and it accepts any mdio address.\nCurrently there is support for 32 addresses in kernel via PHY_MAX_ADDR define,\nbut it is possible to pass higher value than that via ioctl.\nWhile read/write operation should generally fail in this case,\nmdiobus provides stats array, where wrong address may allow out-of-bounds\nread/write.\n\nFix that by adding address verification before read/write operation.\nWhile this excludes this access from any statistics, it improves security of\nread/write operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38111",
"url": "https://www.suse.com/security/cve/CVE-2025-38111"
},
{
"category": "external",
"summary": "SUSE Bug 1245666 for CVE-2025-38111",
"url": "https://bugzilla.suse.com/1245666"
},
{
"category": "external",
"summary": "SUSE Bug 1249455 for CVE-2025-38111",
"url": "https://bugzilla.suse.com/1249455"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38111"
},
{
"cve": "CVE-2025-38112",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38112"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Fix TOCTOU issue in sk_is_readable()\n\nsk-\u003esk_prot-\u003esock_is_readable is a valid function pointer when sk resides\nin a sockmap. After the last sk_psock_put() (which usually happens when\nsocket is removed from sockmap), sk-\u003esk_prot gets restored and\nsk-\u003esk_prot-\u003esock_is_readable becomes NULL.\n\nThis makes sk_is_readable() racy, if the value of sk-\u003esk_prot is reloaded\nafter the initial check. Which in turn may lead to a null pointer\ndereference.\n\nEnsure the function pointer does not turn NULL after the check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38112",
"url": "https://www.suse.com/security/cve/CVE-2025-38112"
},
{
"category": "external",
"summary": "SUSE Bug 1245668 for CVE-2025-38112",
"url": "https://bugzilla.suse.com/1245668"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38112"
},
{
"cve": "CVE-2025-38113",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38113"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: CPPC: Fix NULL pointer dereference when nosmp is used\n\nWith nosmp in cmdline, other CPUs are not brought up, leaving\ntheir cpc_desc_ptr NULL. CPU0\u0027s iteration via for_each_possible_cpu()\ndereferences these NULL pointers, causing panic.\n\nPanic backtrace:\n\n[ 0.401123] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000b8\n...\n[ 0.403255] [\u003cffffffff809a5818\u003e] cppc_allow_fast_switch+0x6a/0xd4\n...\nKernel panic - not syncing: Attempted to kill init!\n\n[ rjw: New subject ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38113",
"url": "https://www.suse.com/security/cve/CVE-2025-38113"
},
{
"category": "external",
"summary": "SUSE Bug 1245683 for CVE-2025-38113",
"url": "https://bugzilla.suse.com/1245683"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38113"
},
{
"cve": "CVE-2025-38114",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38114"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ne1000: Move cancel_work_sync to avoid deadlock\n\nPreviously, e1000_down called cancel_work_sync for the e1000 reset task\n(via e1000_down_and_stop), which takes RTNL.\n\nAs reported by users and syzbot, a deadlock is possible in the following\nscenario:\n\nCPU 0:\n - RTNL is held\n - e1000_close\n - e1000_down\n - cancel_work_sync (cancel / wait for e1000_reset_task())\n\nCPU 1:\n - process_one_work\n - e1000_reset_task\n - take RTNL\n\nTo remedy this, avoid calling cancel_work_sync from e1000_down\n(e1000_reset_task does nothing if the device is down anyway). Instead,\ncall cancel_work_sync for e1000_reset_task when the device is being\nremoved.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38114",
"url": "https://www.suse.com/security/cve/CVE-2025-38114"
},
{
"category": "external",
"summary": "SUSE Bug 1245686 for CVE-2025-38114",
"url": "https://bugzilla.suse.com/1245686"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38114"
},
{
"cve": "CVE-2025-38117",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38117"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Protect mgmt_pending list with its own lock\n\nThis uses a mutex to protect from concurrent access of mgmt_pending\nlist which can cause crashes like:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in hci_sock_get_channel+0x60/0x68 net/bluetooth/hci_sock.c:91\nRead of size 2 at addr ffff0000c48885b2 by task syz.4.334/7318\n\nCPU: 0 UID: 0 PID: 7318 Comm: syz.4.334 Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025\nCall trace:\n show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:466 (C)\n __dump_stack+0x30/0x40 lib/dump_stack.c:94\n dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120\n print_address_description+0xa8/0x254 mm/kasan/report.c:408\n print_report+0x68/0x84 mm/kasan/report.c:521\n kasan_report+0xb0/0x110 mm/kasan/report.c:634\n __asan_report_load2_noabort+0x20/0x2c mm/kasan/report_generic.c:379\n hci_sock_get_channel+0x60/0x68 net/bluetooth/hci_sock.c:91\n mgmt_pending_find+0x7c/0x140 net/bluetooth/mgmt_util.c:223\n pending_find net/bluetooth/mgmt.c:947 [inline]\n remove_adv_monitor+0x44/0x1a4 net/bluetooth/mgmt.c:5445\n hci_mgmt_cmd+0x780/0xc00 net/bluetooth/hci_sock.c:1712\n hci_sock_sendmsg+0x544/0xbb0 net/bluetooth/hci_sock.c:1832\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg net/socket.c:727 [inline]\n sock_write_iter+0x25c/0x378 net/socket.c:1131\n new_sync_write fs/read_write.c:591 [inline]\n vfs_write+0x62c/0x97c fs/read_write.c:684\n ksys_write+0x120/0x210 fs/read_write.c:736\n __do_sys_write fs/read_write.c:747 [inline]\n __se_sys_write fs/read_write.c:744 [inline]\n __arm64_sys_write+0x7c/0x90 fs/read_write.c:744\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x58/0x17c arch/arm64/kernel/entry-common.c:767\n el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:786\n el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600\n\nAllocated by task 7037:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x40/0x78 mm/kasan/common.c:68\n kasan_save_alloc_info+0x44/0x54 mm/kasan/generic.c:562\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x9c/0xb4 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4327 [inline]\n __kmalloc_noprof+0x2fc/0x4c8 mm/slub.c:4339\n kmalloc_noprof include/linux/slab.h:909 [inline]\n sk_prot_alloc+0xc4/0x1f0 net/core/sock.c:2198\n sk_alloc+0x44/0x3ac net/core/sock.c:2254\n bt_sock_alloc+0x4c/0x300 net/bluetooth/af_bluetooth.c:148\n hci_sock_create+0xa8/0x194 net/bluetooth/hci_sock.c:2202\n bt_sock_create+0x14c/0x24c net/bluetooth/af_bluetooth.c:132\n __sock_create+0x43c/0x91c net/socket.c:1541\n sock_create net/socket.c:1599 [inline]\n __sys_socket_create net/socket.c:1636 [inline]\n __sys_socket+0xd4/0x1c0 net/socket.c:1683\n __do_sys_socket net/socket.c:1697 [inline]\n __se_sys_socket net/socket.c:1695 [inline]\n __arm64_sys_socket+0x7c/0x94 net/socket.c:1695\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x58/0x17c arch/arm64/kernel/entry-common.c:767\n el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:786\n el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600\n\nFreed by task 6607:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x40/0x78 mm/kasan/common.c:68\n kasan_save_free_info+0x58/0x70 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x68/0x88 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38117",
"url": "https://www.suse.com/security/cve/CVE-2025-38117"
},
{
"category": "external",
"summary": "SUSE Bug 1245695 for CVE-2025-38117",
"url": "https://bugzilla.suse.com/1245695"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38117"
},
{
"cve": "CVE-2025-38118",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38118"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete\n\nThis reworks MGMT_OP_REMOVE_ADV_MONITOR to not use mgmt_pending_add to\navoid crashes like bellow:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in mgmt_remove_adv_monitor_complete+0xe5/0x540 net/bluetooth/mgmt.c:5406\nRead of size 8 at addr ffff88801c53f318 by task kworker/u5:5/5341\n\nCPU: 0 UID: 0 PID: 5341 Comm: kworker/u5:5 Not tainted 6.15.0-syzkaller-10402-g4cb6c8af8591 #0 PREEMPT(full)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xd2/0x2b0 mm/kasan/report.c:521\n kasan_report+0x118/0x150 mm/kasan/report.c:634\n mgmt_remove_adv_monitor_complete+0xe5/0x540 net/bluetooth/mgmt.c:5406\n hci_cmd_sync_work+0x261/0x3a0 net/bluetooth/hci_sync.c:334\n process_one_work kernel/workqueue.c:3238 [inline]\n process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3321\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402\n kthread+0x711/0x8a0 kernel/kthread.c:464\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nAllocated by task 5987:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4358\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1039 [inline]\n mgmt_pending_new+0x65/0x240 net/bluetooth/mgmt_util.c:252\n mgmt_pending_add+0x34/0x120 net/bluetooth/mgmt_util.c:279\n remove_adv_monitor+0x103/0x1b0 net/bluetooth/mgmt.c:5454\n hci_mgmt_cmd+0x9c9/0xef0 net/bluetooth/hci_sock.c:1719\n hci_sock_sendmsg+0x6ca/0xef0 net/bluetooth/hci_sock.c:1839\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg+0x219/0x270 net/socket.c:727\n sock_write_iter+0x258/0x330 net/socket.c:1131\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x548/0xa90 fs/read_write.c:686\n ksys_write+0x145/0x250 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 5989:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x62/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2380 [inline]\n slab_free mm/slub.c:4642 [inline]\n kfree+0x18e/0x440 mm/slub.c:4841\n mgmt_pending_foreach+0xc9/0x120 net/bluetooth/mgmt_util.c:242\n mgmt_index_removed+0x10d/0x2f0 net/bluetooth/mgmt.c:9366\n hci_sock_bind+0xbe9/0x1000 net/bluetooth/hci_sock.c:1314\n __sys_bind_socket net/socket.c:1810 [inline]\n __sys_bind+0x2c3/0x3e0 net/socket.c:1841\n __do_sys_bind net/socket.c:1846 [inline]\n __se_sys_bind net/socket.c:1844 [inline]\n __x64_sys_bind+0x7a/0x90 net/socket.c:1844\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38118",
"url": "https://www.suse.com/security/cve/CVE-2025-38118"
},
{
"category": "external",
"summary": "SUSE Bug 1245670 for CVE-2025-38118",
"url": "https://bugzilla.suse.com/1245670"
},
{
"category": "external",
"summary": "SUSE Bug 1250826 for CVE-2025-38118",
"url": "https://bugzilla.suse.com/1250826"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38118"
},
{
"cve": "CVE-2025-38119",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38119"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: core: ufs: Fix a hang in the error handler\n\nufshcd_err_handling_prepare() calls ufshcd_rpm_get_sync(). The latter\nfunction can only succeed if UFSHCD_EH_IN_PROGRESS is not set because\nresuming involves submitting a SCSI command and ufshcd_queuecommand()\nreturns SCSI_MLQUEUE_HOST_BUSY if UFSHCD_EH_IN_PROGRESS is set. Fix this\nhang by setting UFSHCD_EH_IN_PROGRESS after ufshcd_rpm_get_sync() has\nbeen called instead of before.\n\nBacktrace:\n__switch_to+0x174/0x338\n__schedule+0x600/0x9e4\nschedule+0x7c/0xe8\nschedule_timeout+0xa4/0x1c8\nio_schedule_timeout+0x48/0x70\nwait_for_common_io+0xa8/0x160 //waiting on START_STOP\nwait_for_completion_io_timeout+0x10/0x20\nblk_execute_rq+0xe4/0x1e4\nscsi_execute_cmd+0x108/0x244\nufshcd_set_dev_pwr_mode+0xe8/0x250\n__ufshcd_wl_resume+0x94/0x354\nufshcd_wl_runtime_resume+0x3c/0x174\nscsi_runtime_resume+0x64/0xa4\nrpm_resume+0x15c/0xa1c\n__pm_runtime_resume+0x4c/0x90 // Runtime resume ongoing\nufshcd_err_handler+0x1a0/0xd08\nprocess_one_work+0x174/0x808\nworker_thread+0x15c/0x490\nkthread+0xf4/0x1ec\nret_from_fork+0x10/0x20\n\n[ bvanassche: rewrote patch description ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38119",
"url": "https://www.suse.com/security/cve/CVE-2025-38119"
},
{
"category": "external",
"summary": "SUSE Bug 1245700 for CVE-2025-38119",
"url": "https://bugzilla.suse.com/1245700"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38119"
},
{
"cve": "CVE-2025-38120",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38120"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_set_pipapo_avx2: fix initial map fill\n\nIf the first field doesn\u0027t cover the entire start map, then we must zero\nout the remainder, else we leak those bits into the next match round map.\n\nThe early fix was incomplete and did only fix up the generic C\nimplementation.\n\nA followup patch adds a test case to nft_concat_range.sh.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38120",
"url": "https://www.suse.com/security/cve/CVE-2025-38120"
},
{
"category": "external",
"summary": "SUSE Bug 1245711 for CVE-2025-38120",
"url": "https://bugzilla.suse.com/1245711"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38120"
},
{
"cve": "CVE-2025-38122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38122"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngve: add missing NULL check for gve_alloc_pending_packet() in TX DQO\n\ngve_alloc_pending_packet() can return NULL, but gve_tx_add_skb_dqo()\ndid not check for this case before dereferencing the returned pointer.\n\nAdd a missing NULL check to prevent a potential NULL pointer\ndereference when allocation fails.\n\nThis improves robustness in low-memory scenarios.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38122",
"url": "https://www.suse.com/security/cve/CVE-2025-38122"
},
{
"category": "external",
"summary": "SUSE Bug 1245746 for CVE-2025-38122",
"url": "https://bugzilla.suse.com/1245746"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38122"
},
{
"cve": "CVE-2025-38123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38123"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: wwan: t7xx: Fix napi rx poll issue\n\nWhen driver handles the napi rx polling requests, the netdev might\nhave been released by the dellink logic triggered by the disconnect\noperation on user plane. However, in the logic of processing skb in\npolling, an invalid netdev is still being used, which causes a panic.\n\nBUG: kernel NULL pointer dereference, address: 00000000000000f1\nOops: 0000 [#1] PREEMPT SMP NOPTI\nRIP: 0010:dev_gro_receive+0x3a/0x620\n[...]\nCall Trace:\n \u003cIRQ\u003e\n ? __die_body+0x68/0xb0\n ? page_fault_oops+0x379/0x3e0\n ? exc_page_fault+0x4f/0xa0\n ? asm_exc_page_fault+0x22/0x30\n ? __pfx_t7xx_ccmni_recv_skb+0x10/0x10 [mtk_t7xx (HASH:1400 7)]\n ? dev_gro_receive+0x3a/0x620\n napi_gro_receive+0xad/0x170\n t7xx_ccmni_recv_skb+0x48/0x70 [mtk_t7xx (HASH:1400 7)]\n t7xx_dpmaif_napi_rx_poll+0x590/0x800 [mtk_t7xx (HASH:1400 7)]\n net_rx_action+0x103/0x470\n irq_exit_rcu+0x13a/0x310\n sysvec_apic_timer_interrupt+0x56/0x90\n \u003c/IRQ\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38123",
"url": "https://www.suse.com/security/cve/CVE-2025-38123"
},
{
"category": "external",
"summary": "SUSE Bug 1245688 for CVE-2025-38123",
"url": "https://bugzilla.suse.com/1245688"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38123"
},
{
"cve": "CVE-2025-38124",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38124"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix udp gso skb_segment after pull from frag_list\n\nCommit a1e40ac5b5e9 (\"net: gso: fix udp gso fraglist segmentation after\npull from frag_list\") detected invalid geometry in frag_list skbs and\nredirects them from skb_segment_list to more robust skb_segment. But some\npackets with modified geometry can also hit bugs in that code. We don\u0027t\nknow how many such cases exist. Addressing each one by one also requires\ntouching the complex skb_segment code, which risks introducing bugs for\nother types of skbs. Instead, linearize all these packets that fail the\nbasic invariants on gso fraglist skbs. That is more robust.\n\nIf only part of the fraglist payload is pulled into head_skb, it will\nalways cause exception when splitting skbs by skb_segment. For detailed\ncall stack information, see below.\n\nValid SKB_GSO_FRAGLIST skbs\n- consist of two or more segments\n- the head_skb holds the protocol headers plus first gso_size\n- one or more frag_list skbs hold exactly one segment\n- all but the last must be gso_size\n\nOptional datapath hooks such as NAT and BPF (bpf_skb_pull_data) can\nmodify fraglist skbs, breaking these invariants.\n\nIn extreme cases they pull one part of data into skb linear. For UDP,\nthis causes three payloads with lengths of (11,11,10) bytes were\npulled tail to become (12,10,10) bytes.\n\nThe skbs no longer meets the above SKB_GSO_FRAGLIST conditions because\npayload was pulled into head_skb, it needs to be linearized before pass\nto regular skb_segment.\n\n skb_segment+0xcd0/0xd14\n __udp_gso_segment+0x334/0x5f4\n udp4_ufo_fragment+0x118/0x15c\n inet_gso_segment+0x164/0x338\n skb_mac_gso_segment+0xc4/0x13c\n __skb_gso_segment+0xc4/0x124\n validate_xmit_skb+0x9c/0x2c0\n validate_xmit_skb_list+0x4c/0x80\n sch_direct_xmit+0x70/0x404\n __dev_queue_xmit+0x64c/0xe5c\n neigh_resolve_output+0x178/0x1c4\n ip_finish_output2+0x37c/0x47c\n __ip_finish_output+0x194/0x240\n ip_finish_output+0x20/0xf4\n ip_output+0x100/0x1a0\n NF_HOOK+0xc4/0x16c\n ip_forward+0x314/0x32c\n ip_rcv+0x90/0x118\n __netif_receive_skb+0x74/0x124\n process_backlog+0xe8/0x1a4\n __napi_poll+0x5c/0x1f8\n net_rx_action+0x154/0x314\n handle_softirqs+0x154/0x4b8\n\n [118.376811] [C201134] rxq0_pus: [name:bug\u0026]kernel BUG at net/core/skbuff.c:4278!\n [118.376829] [C201134] rxq0_pus: [name:traps\u0026]Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP\n [118.470774] [C201134] rxq0_pus: [name:mrdump\u0026]Kernel Offset: 0x178cc00000 from 0xffffffc008000000\n [118.470810] [C201134] rxq0_pus: [name:mrdump\u0026]PHYS_OFFSET: 0x40000000\n [118.470827] [C201134] rxq0_pus: [name:mrdump\u0026]pstate: 60400005 (nZCv daif +PAN -UAO)\n [118.470848] [C201134] rxq0_pus: [name:mrdump\u0026]pc : [0xffffffd79598aefc] skb_segment+0xcd0/0xd14\n [118.470900] [C201134] rxq0_pus: [name:mrdump\u0026]lr : [0xffffffd79598a5e8] skb_segment+0x3bc/0xd14\n [118.470928] [C201134] rxq0_pus: [name:mrdump\u0026]sp : ffffffc008013770",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38124",
"url": "https://www.suse.com/security/cve/CVE-2025-38124"
},
{
"category": "external",
"summary": "SUSE Bug 1245690 for CVE-2025-38124",
"url": "https://bugzilla.suse.com/1245690"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38124"
},
{
"cve": "CVE-2025-38125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38125"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: make sure that ptp_rate is not 0 before configuring EST\n\nIf the ptp_rate recorded earlier in the driver happens to be 0, this\nbogus value will propagate up to EST configuration, where it will\ntrigger a division by 0.\n\nPrevent this division by 0 by adding the corresponding check and error\ncode.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38125",
"url": "https://www.suse.com/security/cve/CVE-2025-38125"
},
{
"category": "external",
"summary": "SUSE Bug 1245710 for CVE-2025-38125",
"url": "https://bugzilla.suse.com/1245710"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38125"
},
{
"cve": "CVE-2025-38127",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38127"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix Tx scheduler error handling in XDP callback\n\nWhen the XDP program is loaded, the XDP callback adds new Tx queues.\nThis means that the callback must update the Tx scheduler with the new\nqueue number. In the event of a Tx scheduler failure, the XDP callback\nshould also fail and roll back any changes previously made for XDP\npreparation.\n\nThe previous implementation had a bug that not all changes made by the\nXDP callback were rolled back. This caused the crash with the following\ncall trace:\n\n[ +9.549584] ice 0000:ca:00.0: Failed VSI LAN queue config for XDP, error: -5\n[ +0.382335] Oops: general protection fault, probably for non-canonical address 0x50a2250a90495525: 0000 [#1] SMP NOPTI\n[ +0.010710] CPU: 103 UID: 0 PID: 0 Comm: swapper/103 Not tainted 6.14.0-net-next-mar-31+ #14 PREEMPT(voluntary)\n[ +0.010175] Hardware name: Intel Corporation M50CYP2SBSTD/M50CYP2SBSTD, BIOS SE5C620.86B.01.01.0005.2202160810 02/16/2022\n[ +0.010946] RIP: 0010:__ice_update_sample+0x39/0xe0 [ice]\n\n[...]\n\n[ +0.002715] Call Trace:\n[ +0.002452] \u003cIRQ\u003e\n[ +0.002021] ? __die_body.cold+0x19/0x29\n[ +0.003922] ? die_addr+0x3c/0x60\n[ +0.003319] ? exc_general_protection+0x17c/0x400\n[ +0.004707] ? asm_exc_general_protection+0x26/0x30\n[ +0.004879] ? __ice_update_sample+0x39/0xe0 [ice]\n[ +0.004835] ice_napi_poll+0x665/0x680 [ice]\n[ +0.004320] __napi_poll+0x28/0x190\n[ +0.003500] net_rx_action+0x198/0x360\n[ +0.003752] ? update_rq_clock+0x39/0x220\n[ +0.004013] handle_softirqs+0xf1/0x340\n[ +0.003840] ? sched_clock_cpu+0xf/0x1f0\n[ +0.003925] __irq_exit_rcu+0xc2/0xe0\n[ +0.003665] common_interrupt+0x85/0xa0\n[ +0.003839] \u003c/IRQ\u003e\n[ +0.002098] \u003cTASK\u003e\n[ +0.002106] asm_common_interrupt+0x26/0x40\n[ +0.004184] RIP: 0010:cpuidle_enter_state+0xd3/0x690\n\nFix this by performing the missing unmapping of XDP queues from\nq_vectors and setting the XDP rings pointer back to NULL after all those\nqueues are released.\nAlso, add an immediate exit from the XDP callback in case of ring\npreparation failure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38127",
"url": "https://www.suse.com/security/cve/CVE-2025-38127"
},
{
"category": "external",
"summary": "SUSE Bug 1245705 for CVE-2025-38127",
"url": "https://bugzilla.suse.com/1245705"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38127"
},
{
"cve": "CVE-2025-38128",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38128"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: reject malformed HCI_CMD_SYNC commands\n\nIn \u0027mgmt_hci_cmd_sync()\u0027, check whether the size of parameters passed\nin \u0027struct mgmt_cp_hci_cmd_sync\u0027 matches the total size of the data\n(i.e. \u0027sizeof(struct mgmt_cp_hci_cmd_sync)\u0027 plus trailing bytes).\nOtherwise, large invalid \u0027params_len\u0027 will cause \u0027hci_cmd_sync_alloc()\u0027\nto do \u0027skb_put_data()\u0027 from an area beyond the one actually passed to\n\u0027mgmt_hci_cmd_sync()\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38128",
"url": "https://www.suse.com/security/cve/CVE-2025-38128"
},
{
"category": "external",
"summary": "SUSE Bug 1245703 for CVE-2025-38128",
"url": "https://bugzilla.suse.com/1245703"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38128"
},
{
"cve": "CVE-2025-38129",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38129"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npage_pool: Fix use-after-free in page_pool_recycle_in_ring\n\nsyzbot reported a uaf in page_pool_recycle_in_ring:\n\nBUG: KASAN: slab-use-after-free in lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862\nRead of size 8 at addr ffff8880286045a0 by task syz.0.284/6943\n\nCPU: 0 UID: 0 PID: 6943 Comm: syz.0.284 Not tainted 6.13.0-rc3-syzkaller-gdfa94ce54f41 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862\n __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:165 [inline]\n _raw_spin_unlock_bh+0x1b/0x40 kernel/locking/spinlock.c:210\n spin_unlock_bh include/linux/spinlock.h:396 [inline]\n ptr_ring_produce_bh include/linux/ptr_ring.h:164 [inline]\n page_pool_recycle_in_ring net/core/page_pool.c:707 [inline]\n page_pool_put_unrefed_netmem+0x748/0xb00 net/core/page_pool.c:826\n page_pool_put_netmem include/net/page_pool/helpers.h:323 [inline]\n page_pool_put_full_netmem include/net/page_pool/helpers.h:353 [inline]\n napi_pp_put_page+0x149/0x2b0 net/core/skbuff.c:1036\n skb_pp_recycle net/core/skbuff.c:1047 [inline]\n skb_free_head net/core/skbuff.c:1094 [inline]\n skb_release_data+0x6c4/0x8a0 net/core/skbuff.c:1125\n skb_release_all net/core/skbuff.c:1190 [inline]\n __kfree_skb net/core/skbuff.c:1204 [inline]\n sk_skb_reason_drop+0x1c9/0x380 net/core/skbuff.c:1242\n kfree_skb_reason include/linux/skbuff.h:1263 [inline]\n __skb_queue_purge_reason include/linux/skbuff.h:3343 [inline]\n\nroot cause is:\n\npage_pool_recycle_in_ring\n ptr_ring_produce\n spin_lock(\u0026r-\u003eproducer_lock);\n WRITE_ONCE(r-\u003equeue[r-\u003eproducer++], ptr)\n //recycle last page to pool\n\t\t\t\tpage_pool_release\n\t\t\t\t page_pool_scrub\n\t\t\t\t page_pool_empty_ring\n\t\t\t\t ptr_ring_consume\n\t\t\t\t page_pool_return_page //release all page\n\t\t\t\t __page_pool_destroy\n\t\t\t\t free_percpu(pool-\u003erecycle_stats);\n\t\t\t\t free(pool) //free\n\n spin_unlock(\u0026r-\u003eproducer_lock); //pool-\u003ering uaf read\n recycle_stat_inc(pool, ring);\n\npage_pool can be free while page pool recycle the last page in ring.\nAdd producer-lock barrier to page_pool_release to prevent the page\npool from being free before all pages have been recycled.\n\nrecycle_stat_inc() is empty when CONFIG_PAGE_POOL_STATS is not\nenabled, which will trigger Wempty-body build warning. Add definition\nfor pool stat macro to fix warning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38129",
"url": "https://www.suse.com/security/cve/CVE-2025-38129"
},
{
"category": "external",
"summary": "SUSE Bug 1245723 for CVE-2025-38129",
"url": "https://bugzilla.suse.com/1245723"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38129"
},
{
"cve": "CVE-2025-38134",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38134"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: acpi: Prevent null pointer dereference in usb_acpi_add_usb4_devlink()\n\nAs demonstrated by the fix for update_port_device_state,\ncommit 12783c0b9e2c (\"usb: core: Prevent null pointer dereference in update_port_device_state\"),\nusb_hub_to_struct_hub() can return NULL in certain scenarios,\nsuch as during hub driver unbind or teardown race conditions,\neven if the underlying usb_device structure exists.\n\nPlus, all other places that call usb_hub_to_struct_hub() in the same file\ndo check for NULL return values.\n\nIf usb_hub_to_struct_hub() returns NULL, the subsequent access to\nhub-\u003eports[udev-\u003eportnum - 1] will cause a null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38134",
"url": "https://www.suse.com/security/cve/CVE-2025-38134"
},
{
"category": "external",
"summary": "SUSE Bug 1245678 for CVE-2025-38134",
"url": "https://bugzilla.suse.com/1245678"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38134"
},
{
"cve": "CVE-2025-38135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38135"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: Fix potential null-ptr-deref in mlb_usio_probe()\n\ndevm_ioremap() can return NULL on error. Currently, mlb_usio_probe()\ndoes not check for this case, which could result in a NULL pointer\ndereference.\n\nAdd NULL check after devm_ioremap() to prevent this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38135",
"url": "https://www.suse.com/security/cve/CVE-2025-38135"
},
{
"category": "external",
"summary": "SUSE Bug 1246023 for CVE-2025-38135",
"url": "https://bugzilla.suse.com/1246023"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38135"
},
{
"cve": "CVE-2025-38136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38136"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: renesas_usbhs: Reorder clock handling and power management in probe\n\nReorder the initialization sequence in `usbhs_probe()` to enable runtime\nPM before accessing registers, preventing potential crashes due to\nuninitialized clocks.\n\nCurrently, in the probe path, registers are accessed before enabling the\nclocks, leading to a synchronous external abort on the RZ/V2H SoC.\nThe problematic call flow is as follows:\n\n usbhs_probe()\n usbhs_sys_clock_ctrl()\n usbhs_bset()\n usbhs_write()\n iowrite16() \u003c-- Register access before enabling clocks\n\nSince `iowrite16()` is performed without ensuring the required clocks are\nenabled, this can lead to access errors. To fix this, enable PM runtime\nearly in the probe function and ensure clocks are acquired before register\naccess, preventing crashes like the following on RZ/V2H:\n\n[13.272640] Internal error: synchronous external abort: 0000000096000010 [#1] PREEMPT SMP\n[13.280814] Modules linked in: cec renesas_usbhs(+) drm_kms_helper fuse drm backlight ipv6\n[13.289088] CPU: 1 UID: 0 PID: 195 Comm: (udev-worker) Not tainted 6.14.0-rc7+ #98\n[13.296640] Hardware name: Renesas RZ/V2H EVK Board based on r9a09g057h44 (DT)\n[13.303834] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[13.310770] pc : usbhs_bset+0x14/0x4c [renesas_usbhs]\n[13.315831] lr : usbhs_probe+0x2e4/0x5ac [renesas_usbhs]\n[13.321138] sp : ffff8000827e3850\n[13.324438] x29: ffff8000827e3860 x28: 0000000000000000 x27: ffff8000827e3ca0\n[13.331554] x26: ffff8000827e3ba0 x25: ffff800081729668 x24: 0000000000000025\n[13.338670] x23: ffff0000c0f08000 x22: 0000000000000000 x21: ffff0000c0f08010\n[13.345783] x20: 0000000000000000 x19: ffff0000c3b52080 x18: 00000000ffffffff\n[13.352895] x17: 0000000000000000 x16: 0000000000000000 x15: ffff8000827e36ce\n[13.360009] x14: 00000000000003d7 x13: 00000000000003d7 x12: 0000000000000000\n[13.367122] x11: 0000000000000000 x10: 0000000000000aa0 x9 : ffff8000827e3750\n[13.374235] x8 : ffff0000c1850b00 x7 : 0000000003826060 x6 : 000000000000001c\n[13.381347] x5 : 000000030d5fcc00 x4 : ffff8000825c0000 x3 : 0000000000000000\n[13.388459] x2 : 0000000000000400 x1 : 0000000000000000 x0 : ffff0000c3b52080\n[13.395574] Call trace:\n[13.398013] usbhs_bset+0x14/0x4c [renesas_usbhs] (P)\n[13.403076] platform_probe+0x68/0xdc\n[13.406738] really_probe+0xbc/0x2c0\n[13.410306] __driver_probe_device+0x78/0x120\n[13.414653] driver_probe_device+0x3c/0x154\n[13.418825] __driver_attach+0x90/0x1a0\n[13.422647] bus_for_each_dev+0x7c/0xe0\n[13.426470] driver_attach+0x24/0x30\n[13.430032] bus_add_driver+0xe4/0x208\n[13.433766] driver_register+0x68/0x130\n[13.437587] __platform_driver_register+0x24/0x30\n[13.442273] renesas_usbhs_driver_init+0x20/0x1000 [renesas_usbhs]\n[13.448450] do_one_initcall+0x60/0x1d4\n[13.452276] do_init_module+0x54/0x1f8\n[13.456014] load_module+0x1754/0x1c98\n[13.459750] init_module_from_file+0x88/0xcc\n[13.464004] __arm64_sys_finit_module+0x1c4/0x328\n[13.468689] invoke_syscall+0x48/0x104\n[13.472426] el0_svc_common.constprop.0+0xc0/0xe0\n[13.477113] do_el0_svc+0x1c/0x28\n[13.480415] el0_svc+0x30/0xcc\n[13.483460] el0t_64_sync_handler+0x10c/0x138\n[13.487800] el0t_64_sync+0x198/0x19c\n[13.491453] Code: 2a0103e1 12003c42 12003c63 8b010084 (79400084)\n[13.497522] ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38136",
"url": "https://www.suse.com/security/cve/CVE-2025-38136"
},
{
"category": "external",
"summary": "SUSE Bug 1245691 for CVE-2025-38136",
"url": "https://bugzilla.suse.com/1245691"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38136"
},
{
"cve": "CVE-2025-38137",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38137"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/pwrctrl: Cancel outstanding rescan work when unregistering\n\nIt\u0027s possible to trigger use-after-free here by:\n\n (a) forcing rescan_work_func() to take a long time and\n (b) utilizing a pwrctrl driver that may be unloaded for some reason\n\nCancel outstanding work to ensure it is finished before we allow our data\nstructures to be cleaned up.\n\n[bhelgaas: tidy commit log]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38137",
"url": "https://www.suse.com/security/cve/CVE-2025-38137"
},
{
"category": "external",
"summary": "SUSE Bug 1245721 for CVE-2025-38137",
"url": "https://bugzilla.suse.com/1245721"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38137"
},
{
"cve": "CVE-2025-38138",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38138"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: ti: Add NULL check in udma_probe()\n\ndevm_kasprintf() returns NULL when memory allocation fails. Currently,\nudma_probe() does not check for this case, which results in a NULL\npointer dereference.\n\nAdd NULL check after devm_kasprintf() to prevent this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38138",
"url": "https://www.suse.com/security/cve/CVE-2025-38138"
},
{
"category": "external",
"summary": "SUSE Bug 1245719 for CVE-2025-38138",
"url": "https://bugzilla.suse.com/1245719"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38138"
},
{
"cve": "CVE-2025-38140",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38140"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: limit swapping tables for devices with zone write plugs\n\ndm_revalidate_zones() only allowed new or previously unzoned devices to\ncall blk_revalidate_disk_zones(). If the device was already zoned,\ndisk-\u003enr_zones would always equal md-\u003enr_zones, so dm_revalidate_zones()\nreturned without doing any work. This would make the zoned settings for\nthe device not match the new table. If the device had zone write plug\nresources, it could run into errors like bdev_zone_is_seq() reading\ninvalid memory because disk-\u003econv_zones_bitmap was the wrong size.\n\nIf the device doesn\u0027t have any zone write plug resources, calling\nblk_revalidate_disk_zones() will always correctly update device. If\nblk_revalidate_disk_zones() fails, it can still overwrite or clear the\ncurrent disk-\u003enr_zones value. In this case, DM must restore the previous\nvalue of disk-\u003enr_zones, so that the zoned settings will continue to\nmatch the previous value that it fell back to.\n\nIf the device already has zone write plug resources,\nblk_revalidate_disk_zones() will not correctly update them, if it is\ncalled for arbitrary zoned device changes. Since there is not much need\nfor this ability, the easiest solution is to disallow any table reloads\nthat change the zoned settings, for devices that already have zone plug\nresources. Specifically, if a device already has zone plug resources\nallocated, it can only switch to another zoned table that also emulates\nzone append. Also, it cannot change the device size or the zone size. A\ndevice can switch to an error target.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38140",
"url": "https://www.suse.com/security/cve/CVE-2025-38140"
},
{
"category": "external",
"summary": "SUSE Bug 1245717 for CVE-2025-38140",
"url": "https://bugzilla.suse.com/1245717"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38140"
},
{
"cve": "CVE-2025-38141",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38141"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: fix dm_blk_report_zones\n\nIf dm_get_live_table() returned NULL, dm_put_live_table() was never\ncalled. Also, it is possible that md-\u003ezone_revalidate_map will change\nwhile calling this function. Only read it once, so that we are always\nusing the same value. Otherwise we might miss a call to\ndm_put_live_table().\n\nFinally, while md-\u003ezone_revalidate_map is set and a process is calling\nblk_revalidate_disk_zones() to set up the zone append emulation\nresources, it is possible that another process, perhaps triggered by\nblkdev_report_zones_ioctl(), will call dm_blk_report_zones(). If\nblk_revalidate_disk_zones() fails, these resources can be freed while\nthe other process is still using them, causing a use-after-free error.\n\nblk_revalidate_disk_zones() will only ever be called when initially\nsetting up the zone append emulation resources, such as when setting up\na zoned dm-crypt table for the first time. Further table swaps will not\nset md-\u003ezone_revalidate_map or call blk_revalidate_disk_zones().\nHowever it must be called using the new table (referenced by\nmd-\u003ezone_revalidate_map) and the new queue limits while the DM device is\nsuspended. dm_blk_report_zones() needs some way to distinguish between a\ncall from blk_revalidate_disk_zones(), which must be allowed to use\nmd-\u003ezone_revalidate_map to access this not yet activated table, and all\nother calls to dm_blk_report_zones(), which should not be allowed while\nthe device is suspended and cannot use md-\u003ezone_revalidate_map, since\nthe zone resources might be freed by the process currently calling\nblk_revalidate_disk_zones().\n\nSolve this by tracking the process that sets md-\u003ezone_revalidate_map in\ndm_revalidate_zones() and only allowing that process to make use of it\nin dm_blk_report_zones().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38141",
"url": "https://www.suse.com/security/cve/CVE-2025-38141"
},
{
"category": "external",
"summary": "SUSE Bug 1245715 for CVE-2025-38141",
"url": "https://bugzilla.suse.com/1245715"
},
{
"category": "external",
"summary": "SUSE Bug 1245716 for CVE-2025-38141",
"url": "https://bugzilla.suse.com/1245716"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38141"
},
{
"cve": "CVE-2025-38142",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38142"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (asus-ec-sensors) check sensor index in read_string()\n\nPrevent a potential invalid memory access when the requested sensor\nis not found.\n\nfind_ec_sensor_index() may return a negative value (e.g. -ENOENT),\nbut its result was used without checking, which could lead to\nundefined behavior when passed to get_sensor_info().\n\nAdd a proper check to return -EINVAL if sensor_index is negative.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[groeck: Return error code returned from find_ec_sensor_index]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38142",
"url": "https://www.suse.com/security/cve/CVE-2025-38142"
},
{
"category": "external",
"summary": "SUSE Bug 1245713 for CVE-2025-38142",
"url": "https://bugzilla.suse.com/1245713"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38142"
},
{
"cve": "CVE-2025-38143",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38143"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbacklight: pm8941: Add NULL check in wled_configure()\n\ndevm_kasprintf() returns NULL when memory allocation fails. Currently,\nwled_configure() does not check for this case, which results in a NULL\npointer dereference.\n\nAdd NULL check after devm_kasprintf() to prevent this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38143",
"url": "https://www.suse.com/security/cve/CVE-2025-38143"
},
{
"category": "external",
"summary": "SUSE Bug 1245714 for CVE-2025-38143",
"url": "https://bugzilla.suse.com/1245714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38143"
},
{
"cve": "CVE-2025-38145",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38145"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: aspeed: Add NULL check in aspeed_lpc_enable_snoop()\n\ndevm_kasprintf() returns NULL when memory allocation fails. Currently,\naspeed_lpc_enable_snoop() does not check for this case, which results in a\nNULL pointer dereference.\n\nAdd NULL check after devm_kasprintf() to prevent this issue.\n\n[arj: Fix Fixes: tag to use subject from 3772e5da4454]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38145",
"url": "https://www.suse.com/security/cve/CVE-2025-38145"
},
{
"category": "external",
"summary": "SUSE Bug 1245765 for CVE-2025-38145",
"url": "https://bugzilla.suse.com/1245765"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38145"
},
{
"cve": "CVE-2025-38146",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38146"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: openvswitch: Fix the dead loop of MPLS parse\n\nThe unexpected MPLS packet may not end with the bottom label stack.\nWhen there are many stacks, The label count value has wrapped around.\nA dead loop occurs, soft lockup/CPU stuck finally.\n\nstack backtrace:\nUBSAN: array-index-out-of-bounds in /build/linux-0Pa0xK/linux-5.15.0/net/openvswitch/flow.c:662:26\nindex -1 is out of range for type \u0027__be32 [3]\u0027\nCPU: 34 PID: 0 Comm: swapper/34 Kdump: loaded Tainted: G OE 5.15.0-121-generic #131-Ubuntu\nHardware name: Dell Inc. PowerEdge C6420/0JP9TF, BIOS 2.12.2 07/14/2021\nCall Trace:\n \u003cIRQ\u003e\n show_stack+0x52/0x5c\n dump_stack_lvl+0x4a/0x63\n dump_stack+0x10/0x16\n ubsan_epilogue+0x9/0x36\n __ubsan_handle_out_of_bounds.cold+0x44/0x49\n key_extract_l3l4+0x82a/0x840 [openvswitch]\n ? kfree_skbmem+0x52/0xa0\n key_extract+0x9c/0x2b0 [openvswitch]\n ovs_flow_key_extract+0x124/0x350 [openvswitch]\n ovs_vport_receive+0x61/0xd0 [openvswitch]\n ? kernel_init_free_pages.part.0+0x4a/0x70\n ? get_page_from_freelist+0x353/0x540\n netdev_port_receive+0xc4/0x180 [openvswitch]\n ? netdev_port_receive+0x180/0x180 [openvswitch]\n netdev_frame_hook+0x1f/0x40 [openvswitch]\n __netif_receive_skb_core.constprop.0+0x23a/0xf00\n __netif_receive_skb_list_core+0xfa/0x240\n netif_receive_skb_list_internal+0x18e/0x2a0\n napi_complete_done+0x7a/0x1c0\n bnxt_poll+0x155/0x1c0 [bnxt_en]\n __napi_poll+0x30/0x180\n net_rx_action+0x126/0x280\n ? bnxt_msix+0x67/0x80 [bnxt_en]\n handle_softirqs+0xda/0x2d0\n irq_exit_rcu+0x96/0xc0\n common_interrupt+0x8e/0xa0\n \u003c/IRQ\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38146",
"url": "https://www.suse.com/security/cve/CVE-2025-38146"
},
{
"category": "external",
"summary": "SUSE Bug 1245767 for CVE-2025-38146",
"url": "https://bugzilla.suse.com/1245767"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38146"
},
{
"cve": "CVE-2025-38148",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38148"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: mscc: Fix memory leak when using one step timestamping\n\nFix memory leak when running one-step timestamping. When running\none-step sync timestamping, the HW is configured to insert the TX time\ninto the frame, so there is no reason to keep the skb anymore. As in\nthis case the HW will never generate an interrupt to say that the frame\nwas timestamped, then the frame will never released.\nFix this by freeing the frame in case of one-step timestamping.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38148",
"url": "https://www.suse.com/security/cve/CVE-2025-38148"
},
{
"category": "external",
"summary": "SUSE Bug 1245735 for CVE-2025-38148",
"url": "https://bugzilla.suse.com/1245735"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38148"
},
{
"cve": "CVE-2025-38149",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38149"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: clear phydev-\u003edevlink when the link is deleted\n\nThere is a potential crash issue when disabling and re-enabling the\nnetwork port. When disabling the network port, phy_detach() calls\ndevice_link_del() to remove the device link, but it does not clear\nphydev-\u003edevlink, so phydev-\u003edevlink is not a NULL pointer. Then the\nnetwork port is re-enabled, but if phy_attach_direct() fails before\ncalling device_link_add(), the code jumps to the \"error\" label and\ncalls phy_detach(). Since phydev-\u003edevlink retains the old value from\nthe previous attach/detach cycle, device_link_del() uses the old value,\nwhich accesses a NULL pointer and causes a crash. The simplified crash\nlog is as follows.\n\n[ 24.702421] Call trace:\n[ 24.704856] device_link_put_kref+0x20/0x120\n[ 24.709124] device_link_del+0x30/0x48\n[ 24.712864] phy_detach+0x24/0x168\n[ 24.716261] phy_attach_direct+0x168/0x3a4\n[ 24.720352] phylink_fwnode_phy_connect+0xc8/0x14c\n[ 24.725140] phylink_of_phy_connect+0x1c/0x34\n\nTherefore, phydev-\u003edevlink needs to be cleared when the device link is\ndeleted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38149",
"url": "https://www.suse.com/security/cve/CVE-2025-38149"
},
{
"category": "external",
"summary": "SUSE Bug 1245737 for CVE-2025-38149",
"url": "https://bugzilla.suse.com/1245737"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38149"
},
{
"cve": "CVE-2025-38151",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38151"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/cma: Fix hang when cma_netevent_callback fails to queue_work\n\nThe cited commit fixed a crash when cma_netevent_callback was called for\na cma_id while work on that id from a previous call had not yet started.\nThe work item was re-initialized in the second call, which corrupted the\nwork item currently in the work queue.\n\nHowever, it left a problem when queue_work fails (because the item is\nstill pending in the work queue from a previous call). In this case,\ncma_id_put (which is called in the work handler) is therefore not\ncalled. This results in a userspace process hang (zombie process).\n\nFix this by calling cma_id_put() if queue_work fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38151",
"url": "https://www.suse.com/security/cve/CVE-2025-38151"
},
{
"category": "external",
"summary": "SUSE Bug 1245745 for CVE-2025-38151",
"url": "https://bugzilla.suse.com/1245745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38151"
},
{
"cve": "CVE-2025-38153",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38153"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: aqc111: fix error handling of usbnet read calls\n\nSyzkaller, courtesy of syzbot, identified an error (see report [1]) in\naqc111 driver, caused by incomplete sanitation of usb read calls\u0027\nresults. This problem is quite similar to the one fixed in commit\n920a9fa27e78 (\"net: asix: add proper error handling of usb read errors\").\n\nFor instance, usbnet_read_cmd() may read fewer than \u0027size\u0027 bytes,\neven if the caller expected the full amount, and aqc111_read_cmd()\nwill not check its result properly. As [1] shows, this may lead\nto MAC address in aqc111_bind() being only partly initialized,\ntriggering KMSAN warnings.\n\nFix the issue by verifying that the number of bytes read is\nas expected and not less.\n\n[1] Partial syzbot report:\nBUG: KMSAN: uninit-value in is_valid_ether_addr include/linux/etherdevice.h:208 [inline]\nBUG: KMSAN: uninit-value in usbnet_probe+0x2e57/0x4390 drivers/net/usb/usbnet.c:1830\n is_valid_ether_addr include/linux/etherdevice.h:208 [inline]\n usbnet_probe+0x2e57/0x4390 drivers/net/usb/usbnet.c:1830\n usb_probe_interface+0xd01/0x1310 drivers/usb/core/driver.c:396\n call_driver_probe drivers/base/dd.c:-1 [inline]\n really_probe+0x4d1/0xd90 drivers/base/dd.c:658\n __driver_probe_device+0x268/0x380 drivers/base/dd.c:800\n...\n\nUninit was stored to memory at:\n dev_addr_mod+0xb0/0x550 net/core/dev_addr_lists.c:582\n __dev_addr_set include/linux/netdevice.h:4874 [inline]\n eth_hw_addr_set include/linux/etherdevice.h:325 [inline]\n aqc111_bind+0x35f/0x1150 drivers/net/usb/aqc111.c:717\n usbnet_probe+0xbe6/0x4390 drivers/net/usb/usbnet.c:1772\n usb_probe_interface+0xd01/0x1310 drivers/usb/core/driver.c:396\n...\n\nUninit was stored to memory at:\n ether_addr_copy include/linux/etherdevice.h:305 [inline]\n aqc111_read_perm_mac drivers/net/usb/aqc111.c:663 [inline]\n aqc111_bind+0x794/0x1150 drivers/net/usb/aqc111.c:713\n usbnet_probe+0xbe6/0x4390 drivers/net/usb/usbnet.c:1772\n usb_probe_interface+0xd01/0x1310 drivers/usb/core/driver.c:396\n call_driver_probe drivers/base/dd.c:-1 [inline]\n...\n\nLocal variable buf.i created at:\n aqc111_read_perm_mac drivers/net/usb/aqc111.c:656 [inline]\n aqc111_bind+0x221/0x1150 drivers/net/usb/aqc111.c:713\n usbnet_probe+0xbe6/0x4390 drivers/net/usb/usbnet.c:1772",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38153",
"url": "https://www.suse.com/security/cve/CVE-2025-38153"
},
{
"category": "external",
"summary": "SUSE Bug 1245744 for CVE-2025-38153",
"url": "https://bugzilla.suse.com/1245744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38153"
},
{
"cve": "CVE-2025-38154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38154"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Avoid using sk_socket after free when sending\n\nThe sk-\u003esk_socket is not locked or referenced in backlog thread, and\nduring the call to skb_send_sock(), there is a race condition with\nthe release of sk_socket. All types of sockets(tcp/udp/unix/vsock)\nwill be affected.\n\nRace conditions:\n\u0027\u0027\u0027\nCPU0 CPU1\n\nbacklog::skb_send_sock\n sendmsg_unlocked\n sock_sendmsg\n sock_sendmsg_nosec\n close(fd):\n ...\n ops-\u003erelease() -\u003e sock_map_close()\n sk_socket-\u003eops = NULL\n free(socket)\n sock-\u003eops-\u003esendmsg\n ^\n panic here\n\u0027\u0027\u0027\n\nThe ref of psock become 0 after sock_map_close() executed.\n\u0027\u0027\u0027\nvoid sock_map_close()\n{\n ...\n if (likely(psock)) {\n ...\n // !! here we remove psock and the ref of psock become 0\n sock_map_remove_links(sk, psock)\n psock = sk_psock_get(sk);\n if (unlikely(!psock))\n goto no_psock; \u003c=== Control jumps here via goto\n ...\n cancel_delayed_work_sync(\u0026psock-\u003ework); \u003c=== not executed\n sk_psock_put(sk, psock);\n ...\n}\n\u0027\u0027\u0027\n\nBased on the fact that we already wait for the workqueue to finish in\nsock_map_close() if psock is held, we simply increase the psock\nreference count to avoid race conditions.\n\nWith this patch, if the backlog thread is running, sock_map_close() will\nwait for the backlog thread to complete and cancel all pending work.\n\nIf no backlog running, any pending work that hasn\u0027t started by then will\nfail when invoked by sk_psock_get(), as the psock reference count have\nbeen zeroed, and sk_psock_drop() will cancel all jobs via\ncancel_delayed_work_sync().\n\nIn summary, we require synchronization to coordinate the backlog thread\nand close() thread.\n\nThe panic I catched:\n\u0027\u0027\u0027\nWorkqueue: events sk_psock_backlog\nRIP: 0010:sock_sendmsg+0x21d/0x440\nRAX: 0000000000000000 RBX: ffffc9000521fad8 RCX: 0000000000000001\n...\nCall Trace:\n \u003cTASK\u003e\n ? die_addr+0x40/0xa0\n ? exc_general_protection+0x14c/0x230\n ? asm_exc_general_protection+0x26/0x30\n ? sock_sendmsg+0x21d/0x440\n ? sock_sendmsg+0x3e0/0x440\n ? __pfx_sock_sendmsg+0x10/0x10\n __skb_send_sock+0x543/0xb70\n sk_psock_backlog+0x247/0xb80\n...\n\u0027\u0027\u0027",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38154",
"url": "https://www.suse.com/security/cve/CVE-2025-38154"
},
{
"category": "external",
"summary": "SUSE Bug 1245749 for CVE-2025-38154",
"url": "https://bugzilla.suse.com/1245749"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38154"
},
{
"cve": "CVE-2025-38155",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38155"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7915: Fix null-ptr-deref in mt7915_mmio_wed_init()\n\ndevm_ioremap() returns NULL on error. Currently, mt7915_mmio_wed_init()\ndoes not check for this case, which results in a NULL pointer\ndereference.\n\nPrevent null pointer dereference in mt7915_mmio_wed_init().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38155",
"url": "https://www.suse.com/security/cve/CVE-2025-38155"
},
{
"category": "external",
"summary": "SUSE Bug 1245748 for CVE-2025-38155",
"url": "https://bugzilla.suse.com/1245748"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38155"
},
{
"cve": "CVE-2025-38156",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38156"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7996: Fix null-ptr-deref in mt7996_mmio_wed_init()\n\ndevm_ioremap() returns NULL on error. Currently, mt7996_mmio_wed_init()\ndoes not check for this case, which results in a NULL pointer\ndereference.\n\nPrevent null pointer dereference in mt7996_mmio_wed_init()",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38156",
"url": "https://www.suse.com/security/cve/CVE-2025-38156"
},
{
"category": "external",
"summary": "SUSE Bug 1246034 for CVE-2025-38156",
"url": "https://bugzilla.suse.com/1246034"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38156"
},
{
"cve": "CVE-2025-38157",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38157"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k_htc: Abort software beacon handling if disabled\n\nA malicious USB device can send a WMI_SWBA_EVENTID event from an\nath9k_htc-managed device before beaconing has been enabled. This causes\na device-by-zero error in the driver, leading to either a crash or an\nout of bounds read.\n\nPrevent this by aborting the handling in ath9k_htc_swba() if beacons are\nnot enabled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38157",
"url": "https://www.suse.com/security/cve/CVE-2025-38157"
},
{
"category": "external",
"summary": "SUSE Bug 1245747 for CVE-2025-38157",
"url": "https://bugzilla.suse.com/1245747"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38157"
},
{
"cve": "CVE-2025-38159",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38159"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: fix the \u0027para\u0027 buffer size to avoid reading out of bounds\n\nSet the size to 6 instead of 2, since \u0027para\u0027 array is passed to\n\u0027rtw_fw_bt_wifi_control(rtwdev, para[0], \u0026para[1])\u0027, which reads\n5 bytes:\n\nvoid rtw_fw_bt_wifi_control(struct rtw_dev *rtwdev, u8 op_code, u8 *data)\n{\n ...\n SET_BT_WIFI_CONTROL_DATA1(h2c_pkt, *data);\n SET_BT_WIFI_CONTROL_DATA2(h2c_pkt, *(data + 1));\n ...\n SET_BT_WIFI_CONTROL_DATA5(h2c_pkt, *(data + 4));\n\nDetected using the static analysis tool - Svace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38159",
"url": "https://www.suse.com/security/cve/CVE-2025-38159"
},
{
"category": "external",
"summary": "SUSE Bug 1245751 for CVE-2025-38159",
"url": "https://bugzilla.suse.com/1245751"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38159"
},
{
"cve": "CVE-2025-38160",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38160"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: bcm: rpi: Add NULL check in raspberrypi_clk_register()\n\ndevm_kasprintf() returns NULL when memory allocation fails. Currently,\nraspberrypi_clk_register() does not check for this case, which results\nin a NULL pointer dereference.\n\nAdd NULL check after devm_kasprintf() to prevent this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38160",
"url": "https://www.suse.com/security/cve/CVE-2025-38160"
},
{
"category": "external",
"summary": "SUSE Bug 1245780 for CVE-2025-38160",
"url": "https://bugzilla.suse.com/1245780"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38160"
},
{
"cve": "CVE-2025-38161",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38161"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix error flow upon firmware failure for RQ destruction\n\nUpon RQ destruction if the firmware command fails which is the\nlast resource to be destroyed some SW resources were already cleaned\nregardless of the failure.\n\nNow properly rollback the object to its original state upon such failure.\n\nIn order to avoid a use-after free in case someone tries to destroy the\nobject again, which results in the following kernel trace:\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 0 PID: 37589 at lib/refcount.c:28 refcount_warn_saturate+0xf4/0x148\nModules linked in: rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) mlx5_ib(OE) rfkill mlx5_core(OE) mlxdevm(OE) ib_uverbs(OE) ib_core(OE) psample mlxfw(OE) mlx_compat(OE) macsec tls pci_hyperv_intf sunrpc vfat fat virtio_net net_failover failover fuse loop nfnetlink vsock_loopback vmw_vsock_virtio_transport_common vmw_vsock_vmci_transport vmw_vmci vsock xfs crct10dif_ce ghash_ce sha2_ce sha256_arm64 sha1_ce virtio_console virtio_gpu virtio_blk virtio_dma_buf virtio_mmio dm_mirror dm_region_hash dm_log dm_mod xpmem(OE)\nCPU: 0 UID: 0 PID: 37589 Comm: python3 Kdump: loaded Tainted: G OE ------- --- 6.12.0-54.el10.aarch64 #1\nTainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\nHardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015\npstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : refcount_warn_saturate+0xf4/0x148\nlr : refcount_warn_saturate+0xf4/0x148\nsp : ffff80008b81b7e0\nx29: ffff80008b81b7e0 x28: ffff000133d51600 x27: 0000000000000001\nx26: 0000000000000000 x25: 00000000ffffffea x24: ffff00010ae80f00\nx23: ffff00010ae80f80 x22: ffff0000c66e5d08 x21: 0000000000000000\nx20: ffff0000c66e0000 x19: ffff00010ae80340 x18: 0000000000000006\nx17: 0000000000000000 x16: 0000000000000020 x15: ffff80008b81b37f\nx14: 0000000000000000 x13: 2e656572662d7265 x12: ffff80008283ef78\nx11: ffff80008257efd0 x10: ffff80008283efd0 x9 : ffff80008021ed90\nx8 : 0000000000000001 x7 : 00000000000bffe8 x6 : c0000000ffff7fff\nx5 : ffff0001fb8e3408 x4 : 0000000000000000 x3 : ffff800179993000\nx2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff000133d51600\nCall trace:\n refcount_warn_saturate+0xf4/0x148\n mlx5_core_put_rsc+0x88/0xa0 [mlx5_ib]\n mlx5_core_destroy_rq_tracked+0x64/0x98 [mlx5_ib]\n mlx5_ib_destroy_wq+0x34/0x80 [mlx5_ib]\n ib_destroy_wq_user+0x30/0xc0 [ib_core]\n uverbs_free_wq+0x28/0x58 [ib_uverbs]\n destroy_hw_idr_uobject+0x34/0x78 [ib_uverbs]\n uverbs_destroy_uobject+0x48/0x240 [ib_uverbs]\n __uverbs_cleanup_ufile+0xd4/0x1a8 [ib_uverbs]\n uverbs_destroy_ufile_hw+0x48/0x120 [ib_uverbs]\n ib_uverbs_close+0x2c/0x100 [ib_uverbs]\n __fput+0xd8/0x2f0\n __fput_sync+0x50/0x70\n __arm64_sys_close+0x40/0x90\n invoke_syscall.constprop.0+0x74/0xd0\n do_el0_svc+0x48/0xe8\n el0_svc+0x44/0x1d0\n el0t_64_sync_handler+0x120/0x130\n el0t_64_sync+0x1a4/0x1a8",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38161",
"url": "https://www.suse.com/security/cve/CVE-2025-38161"
},
{
"category": "external",
"summary": "SUSE Bug 1245777 for CVE-2025-38161",
"url": "https://bugzilla.suse.com/1245777"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38161"
},
{
"cve": "CVE-2025-38165",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38165"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Fix panic when calling skb_linearize\n\nThe panic can be reproduced by executing the command:\n./bench sockmap -c 2 -p 1 -a --rx-verdict-ingress --rx-strp 100000\n\nThen a kernel panic was captured:\n\u0027\u0027\u0027\n[ 657.460555] kernel BUG at net/core/skbuff.c:2178!\n[ 657.462680] Tainted: [W]=WARN\n[ 657.463287] Workqueue: events sk_psock_backlog\n...\n[ 657.469610] \u003cTASK\u003e\n[ 657.469738] ? die+0x36/0x90\n[ 657.469916] ? do_trap+0x1d0/0x270\n[ 657.470118] ? pskb_expand_head+0x612/0xf40\n[ 657.470376] ? pskb_expand_head+0x612/0xf40\n[ 657.470620] ? do_error_trap+0xa3/0x170\n[ 657.470846] ? pskb_expand_head+0x612/0xf40\n[ 657.471092] ? handle_invalid_op+0x2c/0x40\n[ 657.471335] ? pskb_expand_head+0x612/0xf40\n[ 657.471579] ? exc_invalid_op+0x2d/0x40\n[ 657.471805] ? asm_exc_invalid_op+0x1a/0x20\n[ 657.472052] ? pskb_expand_head+0xd1/0xf40\n[ 657.472292] ? pskb_expand_head+0x612/0xf40\n[ 657.472540] ? lock_acquire+0x18f/0x4e0\n[ 657.472766] ? find_held_lock+0x2d/0x110\n[ 657.472999] ? __pfx_pskb_expand_head+0x10/0x10\n[ 657.473263] ? __kmalloc_cache_noprof+0x5b/0x470\n[ 657.473537] ? __pfx___lock_release.isra.0+0x10/0x10\n[ 657.473826] __pskb_pull_tail+0xfd/0x1d20\n[ 657.474062] ? __kasan_slab_alloc+0x4e/0x90\n[ 657.474707] sk_psock_skb_ingress_enqueue+0x3bf/0x510\n[ 657.475392] ? __kasan_kmalloc+0xaa/0xb0\n[ 657.476010] sk_psock_backlog+0x5cf/0xd70\n[ 657.476637] process_one_work+0x858/0x1a20\n\u0027\u0027\u0027\n\nThe panic originates from the assertion BUG_ON(skb_shared(skb)) in\nskb_linearize(). A previous commit(see Fixes tag) introduced skb_get()\nto avoid race conditions between skb operations in the backlog and skb\nrelease in the recvmsg path. However, this caused the panic to always\noccur when skb_linearize is executed.\n\nThe \"--rx-strp 100000\" parameter forces the RX path to use the strparser\nmodule which aggregates data until it reaches 100KB before calling sockmap\nlogic. The 100KB payload exceeds MAX_MSG_FRAGS, triggering skb_linearize.\n\nTo fix this issue, just move skb_get into sk_psock_skb_ingress_enqueue.\n\n\u0027\u0027\u0027\nsk_psock_backlog:\n sk_psock_handle_skb\n skb_get(skb) \u003c== we move it into \u0027sk_psock_skb_ingress_enqueue\u0027\n sk_psock_skb_ingress____________\n v\n |\n | -\u003e sk_psock_skb_ingress_self\n | sk_psock_skb_ingress_enqueue\nsk_psock_verdict_apply_________________^ skb_linearize\n\u0027\u0027\u0027\n\nNote that for verdict_apply path, the skb_get operation is unnecessary so\nwe add \u0027take_ref\u0027 param to control it\u0027s behavior.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38165",
"url": "https://www.suse.com/security/cve/CVE-2025-38165"
},
{
"category": "external",
"summary": "SUSE Bug 1245757 for CVE-2025-38165",
"url": "https://bugzilla.suse.com/1245757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38165"
},
{
"cve": "CVE-2025-38168",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38168"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: arm-ni: Unregister PMUs on probe failure\n\nWhen a resource allocation fails in one clock domain of an NI device,\nwe need to properly roll back all previously registered perf PMUs in\nother clock domains of the same device.\n\nOtherwise, it can lead to kernel panics.\n\nCalling arm_ni_init+0x0/0xff8 [arm_ni] @ 2374\narm-ni ARMHCB70:00: Failed to request PMU region 0x1f3c13000\narm-ni ARMHCB70:00: probe with driver arm-ni failed with error -16\nlist_add corruption: next-\u003eprev should be prev (fffffd01e9698a18),\nbut was 0000000000000000. (next=ffff10001a0decc8).\npstate: 6340009 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)\npc : list_add_valid_or_report+0x7c/0xb8\nlr : list_add_valid_or_report+0x7c/0xb8\nCall trace:\n __list_add_valid_or_report+0x7c/0xb8\n perf_pmu_register+0x22c/0x3a0\n arm_ni_probe+0x554/0x70c [arm_ni]\n platform_probe+0x70/0xe8\n really_probe+0xc6/0x4d8\n driver_probe_device+0x48/0x170\n __driver_attach+0x8e/0x1c0\n bus_for_each_dev+0x64/0xf0\n driver_add+0x138/0x260\n bus_add_driver+0x68/0x138\n __platform_driver_register+0x2c/0x40\n arm_ni_init+0x14/0x2a [arm_ni]\n do_init_module+0x36/0x298\n---[ end trace 0000000000000000 ]---\nKernel panic - not syncing: Oops - BUG: Fatal exception\nSMP: stopping secondary CPUs",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38168",
"url": "https://www.suse.com/security/cve/CVE-2025-38168"
},
{
"category": "external",
"summary": "SUSE Bug 1245763 for CVE-2025-38168",
"url": "https://bugzilla.suse.com/1245763"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38168"
},
{
"cve": "CVE-2025-38169",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38169"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64/fpsimd: Avoid clobbering kernel FPSIMD state with SMSTOP\n\nOn system with SME, a thread\u0027s kernel FPSIMD state may be erroneously\nclobbered during a context switch immediately after that state is\nrestored. Systems without SME are unaffected.\n\nIf the CPU happens to be in streaming SVE mode before a context switch\nto a thread with kernel FPSIMD state, fpsimd_thread_switch() will\nrestore the kernel FPSIMD state using fpsimd_load_kernel_state() while\nthe CPU is still in streaming SVE mode. When fpsimd_thread_switch()\nsubsequently calls fpsimd_flush_cpu_state(), this will execute an\nSMSTOP, causing an exit from streaming SVE mode. The exit from\nstreaming SVE mode will cause the hardware to reset a number of\nFPSIMD/SVE/SME registers, clobbering the FPSIMD state.\n\nFix this by calling fpsimd_flush_cpu_state() before restoring the kernel\nFPSIMD state.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38169",
"url": "https://www.suse.com/security/cve/CVE-2025-38169"
},
{
"category": "external",
"summary": "SUSE Bug 1245784 for CVE-2025-38169",
"url": "https://bugzilla.suse.com/1245784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "low"
}
],
"title": "CVE-2025-38169"
},
{
"cve": "CVE-2025-38170",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38170"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64/fpsimd: Discard stale CPU state when handling SME traps\n\nThe logic for handling SME traps manipulates saved FPSIMD/SVE/SME state\nincorrectly, and a race with preemption can result in a task having\nTIF_SME set and TIF_FOREIGN_FPSTATE clear even though the live CPU state\nis stale (e.g. with SME traps enabled). This can result in warnings from\ndo_sme_acc() where SME traps are not expected while TIF_SME is set:\n\n| /* With TIF_SME userspace shouldn\u0027t generate any traps */\n| if (test_and_set_thread_flag(TIF_SME))\n| WARN_ON(1);\n\nThis is very similar to the SVE issue we fixed in commit:\n\n 751ecf6afd6568ad (\"arm64/sve: Discard stale CPU state when handling SVE traps\")\n\nThe race can occur when the SME trap handler is preempted before and\nafter manipulating the saved FPSIMD/SVE/SME state, starting and ending on\nthe same CPU, e.g.\n\n| void do_sme_acc(unsigned long esr, struct pt_regs *regs)\n| {\n| // Trap on CPU 0 with TIF_SME clear, SME traps enabled\n| // task-\u003efpsimd_cpu is 0.\n| // per_cpu_ptr(\u0026fpsimd_last_state, 0) is task.\n|\n| ...\n|\n| // Preempted; migrated from CPU 0 to CPU 1.\n| // TIF_FOREIGN_FPSTATE is set.\n|\n| get_cpu_fpsimd_context();\n|\n| /* With TIF_SME userspace shouldn\u0027t generate any traps */\n| if (test_and_set_thread_flag(TIF_SME))\n| WARN_ON(1);\n|\n| if (!test_thread_flag(TIF_FOREIGN_FPSTATE)) {\n| unsigned long vq_minus_one =\n| sve_vq_from_vl(task_get_sme_vl(current)) - 1;\n| sme_set_vq(vq_minus_one);\n|\n| fpsimd_bind_task_to_cpu();\n| }\n|\n| put_cpu_fpsimd_context();\n|\n| // Preempted; migrated from CPU 1 to CPU 0.\n| // task-\u003efpsimd_cpu is still 0\n| // If per_cpu_ptr(\u0026fpsimd_last_state, 0) is still task then:\n| // - Stale HW state is reused (with SME traps enabled)\n| // - TIF_FOREIGN_FPSTATE is cleared\n| // - A return to userspace skips HW state restore\n| }\n\nFix the case where the state is not live and TIF_FOREIGN_FPSTATE is set\nby calling fpsimd_flush_task_state() to detach from the saved CPU\nstate. This ensures that a subsequent context switch will not reuse the\nstale CPU state, and will instead set TIF_FOREIGN_FPSTATE, forcing the\nnew state to be reloaded from memory prior to a return to userspace.\n\nNote: this was originallly posted as [1].\n\n[ Rutland: rewrite commit message ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38170",
"url": "https://www.suse.com/security/cve/CVE-2025-38170"
},
{
"category": "external",
"summary": "SUSE Bug 1245785 for CVE-2025-38170",
"url": "https://bugzilla.suse.com/1245785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38170"
},
{
"cve": "CVE-2025-38172",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38172"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: avoid using multiple devices with different type\n\nFor multiple devices, both primary and extra devices should be the\nsame type. `erofs_init_device` has already guaranteed that if the\nprimary is a file-backed device, extra devices should also be\nregular files.\n\nHowever, if the primary is a block device while the extra device\nis a file-backed device, `erofs_init_device` will get an ENOTBLK,\nwhich is not treated as an error in `erofs_fc_get_tree`, and that\nleads to an UAF:\n\n erofs_fc_get_tree\n get_tree_bdev_flags(erofs_fc_fill_super)\n erofs_read_superblock\n erofs_init_device // sbi-\u003edif0 is not inited yet,\n // return -ENOTBLK\n deactivate_locked_super\n free(sbi)\n if (err is -ENOTBLK)\n sbi-\u003edif0.file = filp_open() // sbi UAF\n\nSo if -ENOTBLK is hitted in `erofs_init_device`, it means the\nprimary device must be a block device, and the extra device\nis not a block device. The error can be converted to -EINVAL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38172",
"url": "https://www.suse.com/security/cve/CVE-2025-38172"
},
{
"category": "external",
"summary": "SUSE Bug 1245787 for CVE-2025-38172",
"url": "https://bugzilla.suse.com/1245787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38172"
},
{
"cve": "CVE-2025-38173",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38173"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: marvell/cesa - Handle zero-length skcipher requests\n\nDo not access random memory for zero-length skcipher requests.\nJust return 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38173",
"url": "https://www.suse.com/security/cve/CVE-2025-38173"
},
{
"category": "external",
"summary": "SUSE Bug 1245769 for CVE-2025-38173",
"url": "https://bugzilla.suse.com/1245769"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38173"
},
{
"cve": "CVE-2025-38174",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38174"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nthunderbolt: Do not double dequeue a configuration request\n\nSome of our devices crash in tb_cfg_request_dequeue():\n\n general protection fault, probably for non-canonical address 0xdead000000000122\n\n CPU: 6 PID: 91007 Comm: kworker/6:2 Tainted: G U W 6.6.65\n RIP: 0010:tb_cfg_request_dequeue+0x2d/0xa0\n Call Trace:\n \u003cTASK\u003e\n ? tb_cfg_request_dequeue+0x2d/0xa0\n tb_cfg_request_work+0x33/0x80\n worker_thread+0x386/0x8f0\n kthread+0xed/0x110\n ret_from_fork+0x38/0x50\n ret_from_fork_asm+0x1b/0x30\n\nThe circumstances are unclear, however, the theory is that\ntb_cfg_request_work() can be scheduled twice for a request:\nfirst time via frame.callback from ring_work() and second\ntime from tb_cfg_request(). Both times kworkers will execute\ntb_cfg_request_dequeue(), which results in double list_del()\nfrom the ctl-\u003erequest_queue (the list poison deference hints\nat it: 0xdead000000000122).\n\nDo not dequeue requests that don\u0027t have TB_CFG_REQUEST_ACTIVE\nbit set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38174",
"url": "https://www.suse.com/security/cve/CVE-2025-38174"
},
{
"category": "external",
"summary": "SUSE Bug 1245781 for CVE-2025-38174",
"url": "https://bugzilla.suse.com/1245781"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38174"
},
{
"cve": "CVE-2025-38177",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38177"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsch_hfsc: make hfsc_qlen_notify() idempotent\n\nhfsc_qlen_notify() is not idempotent either and not friendly\nto its callers, like fq_codel_dequeue(). Let\u0027s make it idempotent\nto ease qdisc_tree_reduce_backlog() callers\u0027 life:\n\n1. update_vf() decreases cl-\u003ecl_nactive, so we can check whether it is\nnon-zero before calling it.\n\n2. eltree_remove() always removes RB node cl-\u003eel_node, but we can use\n RB_EMPTY_NODE() + RB_CLEAR_NODE() to make it safe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38177",
"url": "https://www.suse.com/security/cve/CVE-2025-38177"
},
{
"category": "external",
"summary": "SUSE Bug 1237312 for CVE-2025-38177",
"url": "https://bugzilla.suse.com/1237312"
},
{
"category": "external",
"summary": "SUSE Bug 1245986 for CVE-2025-38177",
"url": "https://bugzilla.suse.com/1245986"
},
{
"category": "external",
"summary": "SUSE Bug 1246356 for CVE-2025-38177",
"url": "https://bugzilla.suse.com/1246356"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-38177",
"url": "https://bugzilla.suse.com/1247374"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38177"
},
{
"cve": "CVE-2025-38180",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38180"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: atm: fix /proc/net/atm/lec handling\n\n/proc/net/atm/lec must ensure safety against dev_lec[] changes.\n\nIt appears it had dev_put() calls without prior dev_hold(),\nleading to imbalance and UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38180",
"url": "https://www.suse.com/security/cve/CVE-2025-38180"
},
{
"category": "external",
"summary": "SUSE Bug 1245970 for CVE-2025-38180",
"url": "https://bugzilla.suse.com/1245970"
},
{
"category": "external",
"summary": "SUSE Bug 1245971 for CVE-2025-38180",
"url": "https://bugzilla.suse.com/1245971"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38180"
},
{
"cve": "CVE-2025-38181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38181"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncalipso: Fix null-ptr-deref in calipso_req_{set,del}attr().\n\nsyzkaller reported a null-ptr-deref in sock_omalloc() while allocating\na CALIPSO option. [0]\n\nThe NULL is of struct sock, which was fetched by sk_to_full_sk() in\ncalipso_req_setattr().\n\nSince commit a1a5344ddbe8 (\"tcp: avoid two atomic ops for syncookies\"),\nreqsk-\u003ersk_listener could be NULL when SYN Cookie is returned to its\nclient, as hinted by the leading SYN Cookie log.\n\nHere are 3 options to fix the bug:\n\n 1) Return 0 in calipso_req_setattr()\n 2) Return an error in calipso_req_setattr()\n 3) Alaways set rsk_listener\n\n1) is no go as it bypasses LSM, but 2) effectively disables SYN Cookie\nfor CALIPSO. 3) is also no go as there have been many efforts to reduce\natomic ops and make TCP robust against DDoS. See also commit 3b24d854cb35\n(\"tcp/dccp: do not touch listener sk_refcnt under synflood\").\n\nAs of the blamed commit, SYN Cookie already did not need refcounting,\nand no one has stumbled on the bug for 9 years, so no CALIPSO user will\ncare about SYN Cookie.\n\nLet\u0027s return an error in calipso_req_setattr() and calipso_req_delattr()\nin the SYN Cookie case.\n\nThis can be reproduced by [1] on Fedora and now connect() of nc times out.\n\n[0]:\nTCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]\nCPU: 3 UID: 0 PID: 12262 Comm: syz.1.2611 Not tainted 6.14.0 #2\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nRIP: 0010:read_pnet include/net/net_namespace.h:406 [inline]\nRIP: 0010:sock_net include/net/sock.h:655 [inline]\nRIP: 0010:sock_kmalloc+0x35/0x170 net/core/sock.c:2806\nCode: 89 d5 41 54 55 89 f5 53 48 89 fb e8 25 e3 c6 fd e8 f0 91 e3 00 48 8d 7b 30 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 26 01 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b\nRSP: 0018:ffff88811af89038 EFLAGS: 00010216\nRAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffff888105266400\nRDX: 0000000000000006 RSI: ffff88800c890000 RDI: 0000000000000030\nRBP: 0000000000000050 R08: 0000000000000000 R09: ffff88810526640e\nR10: ffffed1020a4cc81 R11: ffff88810526640f R12: 0000000000000000\nR13: 0000000000000820 R14: ffff888105266400 R15: 0000000000000050\nFS: 00007f0653a07640(0000) GS:ffff88811af80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f863ba096f4 CR3: 00000000163c0005 CR4: 0000000000770ef0\nPKRU: 80000000\nCall Trace:\n \u003cIRQ\u003e\n ipv6_renew_options+0x279/0x950 net/ipv6/exthdrs.c:1288\n calipso_req_setattr+0x181/0x340 net/ipv6/calipso.c:1204\n calipso_req_setattr+0x56/0x80 net/netlabel/netlabel_calipso.c:597\n netlbl_req_setattr+0x18a/0x440 net/netlabel/netlabel_kapi.c:1249\n selinux_netlbl_inet_conn_request+0x1fb/0x320 security/selinux/netlabel.c:342\n selinux_inet_conn_request+0x1eb/0x2c0 security/selinux/hooks.c:5551\n security_inet_conn_request+0x50/0xa0 security/security.c:4945\n tcp_v6_route_req+0x22c/0x550 net/ipv6/tcp_ipv6.c:825\n tcp_conn_request+0xec8/0x2b70 net/ipv4/tcp_input.c:7275\n tcp_v6_conn_request+0x1e3/0x440 net/ipv6/tcp_ipv6.c:1328\n tcp_rcv_state_process+0xafa/0x52b0 net/ipv4/tcp_input.c:6781\n tcp_v6_do_rcv+0x8a6/0x1a40 net/ipv6/tcp_ipv6.c:1667\n tcp_v6_rcv+0x505e/0x5b50 net/ipv6/tcp_ipv6.c:1904\n ip6_protocol_deliver_rcu+0x17c/0x1da0 net/ipv6/ip6_input.c:436\n ip6_input_finish+0x103/0x180 net/ipv6/ip6_input.c:480\n NF_HOOK include/linux/netfilter.h:314 [inline]\n NF_HOOK include/linux/netfilter.h:308 [inline]\n ip6_input+0x13c/0x6b0 net/ipv6/ip6_input.c:491\n dst_input include/net/dst.h:469 [inline]\n ip6_rcv_finish net/ipv6/ip6_input.c:79 [inline]\n ip6_rcv_finish+0xb6/0x490 net/ipv6/ip6_input.c:69\n NF_HOOK include/linux/netfilter.h:314 [inline]\n NF_HOOK include/linux/netf\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38181",
"url": "https://www.suse.com/security/cve/CVE-2025-38181"
},
{
"category": "external",
"summary": "SUSE Bug 1246000 for CVE-2025-38181",
"url": "https://bugzilla.suse.com/1246000"
},
{
"category": "external",
"summary": "SUSE Bug 1246001 for CVE-2025-38181",
"url": "https://bugzilla.suse.com/1246001"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38181"
},
{
"cve": "CVE-2025-38182",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38182"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nublk: santizize the arguments from userspace when adding a device\n\nSanity check the values for queue depth and number of queues\nwe get from userspace when adding a device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38182",
"url": "https://www.suse.com/security/cve/CVE-2025-38182"
},
{
"category": "external",
"summary": "SUSE Bug 1245937 for CVE-2025-38182",
"url": "https://bugzilla.suse.com/1245937"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38182"
},
{
"cve": "CVE-2025-38184",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38184"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer\n\nThe reproduction steps:\n1. create a tun interface\n2. enable l2 bearer\n3. TIPC_NL_UDP_GET_REMOTEIP with media name set to tun\n\ntipc: Started in network mode\ntipc: Node identity 8af312d38a21, cluster identity 4711\ntipc: Enabled bearer \u003ceth:syz_tun\u003e, priority 1\nOops: general protection fault\nKASAN: null-ptr-deref in range\nCPU: 1 UID: 1000 PID: 559 Comm: poc Not tainted 6.16.0-rc1+ #117 PREEMPT\nHardware name: QEMU Ubuntu 24.04 PC\nRIP: 0010:tipc_udp_nl_dump_remoteip+0x4a4/0x8f0\n\nthe ub was in fact a struct dev.\n\nwhen bid != 0 \u0026\u0026 skip_cnt != 0, bearer_list[bid] may be NULL or\nother media when other thread changes it.\n\nfix this by checking media_id.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38184",
"url": "https://www.suse.com/security/cve/CVE-2025-38184"
},
{
"category": "external",
"summary": "SUSE Bug 1245956 for CVE-2025-38184",
"url": "https://bugzilla.suse.com/1245956"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38184"
},
{
"cve": "CVE-2025-38185",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38185"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: atmtcp: Free invalid length skb in atmtcp_c_send().\n\nsyzbot reported the splat below. [0]\n\nvcc_sendmsg() copies data passed from userspace to skb and passes\nit to vcc-\u003edev-\u003eops-\u003esend().\n\natmtcp_c_send() accesses skb-\u003edata as struct atmtcp_hdr after\nchecking if skb-\u003elen is 0, but it\u0027s not enough.\n\nAlso, when skb-\u003elen == 0, skb and sk (vcc) were leaked because\ndev_kfree_skb() is not called and sk_wmem_alloc adjustment is missing\nto revert atm_account_tx() in vcc_sendmsg(), which is expected\nto be done in atm_pop_raw().\n\nLet\u0027s properly free skb with an invalid length in atmtcp_c_send().\n\n[0]:\nBUG: KMSAN: uninit-value in atmtcp_c_send+0x255/0xed0 drivers/atm/atmtcp.c:294\n atmtcp_c_send+0x255/0xed0 drivers/atm/atmtcp.c:294\n vcc_sendmsg+0xd7c/0xff0 net/atm/common.c:644\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg+0x330/0x3d0 net/socket.c:727\n ____sys_sendmsg+0x7e0/0xd80 net/socket.c:2566\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2620\n __sys_sendmsg net/socket.c:2652 [inline]\n __do_sys_sendmsg net/socket.c:2657 [inline]\n __se_sys_sendmsg net/socket.c:2655 [inline]\n __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2655\n x64_sys_call+0x32fb/0x3db0 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:4154 [inline]\n slab_alloc_node mm/slub.c:4197 [inline]\n kmem_cache_alloc_node_noprof+0x818/0xf00 mm/slub.c:4249\n kmalloc_reserve+0x13c/0x4b0 net/core/skbuff.c:579\n __alloc_skb+0x347/0x7d0 net/core/skbuff.c:670\n alloc_skb include/linux/skbuff.h:1336 [inline]\n vcc_sendmsg+0xb40/0xff0 net/atm/common.c:628\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg+0x330/0x3d0 net/socket.c:727\n ____sys_sendmsg+0x7e0/0xd80 net/socket.c:2566\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2620\n __sys_sendmsg net/socket.c:2652 [inline]\n __do_sys_sendmsg net/socket.c:2657 [inline]\n __se_sys_sendmsg net/socket.c:2655 [inline]\n __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2655\n x64_sys_call+0x32fb/0x3db0 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCPU: 1 UID: 0 PID: 5798 Comm: syz-executor192 Not tainted 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0 PREEMPT(undef)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38185",
"url": "https://www.suse.com/security/cve/CVE-2025-38185"
},
{
"category": "external",
"summary": "SUSE Bug 1246012 for CVE-2025-38185",
"url": "https://bugzilla.suse.com/1246012"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38185"
},
{
"cve": "CVE-2025-38186",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38186"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Fix double invocation of bnxt_ulp_stop()/bnxt_ulp_start()\n\nBefore the commit under the Fixes tag below, bnxt_ulp_stop() and\nbnxt_ulp_start() were always invoked in pairs. After that commit,\nthe new bnxt_ulp_restart() can be invoked after bnxt_ulp_stop()\nhas been called. This may result in the RoCE driver\u0027s aux driver\n.suspend() method being invoked twice. The 2nd bnxt_re_suspend()\ncall will crash when it dereferences a NULL pointer:\n\n(NULL ib_device): Handle device suspend call\nBUG: kernel NULL pointer dereference, address: 0000000000000b78\nPGD 0 P4D 0\nOops: Oops: 0000 [#1] SMP PTI\nCPU: 20 UID: 0 PID: 181 Comm: kworker/u96:5 Tainted: G S 6.15.0-rc1 #4 PREEMPT(voluntary)\nTainted: [S]=CPU_OUT_OF_SPEC\nHardware name: Dell Inc. PowerEdge R730/072T6D, BIOS 2.4.3 01/17/2017\nWorkqueue: bnxt_pf_wq bnxt_sp_task [bnxt_en]\nRIP: 0010:bnxt_re_suspend+0x45/0x1f0 [bnxt_re]\nCode: 8b 05 a7 3c 5b f5 48 89 44 24 18 31 c0 49 8b 5c 24 08 4d 8b 2c 24 e8 ea 06 0a f4 48 c7 c6 04 60 52 c0 48 89 df e8 1b ce f9 ff \u003c48\u003e 8b 83 78 0b 00 00 48 8b 80 38 03 00 00 a8 40 0f 85 b5 00 00 00\nRSP: 0018:ffffa2e84084fd88 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001\nRDX: 0000000000000000 RSI: ffffffffb4b6b934 RDI: 00000000ffffffff\nRBP: ffffa1760954c9c0 R08: 0000000000000000 R09: c0000000ffffdfff\nR10: 0000000000000001 R11: ffffa2e84084fb50 R12: ffffa176031ef070\nR13: ffffa17609775000 R14: ffffa17603adc180 R15: 0000000000000000\nFS: 0000000000000000(0000) GS:ffffa17daa397000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000b78 CR3: 00000004aaa30003 CR4: 00000000003706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\nbnxt_ulp_stop+0x69/0x90 [bnxt_en]\nbnxt_sp_task+0x678/0x920 [bnxt_en]\n? __schedule+0x514/0xf50\nprocess_scheduled_works+0x9d/0x400\nworker_thread+0x11c/0x260\n? __pfx_worker_thread+0x10/0x10\nkthread+0xfe/0x1e0\n? __pfx_kthread+0x10/0x10\nret_from_fork+0x2b/0x40\n? __pfx_kthread+0x10/0x10\nret_from_fork_asm+0x1a/0x30\n\nCheck the BNXT_EN_FLAG_ULP_STOPPED flag and do not proceed if the flag\nis already set. This will preserve the original symmetrical\nbnxt_ulp_stop() and bnxt_ulp_start().\n\nAlso, inside bnxt_ulp_start(), clear the BNXT_EN_FLAG_ULP_STOPPED\nflag after taking the mutex to avoid any race condition. And for\nsymmetry, only proceed in bnxt_ulp_start() if the\nBNXT_EN_FLAG_ULP_STOPPED is set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38186",
"url": "https://www.suse.com/security/cve/CVE-2025-38186"
},
{
"category": "external",
"summary": "SUSE Bug 1245955 for CVE-2025-38186",
"url": "https://bugzilla.suse.com/1245955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38186"
},
{
"cve": "CVE-2025-38188",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38188"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/a7xx: Call CP_RESET_CONTEXT_STATE\n\nCalling this packet is necessary when we switch contexts because there\nare various pieces of state used by userspace to synchronize between BR\nand BV that are persistent across submits and we need to make sure that\nthey are in a \"safe\" state when switching contexts. Otherwise a\nuserspace submission in one context could cause another context to\nfunction incorrectly and hang, effectively a denial of service (although\nwithout leaking data). This was missed during initial a7xx bringup.\n\nPatchwork: https://patchwork.freedesktop.org/patch/654924/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38188",
"url": "https://www.suse.com/security/cve/CVE-2025-38188"
},
{
"category": "external",
"summary": "SUSE Bug 1246098 for CVE-2025-38188",
"url": "https://bugzilla.suse.com/1246098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38188"
},
{
"cve": "CVE-2025-38189",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38189"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Avoid NULL pointer dereference in `v3d_job_update_stats()`\n\nThe following kernel Oops was recently reported by Mesa CI:\n\n[ 800.139824] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000588\n[ 800.148619] Mem abort info:\n[ 800.151402] ESR = 0x0000000096000005\n[ 800.155141] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 800.160444] SET = 0, FnV = 0\n[ 800.163488] EA = 0, S1PTW = 0\n[ 800.166619] FSC = 0x05: level 1 translation fault\n[ 800.171487] Data abort info:\n[ 800.174357] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n[ 800.179832] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 800.184873] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 800.190176] user pgtable: 4k pages, 39-bit VAs, pgdp=00000001014c2000\n[ 800.196607] [0000000000000588] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n[ 800.205305] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n[ 800.211564] Modules linked in: vc4 snd_soc_hdmi_codec drm_display_helper v3d cec gpu_sched drm_dma_helper drm_shmem_helper drm_kms_helper drm drm_panel_orientation_quirks snd_soc_core snd_compress snd_pcm_dmaengine snd_pcm i2c_brcmstb snd_timer snd backlight\n[ 800.234448] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.25+rpt-rpi-v8 #1 Debian 1:6.12.25-1+rpt1\n[ 800.244182] Hardware name: Raspberry Pi 4 Model B Rev 1.4 (DT)\n[ 800.250005] pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 800.256959] pc : v3d_job_update_stats+0x60/0x130 [v3d]\n[ 800.262112] lr : v3d_job_update_stats+0x48/0x130 [v3d]\n[ 800.267251] sp : ffffffc080003e60\n[ 800.270555] x29: ffffffc080003e60 x28: ffffffd842784980 x27: 0224012000000000\n[ 800.277687] x26: ffffffd84277f630 x25: ffffff81012fd800 x24: 0000000000000020\n[ 800.284818] x23: ffffff8040238b08 x22: 0000000000000570 x21: 0000000000000158\n[ 800.291948] x20: 0000000000000000 x19: ffffff8040238000 x18: 0000000000000000\n[ 800.299078] x17: ffffffa8c1bd2000 x16: ffffffc080000000 x15: 0000000000000000\n[ 800.306208] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n[ 800.313338] x11: 0000000000000040 x10: 0000000000001a40 x9 : ffffffd83b39757c\n[ 800.320468] x8 : ffffffd842786420 x7 : 7fffffffffffffff x6 : 0000000000ef32b0\n[ 800.327598] x5 : 00ffffffffffffff x4 : 0000000000000015 x3 : ffffffd842784980\n[ 800.334728] x2 : 0000000000000004 x1 : 0000000000010002 x0 : 000000ba4c0ca382\n[ 800.341859] Call trace:\n[ 800.344294] v3d_job_update_stats+0x60/0x130 [v3d]\n[ 800.349086] v3d_irq+0x124/0x2e0 [v3d]\n[ 800.352835] __handle_irq_event_percpu+0x58/0x218\n[ 800.357539] handle_irq_event+0x54/0xb8\n[ 800.361369] handle_fasteoi_irq+0xac/0x240\n[ 800.365458] handle_irq_desc+0x48/0x68\n[ 800.369200] generic_handle_domain_irq+0x24/0x38\n[ 800.373810] gic_handle_irq+0x48/0xd8\n[ 800.377464] call_on_irq_stack+0x24/0x58\n[ 800.381379] do_interrupt_handler+0x88/0x98\n[ 800.385554] el1_interrupt+0x34/0x68\n[ 800.389123] el1h_64_irq_handler+0x18/0x28\n[ 800.393211] el1h_64_irq+0x64/0x68\n[ 800.396603] default_idle_call+0x3c/0x168\n[ 800.400606] do_idle+0x1fc/0x230\n[ 800.403827] cpu_startup_entry+0x40/0x50\n[ 800.407742] rest_init+0xe4/0xf0\n[ 800.410962] start_kernel+0x5e8/0x790\n[ 800.414616] __primary_switched+0x80/0x90\n[ 800.418622] Code: 8b170277 8b160296 11000421 b9000861 (b9401ac1)\n[ 800.424707] ---[ end trace 0000000000000000 ]---\n[ 800.457313] ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---\n\nThis issue happens when the file descriptor is closed before the jobs\nsubmitted by it are completed. When the job completes, we update the\nglobal GPU stats and the per-fd GPU stats, which are exposed through\nfdinfo. If the file descriptor was closed, then the struct `v3d_file_priv`\nand its stats were already freed and we can\u0027t update the per-fd stats.\n\nTherefore, if the file descriptor was already closed, don\u0027t u\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38189",
"url": "https://www.suse.com/security/cve/CVE-2025-38189"
},
{
"category": "external",
"summary": "SUSE Bug 1245812 for CVE-2025-38189",
"url": "https://bugzilla.suse.com/1245812"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38189"
},
{
"cve": "CVE-2025-38190",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38190"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: Revert atm_account_tx() if copy_from_iter_full() fails.\n\nIn vcc_sendmsg(), we account skb-\u003etruesize to sk-\u003esk_wmem_alloc by\natm_account_tx().\n\nIt is expected to be reverted by atm_pop_raw() later called by\nvcc-\u003edev-\u003eops-\u003esend(vcc, skb).\n\nHowever, vcc_sendmsg() misses the same revert when copy_from_iter_full()\nfails, and then we will leak a socket.\n\nLet\u0027s factorise the revert part as atm_return_tx() and call it in\nthe failure path.\n\nNote that the corresponding sk_wmem_alloc operation can be found in\nalloc_tx() as of the blamed commit.\n\n $ git blame -L:alloc_tx net/atm/common.c c55fa3cccbc2c~",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38190",
"url": "https://www.suse.com/security/cve/CVE-2025-38190"
},
{
"category": "external",
"summary": "SUSE Bug 1245973 for CVE-2025-38190",
"url": "https://bugzilla.suse.com/1245973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38190"
},
{
"cve": "CVE-2025-38193",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38193"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: sch_sfq: reject invalid perturb period\n\nGerrard Tai reported that SFQ perturb_period has no range check yet,\nand this can be used to trigger a race condition fixed in a separate patch.\n\nWe want to make sure ctl-\u003eperturb_period * HZ will not overflow\nand is positive.\n\n\ntc qd add dev lo root sfq perturb -10 # negative value : error\nError: sch_sfq: invalid perturb period.\n\ntc qd add dev lo root sfq perturb 1000000000 # too big : error\nError: sch_sfq: invalid perturb period.\n\ntc qd add dev lo root sfq perturb 2000000 # acceptable value\ntc -s -d qd sh dev lo\nqdisc sfq 8005: root refcnt 2 limit 127p quantum 64Kb depth 127 flows 128 divisor 1024 perturb 2000000sec\n Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)\n backlog 0b 0p requeues 0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38193",
"url": "https://www.suse.com/security/cve/CVE-2025-38193"
},
{
"category": "external",
"summary": "SUSE Bug 1245945 for CVE-2025-38193",
"url": "https://bugzilla.suse.com/1245945"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38193"
},
{
"cve": "CVE-2025-38197",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38197"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: dell_rbu: Fix list usage\n\nPass the correct list head to list_for_each_entry*() when looping through\nthe packet list.\n\nWithout this patch, reading the packet data via sysfs will show the data\nincorrectly (because it starts at the wrong packet), and clearing the\npacket list will result in a NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38197",
"url": "https://www.suse.com/security/cve/CVE-2025-38197"
},
{
"category": "external",
"summary": "SUSE Bug 1246047 for CVE-2025-38197",
"url": "https://bugzilla.suse.com/1246047"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38197"
},
{
"cve": "CVE-2025-38198",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38198"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbcon: Make sure modelist not set on unregistered console\n\nIt looks like attempting to write to the \"store_modes\" sysfs node will\nrun afoul of unregistered consoles:\n\nUBSAN: array-index-out-of-bounds in drivers/video/fbdev/core/fbcon.c:122:28\nindex -1 is out of range for type \u0027fb_info *[32]\u0027\n...\n fbcon_info_from_console+0x192/0x1a0 drivers/video/fbdev/core/fbcon.c:122\n fbcon_new_modelist+0xbf/0x2d0 drivers/video/fbdev/core/fbcon.c:3048\n fb_new_modelist+0x328/0x440 drivers/video/fbdev/core/fbmem.c:673\n store_modes+0x1c9/0x3e0 drivers/video/fbdev/core/fbsysfs.c:113\n dev_attr_store+0x55/0x80 drivers/base/core.c:2439\n\nstatic struct fb_info *fbcon_registered_fb[FB_MAX];\n...\nstatic signed char con2fb_map[MAX_NR_CONSOLES];\n...\nstatic struct fb_info *fbcon_info_from_console(int console)\n...\n return fbcon_registered_fb[con2fb_map[console]];\n\nIf con2fb_map contains a -1 things go wrong here. Instead, return NULL,\nas callers of fbcon_info_from_console() are trying to compare against\nexisting \"info\" pointers, so error handling should kick in correctly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38198",
"url": "https://www.suse.com/security/cve/CVE-2025-38198"
},
{
"category": "external",
"summary": "SUSE Bug 1245952 for CVE-2025-38198",
"url": "https://bugzilla.suse.com/1245952"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38198"
},
{
"cve": "CVE-2025-38201",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38201"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX\n\nOtherwise, it is possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof()\nwhen resizing hashtable because __GFP_NOWARN is unset.\n\nSimilar to:\n\n b541ba7d1f5a (\"netfilter: conntrack: clamp maximum hashtable size to INT_MAX\")",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38201",
"url": "https://www.suse.com/security/cve/CVE-2025-38201"
},
{
"category": "external",
"summary": "SUSE Bug 1245977 for CVE-2025-38201",
"url": "https://bugzilla.suse.com/1245977"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38201"
},
{
"cve": "CVE-2025-38205",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38205"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid divide by zero by initializing dummy pitch to 1\n\n[Why]\nIf the dummy values in `populate_dummy_dml_surface_cfg()` aren\u0027t updated\nthen they can lead to a divide by zero in downstream callers like\nCalculateVMAndRowBytes()\n\n[How]\nInitialize dummy value to a value to avoid divide by zero.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38205",
"url": "https://www.suse.com/security/cve/CVE-2025-38205"
},
{
"category": "external",
"summary": "SUSE Bug 1246005 for CVE-2025-38205",
"url": "https://bugzilla.suse.com/1246005"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38205"
},
{
"cve": "CVE-2025-38208",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38208"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: add NULL check in automount_fullpath\n\npage is checked for null in __build_path_from_dentry_optional_prefix\nwhen tcon-\u003eorigin_fullpath is not set. However, the check is missing when\nit is set.\nAdd a check to prevent a potential NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38208",
"url": "https://www.suse.com/security/cve/CVE-2025-38208"
},
{
"category": "external",
"summary": "SUSE Bug 1245815 for CVE-2025-38208",
"url": "https://bugzilla.suse.com/1245815"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38208"
},
{
"cve": "CVE-2025-38209",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38209"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-tcp: remove tag set when second admin queue config fails\n\nCommit 104d0e2f6222 (\"nvme-fabrics: reset admin connection for secure\nconcatenation\") modified nvme_tcp_setup_ctrl() to call\nnvme_tcp_configure_admin_queue() twice. The first call prepares for\nDH-CHAP negotitation, and the second call is required for secure\nconcatenation. However, this change triggered BUG KASAN slab-use-after-\nfree in blk_mq_queue_tag_busy_iter(). This BUG can be recreated by\nrepeating the blktests test case nvme/063 a few times [1].\n\nWhen the BUG happens, nvme_tcp_create_ctrl() fails in the call chain\nbelow:\n\nnvme_tcp_create_ctrl()\n nvme_tcp_alloc_ctrl() new=true ... Alloc nvme_tcp_ctrl and admin_tag_set\n nvme_tcp_setup_ctrl() new=true\n nvme_tcp_configure_admin_queue() new=true ... Succeed\n nvme_alloc_admin_tag_set() ... Alloc the tag set for admin_tag_set\n nvme_stop_keep_alive()\n nvme_tcp_teardown_admin_queue() remove=false\n nvme_tcp_configure_admin_queue() new=false\n nvme_tcp_alloc_admin_queue() ... Fail, but do not call nvme_remove_admin_tag_set()\n nvme_uninit_ctrl()\n nvme_put_ctrl() ... Free up the nvme_tcp_ctrl and admin_tag_set\n\nThe first call of nvme_tcp_configure_admin_queue() succeeds with\nnew=true argument. The second call fails with new=false argument. This\nsecond call does not call nvme_remove_admin_tag_set() on failure, due to\nthe new=false argument. Then the admin tag set is not removed. However,\nnvme_tcp_create_ctrl() assumes that nvme_tcp_setup_ctrl() would call\nnvme_remove_admin_tag_set(). Then it frees up struct nvme_tcp_ctrl which\nhas admin_tag_set field. Later on, the timeout handler accesses the\nadmin_tag_set field and causes the BUG KASAN slab-use-after-free.\n\nTo not leave the admin tag set, call nvme_remove_admin_tag_set() when\nthe second nvme_tcp_configure_admin_queue() call fails. Do not return\nfrom nvme_tcp_setup_ctrl() on failure. Instead, jump to \"destroy_admin\"\ngo-to label to call nvme_tcp_teardown_admin_queue() which calls\nnvme_remove_admin_tag_set().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38209",
"url": "https://www.suse.com/security/cve/CVE-2025-38209"
},
{
"category": "external",
"summary": "SUSE Bug 1246022 for CVE-2025-38209",
"url": "https://bugzilla.suse.com/1246022"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38209"
},
{
"cve": "CVE-2025-38211",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38211"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/iwcm: Fix use-after-free of work objects after cm_id destruction\n\nThe commit 59c68ac31e15 (\"iw_cm: free cm_id resources on the last\nderef\") simplified cm_id resource management by freeing cm_id once all\nreferences to the cm_id were removed. The references are removed either\nupon completion of iw_cm event handlers or when the application destroys\nthe cm_id. This commit introduced the use-after-free condition where\ncm_id_private object could still be in use by event handler works during\nthe destruction of cm_id. The commit aee2424246f9 (\"RDMA/iwcm: Fix a\nuse-after-free related to destroying CM IDs\") addressed this use-after-\nfree by flushing all pending works at the cm_id destruction.\n\nHowever, still another use-after-free possibility remained. It happens\nwith the work objects allocated for each cm_id_priv within\nalloc_work_entries() during cm_id creation, and subsequently freed in\ndealloc_work_entries() once all references to the cm_id are removed.\nIf the cm_id\u0027s last reference is decremented in the event handler work,\nthe work object for the work itself gets removed, and causes the use-\nafter-free BUG below:\n\n BUG: KASAN: slab-use-after-free in __pwq_activate_work+0x1ff/0x250\n Read of size 8 at addr ffff88811f9cf800 by task kworker/u16:1/147091\n\n CPU: 2 UID: 0 PID: 147091 Comm: kworker/u16:1 Not tainted 6.15.0-rc2+ #27 PREEMPT(voluntary)\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014\n Workqueue: 0x0 (iw_cm_wq)\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x6a/0x90\n print_report+0x174/0x554\n ? __virt_addr_valid+0x208/0x430\n ? __pwq_activate_work+0x1ff/0x250\n kasan_report+0xae/0x170\n ? __pwq_activate_work+0x1ff/0x250\n __pwq_activate_work+0x1ff/0x250\n pwq_dec_nr_in_flight+0x8c5/0xfb0\n process_one_work+0xc11/0x1460\n ? __pfx_process_one_work+0x10/0x10\n ? assign_work+0x16c/0x240\n worker_thread+0x5ef/0xfd0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x3b0/0x770\n ? __pfx_kthread+0x10/0x10\n ? rcu_is_watching+0x11/0xb0\n ? _raw_spin_unlock_irq+0x24/0x50\n ? rcu_is_watching+0x11/0xb0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x30/0x70\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\n Allocated by task 147416:\n kasan_save_stack+0x2c/0x50\n kasan_save_track+0x10/0x30\n __kasan_kmalloc+0xa6/0xb0\n alloc_work_entries+0xa9/0x260 [iw_cm]\n iw_cm_connect+0x23/0x4a0 [iw_cm]\n rdma_connect_locked+0xbfd/0x1920 [rdma_cm]\n nvme_rdma_cm_handler+0x8e5/0x1b60 [nvme_rdma]\n cma_cm_event_handler+0xae/0x320 [rdma_cm]\n cma_work_handler+0x106/0x1b0 [rdma_cm]\n process_one_work+0x84f/0x1460\n worker_thread+0x5ef/0xfd0\n kthread+0x3b0/0x770\n ret_from_fork+0x30/0x70\n ret_from_fork_asm+0x1a/0x30\n\n Freed by task 147091:\n kasan_save_stack+0x2c/0x50\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x37/0x60\n __kasan_slab_free+0x4b/0x70\n kfree+0x13a/0x4b0\n dealloc_work_entries+0x125/0x1f0 [iw_cm]\n iwcm_deref_id+0x6f/0xa0 [iw_cm]\n cm_work_handler+0x136/0x1ba0 [iw_cm]\n process_one_work+0x84f/0x1460\n worker_thread+0x5ef/0xfd0\n kthread+0x3b0/0x770\n ret_from_fork+0x30/0x70\n ret_from_fork_asm+0x1a/0x30\n\n Last potentially related work creation:\n kasan_save_stack+0x2c/0x50\n kasan_record_aux_stack+0xa3/0xb0\n __queue_work+0x2ff/0x1390\n queue_work_on+0x67/0xc0\n cm_event_handler+0x46a/0x820 [iw_cm]\n siw_cm_upcall+0x330/0x650 [siw]\n siw_cm_work_handler+0x6b9/0x2b20 [siw]\n process_one_work+0x84f/0x1460\n worker_thread+0x5ef/0xfd0\n kthread+0x3b0/0x770\n ret_from_fork+0x30/0x70\n ret_from_fork_asm+0x1a/0x30\n\nThis BUG is reproducible by repeating the blktests test case nvme/061\nfor the rdma transport and the siw driver.\n\nTo avoid the use-after-free of cm_id_private work objects, ensure that\nthe last reference to the cm_id is decremented not in the event handler\nworks, but in the cm_id destruction context. For that purpose, mo\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38211",
"url": "https://www.suse.com/security/cve/CVE-2025-38211"
},
{
"category": "external",
"summary": "SUSE Bug 1246008 for CVE-2025-38211",
"url": "https://bugzilla.suse.com/1246008"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38211"
},
{
"cve": "CVE-2025-38213",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38213"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38213",
"url": "https://www.suse.com/security/cve/CVE-2025-38213"
},
{
"category": "external",
"summary": "SUSE Bug 1246037 for CVE-2025-38213",
"url": "https://bugzilla.suse.com/1246037"
},
{
"category": "external",
"summary": "SUSE Bug 1246039 for CVE-2025-38213",
"url": "https://bugzilla.suse.com/1246039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38213"
},
{
"cve": "CVE-2025-38214",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38214"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var\n\nIf fb_add_videomode() in fb_set_var() fails to allocate memory for\nfb_videomode, later it may lead to a null-ptr dereference in\nfb_videomode_to_var(), as the fb_info is registered while not having the\nmode in modelist that is expected to be there, i.e. the one that is\ndescribed in fb_info-\u003evar.\n\n================================================================\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 1 PID: 30371 Comm: syz-executor.1 Not tainted 5.10.226-syzkaller #0\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nRIP: 0010:fb_videomode_to_var+0x24/0x610 drivers/video/fbdev/core/modedb.c:901\nCall Trace:\n display_to_var+0x3a/0x7c0 drivers/video/fbdev/core/fbcon.c:929\n fbcon_resize+0x3e2/0x8f0 drivers/video/fbdev/core/fbcon.c:2071\n resize_screen drivers/tty/vt/vt.c:1176 [inline]\n vc_do_resize+0x53a/0x1170 drivers/tty/vt/vt.c:1263\n fbcon_modechanged+0x3ac/0x6e0 drivers/video/fbdev/core/fbcon.c:2720\n fbcon_update_vcs+0x43/0x60 drivers/video/fbdev/core/fbcon.c:2776\n do_fb_ioctl+0x6d2/0x740 drivers/video/fbdev/core/fbmem.c:1128\n fb_ioctl+0xe7/0x150 drivers/video/fbdev/core/fbmem.c:1203\n vfs_ioctl fs/ioctl.c:48 [inline]\n __do_sys_ioctl fs/ioctl.c:753 [inline]\n __se_sys_ioctl fs/ioctl.c:739 [inline]\n __x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:739\n do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\n================================================================\n\nThe reason is that fb_info-\u003evar is being modified in fb_set_var(), and\nthen fb_videomode_to_var() is called. If it fails to add the mode to\nfb_info-\u003emodelist, fb_set_var() returns error, but does not restore the\nold value of fb_info-\u003evar. Restore fb_info-\u003evar on failure the same way\nit is done earlier in the function.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38214",
"url": "https://www.suse.com/security/cve/CVE-2025-38214"
},
{
"category": "external",
"summary": "SUSE Bug 1246042 for CVE-2025-38214",
"url": "https://bugzilla.suse.com/1246042"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38214"
},
{
"cve": "CVE-2025-38215",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38215"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var\n\nIf fb_add_videomode() in do_register_framebuffer() fails to allocate\nmemory for fb_videomode, it will later lead to a null-ptr dereference in\nfb_videomode_to_var(), as the fb_info is registered while not having the\nmode in modelist that is expected to be there, i.e. the one that is\ndescribed in fb_info-\u003evar.\n\n================================================================\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 1 PID: 30371 Comm: syz-executor.1 Not tainted 5.10.226-syzkaller #0\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nRIP: 0010:fb_videomode_to_var+0x24/0x610 drivers/video/fbdev/core/modedb.c:901\nCall Trace:\n display_to_var+0x3a/0x7c0 drivers/video/fbdev/core/fbcon.c:929\n fbcon_resize+0x3e2/0x8f0 drivers/video/fbdev/core/fbcon.c:2071\n resize_screen drivers/tty/vt/vt.c:1176 [inline]\n vc_do_resize+0x53a/0x1170 drivers/tty/vt/vt.c:1263\n fbcon_modechanged+0x3ac/0x6e0 drivers/video/fbdev/core/fbcon.c:2720\n fbcon_update_vcs+0x43/0x60 drivers/video/fbdev/core/fbcon.c:2776\n do_fb_ioctl+0x6d2/0x740 drivers/video/fbdev/core/fbmem.c:1128\n fb_ioctl+0xe7/0x150 drivers/video/fbdev/core/fbmem.c:1203\n vfs_ioctl fs/ioctl.c:48 [inline]\n __do_sys_ioctl fs/ioctl.c:753 [inline]\n __se_sys_ioctl fs/ioctl.c:739 [inline]\n __x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:739\n do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\n================================================================\n\nEven though fbcon_init() checks beforehand if fb_match_mode() in\nvar_to_display() fails, it can not prevent the panic because fbcon_init()\ndoes not return error code. Considering this and the comment in the code\nabout fb_match_mode() returning NULL - \"This should not happen\" - it is\nbetter to prevent registering the fb_info if its mode was not set\nsuccessfully. Also move fb_add_videomode() closer to the beginning of\ndo_register_framebuffer() to avoid having to do the cleanup on fail.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38215",
"url": "https://www.suse.com/security/cve/CVE-2025-38215"
},
{
"category": "external",
"summary": "SUSE Bug 1246109 for CVE-2025-38215",
"url": "https://bugzilla.suse.com/1246109"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38215"
},
{
"cve": "CVE-2025-38216",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38216"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Restore context entry setup order for aliased devices\n\nCommit 2031c469f816 (\"iommu/vt-d: Add support for static identity domain\")\nchanged the context entry setup during domain attachment from a\nset-and-check policy to a clear-and-reset approach. This inadvertently\nintroduced a regression affecting PCI aliased devices behind PCIe-to-PCI\nbridges.\n\nSpecifically, keyboard and touchpad stopped working on several Apple\nMacbooks with below messages:\n\n kernel: platform pxa2xx-spi.3: Adding to iommu group 20\n kernel: input: Apple SPI Keyboard as\n /devices/pci0000:00/0000:00:1e.3/pxa2xx-spi.3/spi_master/spi2/spi-APP000D:00/input/input0\n kernel: DMAR: DRHD: handling fault status reg 3\n kernel: DMAR: [DMA Read NO_PASID] Request device [00:1e.3] fault addr\n 0xffffa000 [fault reason 0x06] PTE Read access is not set\n kernel: DMAR: DRHD: handling fault status reg 3\n kernel: DMAR: [DMA Read NO_PASID] Request device [00:1e.3] fault addr\n 0xffffa000 [fault reason 0x06] PTE Read access is not set\n kernel: applespi spi-APP000D:00: Error writing to device: 01 0e 00 00\n kernel: DMAR: DRHD: handling fault status reg 3\n kernel: DMAR: [DMA Read NO_PASID] Request device [00:1e.3] fault addr\n 0xffffa000 [fault reason 0x06] PTE Read access is not set\n kernel: DMAR: DRHD: handling fault status reg 3\n kernel: applespi spi-APP000D:00: Error writing to device: 01 0e 00 00\n\nFix this by restoring the previous context setup order.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38216",
"url": "https://www.suse.com/security/cve/CVE-2025-38216"
},
{
"category": "external",
"summary": "SUSE Bug 1245963 for CVE-2025-38216",
"url": "https://bugzilla.suse.com/1245963"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38216"
},
{
"cve": "CVE-2025-38217",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38217"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (ftsteutates) Fix TOCTOU race in fts_read()\n\nIn the fts_read() function, when handling hwmon_pwm_auto_channels_temp,\nthe code accesses the shared variable data-\u003efan_source[channel] twice\nwithout holding any locks. It is first checked against\nFTS_FAN_SOURCE_INVALID, and if the check passes, it is read again\nwhen used as an argument to the BIT() macro.\n\nThis creates a Time-of-Check to Time-of-Use (TOCTOU) race condition.\nAnother thread executing fts_update_device() can modify the value of\ndata-\u003efan_source[channel] between the check and its use. If the value\nis changed to FTS_FAN_SOURCE_INVALID (0xff) during this window, the\nBIT() macro will be called with a large shift value (BIT(255)).\nA bit shift by a value greater than or equal to the type width is\nundefined behavior and can lead to a crash or incorrect values being\nreturned to userspace.\n\nFix this by reading data-\u003efan_source[channel] into a local variable\nonce, eliminating the race condition. Additionally, add a bounds check\nto ensure the value is less than BITS_PER_LONG before passing it to\nthe BIT() macro, making the code more robust against undefined behavior.\n\nThis possible bug was found by an experimental static analysis tool\ndeveloped by our team.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38217",
"url": "https://www.suse.com/security/cve/CVE-2025-38217"
},
{
"category": "external",
"summary": "SUSE Bug 1246002 for CVE-2025-38217",
"url": "https://bugzilla.suse.com/1246002"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38217"
},
{
"cve": "CVE-2025-38220",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38220"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: only dirty folios when data journaling regular files\n\nfstest generic/388 occasionally reproduces a crash that looks as\nfollows:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n...\nCall Trace:\n \u003cTASK\u003e\n ext4_block_zero_page_range+0x30c/0x380 [ext4]\n ext4_truncate+0x436/0x440 [ext4]\n ext4_process_orphan+0x5d/0x110 [ext4]\n ext4_orphan_cleanup+0x124/0x4f0 [ext4]\n ext4_fill_super+0x262d/0x3110 [ext4]\n get_tree_bdev_flags+0x132/0x1d0\n vfs_get_tree+0x26/0xd0\n vfs_cmd_create+0x59/0xe0\n __do_sys_fsconfig+0x4ed/0x6b0\n do_syscall_64+0x82/0x170\n ...\n\nThis occurs when processing a symlink inode from the orphan list. The\npartial block zeroing code in the truncate path calls\next4_dirty_journalled_data() -\u003e folio_mark_dirty(). The latter calls\nmapping-\u003ea_ops-\u003edirty_folio(), but symlink inodes are not assigned an\na_ops vector in ext4, hence the crash.\n\nTo avoid this problem, update the ext4_dirty_journalled_data() helper to\nonly mark the folio dirty on regular files (for which a_ops is\nassigned). This also matches the journaling logic in the ext4_symlink()\ncreation path, where ext4_handle_dirty_metadata() is called directly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38220",
"url": "https://www.suse.com/security/cve/CVE-2025-38220"
},
{
"category": "external",
"summary": "SUSE Bug 1245966 for CVE-2025-38220",
"url": "https://bugzilla.suse.com/1245966"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38220"
},
{
"cve": "CVE-2025-38222",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38222"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: inline: fix len overflow in ext4_prepare_inline_data\n\nWhen running the following code on an ext4 filesystem with inline_data\nfeature enabled, it will lead to the bug below.\n\n fd = open(\"file1\", O_RDWR | O_CREAT | O_TRUNC, 0666);\n ftruncate(fd, 30);\n pwrite(fd, \"a\", 1, (1UL \u003c\u003c 40) + 5UL);\n\nThat happens because write_begin will succeed as when\next4_generic_write_inline_data calls ext4_prepare_inline_data, pos + len\nwill be truncated, leading to ext4_prepare_inline_data parameter to be 6\ninstead of 0x10000000006.\n\nThen, later when write_end is called, we hit:\n\n BUG_ON(pos + len \u003e EXT4_I(inode)-\u003ei_inline_size);\n\nat ext4_write_inline_data.\n\nFix it by using a loff_t type for the len parameter in\next4_prepare_inline_data instead of an unsigned int.\n\n[ 44.545164] ------------[ cut here ]------------\n[ 44.545530] kernel BUG at fs/ext4/inline.c:240!\n[ 44.545834] Oops: invalid opcode: 0000 [#1] SMP NOPTI\n[ 44.546172] CPU: 3 UID: 0 PID: 343 Comm: test Not tainted 6.15.0-rc2-00003-g9080916f4863 #45 PREEMPT(full) 112853fcebfdb93254270a7959841d2c6aa2c8bb\n[ 44.546523] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 44.546523] RIP: 0010:ext4_write_inline_data+0xfe/0x100\n[ 44.546523] Code: 3c 0e 48 83 c7 48 48 89 de 5b 41 5c 41 5d 41 5e 41 5f 5d e9 e4 fa 43 01 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc 0f 0b \u003c0f\u003e 0b 0f 1f 44 00 00 55 41 57 41 56 41 55 41 54 53 48 83 ec 20 49\n[ 44.546523] RSP: 0018:ffffb342008b79a8 EFLAGS: 00010216\n[ 44.546523] RAX: 0000000000000001 RBX: ffff9329c579c000 RCX: 0000010000000006\n[ 44.546523] RDX: 000000000000003c RSI: ffffb342008b79f0 RDI: ffff9329c158e738\n[ 44.546523] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000\n[ 44.546523] R10: 00007ffffffff000 R11: ffffffff9bd0d910 R12: 0000006210000000\n[ 44.546523] R13: fffffc7e4015e700 R14: 0000010000000005 R15: ffff9329c158e738\n[ 44.546523] FS: 00007f4299934740(0000) GS:ffff932a60179000(0000) knlGS:0000000000000000\n[ 44.546523] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 44.546523] CR2: 00007f4299a1ec90 CR3: 0000000002886002 CR4: 0000000000770eb0\n[ 44.546523] PKRU: 55555554\n[ 44.546523] Call Trace:\n[ 44.546523] \u003cTASK\u003e\n[ 44.546523] ext4_write_inline_data_end+0x126/0x2d0\n[ 44.546523] generic_perform_write+0x17e/0x270\n[ 44.546523] ext4_buffered_write_iter+0xc8/0x170\n[ 44.546523] vfs_write+0x2be/0x3e0\n[ 44.546523] __x64_sys_pwrite64+0x6d/0xc0\n[ 44.546523] do_syscall_64+0x6a/0xf0\n[ 44.546523] ? __wake_up+0x89/0xb0\n[ 44.546523] ? xas_find+0x72/0x1c0\n[ 44.546523] ? next_uptodate_folio+0x317/0x330\n[ 44.546523] ? set_pte_range+0x1a6/0x270\n[ 44.546523] ? filemap_map_pages+0x6ee/0x840\n[ 44.546523] ? ext4_setattr+0x2fa/0x750\n[ 44.546523] ? do_pte_missing+0x128/0xf70\n[ 44.546523] ? security_inode_post_setattr+0x3e/0xd0\n[ 44.546523] ? ___pte_offset_map+0x19/0x100\n[ 44.546523] ? handle_mm_fault+0x721/0xa10\n[ 44.546523] ? do_user_addr_fault+0x197/0x730\n[ 44.546523] ? do_syscall_64+0x76/0xf0\n[ 44.546523] ? arch_exit_to_user_mode_prepare+0x1e/0x60\n[ 44.546523] ? irqentry_exit_to_user_mode+0x79/0x90\n[ 44.546523] entry_SYSCALL_64_after_hwframe+0x55/0x5d\n[ 44.546523] RIP: 0033:0x7f42999c6687\n[ 44.546523] Code: 48 89 fa 4c 89 df e8 58 b3 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 \u003c5b\u003e c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff\n[ 44.546523] RSP: 002b:00007ffeae4a7930 EFLAGS: 00000202 ORIG_RAX: 0000000000000012\n[ 44.546523] RAX: ffffffffffffffda RBX: 00007f4299934740 RCX: 00007f42999c6687\n[ 44.546523] RDX: 0000000000000001 RSI: 000055ea6149200f RDI: 0000000000000003\n[ 44.546523] RBP: 00007ffeae4a79a0 R08: 0000000000000000 R09: 0000000000000000\n[ 44.546523] R10: 0000010000000005 R11: 0000000000000202 R12: 0000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38222",
"url": "https://www.suse.com/security/cve/CVE-2025-38222"
},
{
"category": "external",
"summary": "SUSE Bug 1245976 for CVE-2025-38222",
"url": "https://bugzilla.suse.com/1245976"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38222"
},
{
"cve": "CVE-2025-38224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38224"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: kvaser_pciefd: refine error prone echo_skb_max handling logic\n\necho_skb_max should define the supported upper limit of echo_skb[]\nallocated inside the netdevice\u0027s priv. The corresponding size value\nprovided by this driver to alloc_candev() is KVASER_PCIEFD_CAN_TX_MAX_COUNT\nwhich is 17.\n\nBut later echo_skb_max is rounded up to the nearest power of two (for the\nmax case, that would be 32) and the tx/ack indices calculated further\nduring tx/rx may exceed the upper array boundary. Kasan reported this for\nthe ack case inside kvaser_pciefd_handle_ack_packet(), though the xmit\nfunction has actually caught the same thing earlier.\n\n BUG: KASAN: slab-out-of-bounds in kvaser_pciefd_handle_ack_packet+0x2d7/0x92a drivers/net/can/kvaser_pciefd.c:1528\n Read of size 8 at addr ffff888105e4f078 by task swapper/4/0\n\n CPU: 4 UID: 0 PID: 0 Comm: swapper/4 Not tainted 6.15.0 #12 PREEMPT(voluntary)\n Call Trace:\n \u003cIRQ\u003e\n dump_stack_lvl lib/dump_stack.c:122\n print_report mm/kasan/report.c:521\n kasan_report mm/kasan/report.c:634\n kvaser_pciefd_handle_ack_packet drivers/net/can/kvaser_pciefd.c:1528\n kvaser_pciefd_read_packet drivers/net/can/kvaser_pciefd.c:1605\n kvaser_pciefd_read_buffer drivers/net/can/kvaser_pciefd.c:1656\n kvaser_pciefd_receive_irq drivers/net/can/kvaser_pciefd.c:1684\n kvaser_pciefd_irq_handler drivers/net/can/kvaser_pciefd.c:1733\n __handle_irq_event_percpu kernel/irq/handle.c:158\n handle_irq_event kernel/irq/handle.c:210\n handle_edge_irq kernel/irq/chip.c:833\n __common_interrupt arch/x86/kernel/irq.c:296\n common_interrupt arch/x86/kernel/irq.c:286\n \u003c/IRQ\u003e\n\nTx max count definitely matters for kvaser_pciefd_tx_avail(), but for seq\nnumbers\u0027 generation that\u0027s not the case - we\u0027re free to calculate them as\nwould be more convenient, not taking tx max count into account. The only\ndownside is that the size of echo_skb[] should correspond to the max seq\nnumber (not tx max count), so in some situations a bit more memory would\nbe consumed than could be.\n\nThus make the size of the underlying echo_skb[] sufficient for the rounded\nmax tx value.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38224",
"url": "https://www.suse.com/security/cve/CVE-2025-38224"
},
{
"category": "external",
"summary": "SUSE Bug 1246166 for CVE-2025-38224",
"url": "https://bugzilla.suse.com/1246166"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38224"
},
{
"cve": "CVE-2025-38225",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38225"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-jpeg: Cleanup after an allocation error\n\nWhen allocation failures are not cleaned up by the driver, further\nallocation errors will be false-positives, which will cause buffers to\nremain uninitialized and cause NULL pointer dereferences.\nEnsure proper cleanup of failed allocations to prevent these issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38225",
"url": "https://www.suse.com/security/cve/CVE-2025-38225"
},
{
"category": "external",
"summary": "SUSE Bug 1246041 for CVE-2025-38225",
"url": "https://bugzilla.suse.com/1246041"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38225"
},
{
"cve": "CVE-2025-38226",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38226"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: vivid: Change the siize of the composing\n\nsyzkaller found a bug:\n\nBUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_pattern drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2608 [inline]\nBUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_buffer+0x1a9c/0x5af0 drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2705\nWrite of size 1440 at addr ffffc9000d0ffda0 by task vivid-000-vid-c/5304\n\nCPU: 0 UID: 0 PID: 5304 Comm: vivid-000-vid-c Not tainted 6.14.0-rc2-syzkaller-00039-g09fbf3d50205 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n kasan_check_range+0x282/0x290 mm/kasan/generic.c:189\n __asan_memcpy+0x40/0x70 mm/kasan/shadow.c:106\n tpg_fill_plane_pattern drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2608 [inline]\n tpg_fill_plane_buffer+0x1a9c/0x5af0 drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2705\n vivid_fillbuff drivers/media/test-drivers/vivid/vivid-kthread-cap.c:470 [inline]\n vivid_thread_vid_cap_tick+0xf8e/0x60d0 drivers/media/test-drivers/vivid/vivid-kthread-cap.c:629\n vivid_thread_vid_cap+0x8aa/0xf30 drivers/media/test-drivers/vivid/vivid-kthread-cap.c:767\n kthread+0x7a9/0x920 kernel/kthread.c:464\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\nThe composition size cannot be larger than the size of fmt_cap_rect.\nSo execute v4l2_rect_map_inside() even if has_compose_cap == 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38226",
"url": "https://www.suse.com/security/cve/CVE-2025-38226"
},
{
"category": "external",
"summary": "SUSE Bug 1246050 for CVE-2025-38226",
"url": "https://bugzilla.suse.com/1246050"
},
{
"category": "external",
"summary": "SUSE Bug 1246051 for CVE-2025-38226",
"url": "https://bugzilla.suse.com/1246051"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38226"
},
{
"cve": "CVE-2025-38227",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38227"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: vidtv: Terminating the subsequent process of initialization failure\n\nsyzbot reported a slab-use-after-free Read in vidtv_mux_init. [1]\n\nAfter PSI initialization fails, the si member is accessed again, resulting\nin this uaf.\n\nAfter si initialization fails, the subsequent process needs to be exited.\n\n[1]\nBUG: KASAN: slab-use-after-free in vidtv_mux_pid_ctx_init drivers/media/test-drivers/vidtv/vidtv_mux.c:78 [inline]\nBUG: KASAN: slab-use-after-free in vidtv_mux_init+0xac2/0xbe0 drivers/media/test-drivers/vidtv/vidtv_mux.c:524\nRead of size 8 at addr ffff88802fa42acc by task syz.2.37/6059\n\nCPU: 0 UID: 0 PID: 6059 Comm: syz.2.37 Not tainted 6.14.0-rc5-syzkaller #0\nHardware name: Google Compute Engine, BIOS Google 02/12/2025\nCall Trace:\n\u003cTASK\u003e\n__dump_stack lib/dump_stack.c:94 [inline]\ndump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\nprint_address_description mm/kasan/report.c:408 [inline]\nprint_report+0xc3/0x670 mm/kasan/report.c:521\nkasan_report+0xd9/0x110 mm/kasan/report.c:634\nvidtv_mux_pid_ctx_init drivers/media/test-drivers/vidtv/vidtv_mux.c:78\nvidtv_mux_init+0xac2/0xbe0 drivers/media/test-drivers/vidtv/vidtv_mux.c:524\nvidtv_start_streaming drivers/media/test-drivers/vidtv/vidtv_bridge.c:194\nvidtv_start_feed drivers/media/test-drivers/vidtv/vidtv_bridge.c:239\ndmx_section_feed_start_filtering drivers/media/dvb-core/dvb_demux.c:973\ndvb_dmxdev_feed_start drivers/media/dvb-core/dmxdev.c:508 [inline]\ndvb_dmxdev_feed_restart.isra.0 drivers/media/dvb-core/dmxdev.c:537\ndvb_dmxdev_filter_stop+0x2b4/0x3a0 drivers/media/dvb-core/dmxdev.c:564\ndvb_dmxdev_filter_free drivers/media/dvb-core/dmxdev.c:840 [inline]\ndvb_demux_release+0x92/0x550 drivers/media/dvb-core/dmxdev.c:1246\n__fput+0x3ff/0xb70 fs/file_table.c:464\ntask_work_run+0x14e/0x250 kernel/task_work.c:227\nexit_task_work include/linux/task_work.h:40 [inline]\ndo_exit+0xad8/0x2d70 kernel/exit.c:938\ndo_group_exit+0xd3/0x2a0 kernel/exit.c:1087\n__do_sys_exit_group kernel/exit.c:1098 [inline]\n__se_sys_exit_group kernel/exit.c:1096 [inline]\n__x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1096\nx64_sys_call+0x151f/0x1720 arch/x86/include/generated/asm/syscalls_64.h:232\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f871d58d169\nCode: Unable to access opcode bytes at 0x7f871d58d13f.\nRSP: 002b:00007fff4b19a788 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f871d58d169\nRDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: 00007fff4b19a7ec R08: 0000000b4b19a87f R09: 00000000000927c0\nR10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000003\nR13: 00000000000927c0 R14: 000000000001d553 R15: 00007fff4b19a840\n \u003c/TASK\u003e\n\nAllocated by task 6059:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394\n kmalloc_noprof include/linux/slab.h:901 [inline]\n kzalloc_noprof include/linux/slab.h:1037 [inline]\n vidtv_psi_pat_table_init drivers/media/test-drivers/vidtv/vidtv_psi.c:970\n vidtv_channel_si_init drivers/media/test-drivers/vidtv/vidtv_channel.c:423\n vidtv_mux_init drivers/media/test-drivers/vidtv/vidtv_mux.c:519\n vidtv_start_streaming drivers/media/test-drivers/vidtv/vidtv_bridge.c:194\n vidtv_start_feed drivers/media/test-drivers/vidtv/vidtv_bridge.c:239\n dmx_section_feed_start_filtering drivers/media/dvb-core/dvb_demux.c:973\n dvb_dmxdev_feed_start drivers/media/dvb-core/dmxdev.c:508 [inline]\n dvb_dmxdev_feed_restart.isra.0 drivers/media/dvb-core/dmxdev.c:537\n dvb_dmxdev_filter_stop+0x2b4/0x3a0 drivers/media/dvb-core/dmxdev.c:564\n dvb_dmxdev_filter_free drivers/media/dvb-core/dmxdev.c:840 [inline]\n dvb_demux_release+0x92/0x550 drivers/media/dvb-core/dmxdev.c:1246\n __fput+0x3ff/0xb70 fs/file_tabl\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38227",
"url": "https://www.suse.com/security/cve/CVE-2025-38227"
},
{
"category": "external",
"summary": "SUSE Bug 1246031 for CVE-2025-38227",
"url": "https://bugzilla.suse.com/1246031"
},
{
"category": "external",
"summary": "SUSE Bug 1246032 for CVE-2025-38227",
"url": "https://bugzilla.suse.com/1246032"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38227"
},
{
"cve": "CVE-2025-38228",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38228"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imagination: fix a potential memory leak in e5010_probe()\n\nAdd video_device_release() to release the memory allocated by\nvideo_device_alloc() if something goes wrong.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38228",
"url": "https://www.suse.com/security/cve/CVE-2025-38228"
},
{
"category": "external",
"summary": "SUSE Bug 1245814 for CVE-2025-38228",
"url": "https://bugzilla.suse.com/1245814"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "low"
}
],
"title": "CVE-2025-38228"
},
{
"cve": "CVE-2025-38229",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38229"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: cxusb: no longer judge rbuf when the write fails\n\nsyzbot reported a uninit-value in cxusb_i2c_xfer. [1]\n\nOnly when the write operation of usb_bulk_msg() in dvb_usb_generic_rw()\nsucceeds and rlen is greater than 0, the read operation of usb_bulk_msg()\nwill be executed to read rlen bytes of data from the dvb device into the\nrbuf.\n\nIn this case, although rlen is 1, the write operation failed which resulted\nin the dvb read operation not being executed, and ultimately variable i was\nnot initialized.\n\n[1]\nBUG: KMSAN: uninit-value in cxusb_gpio_tuner drivers/media/usb/dvb-usb/cxusb.c:124 [inline]\nBUG: KMSAN: uninit-value in cxusb_i2c_xfer+0x153a/0x1a60 drivers/media/usb/dvb-usb/cxusb.c:196\n cxusb_gpio_tuner drivers/media/usb/dvb-usb/cxusb.c:124 [inline]\n cxusb_i2c_xfer+0x153a/0x1a60 drivers/media/usb/dvb-usb/cxusb.c:196\n __i2c_transfer+0xe25/0x3150 drivers/i2c/i2c-core-base.c:-1\n i2c_transfer+0x317/0x4a0 drivers/i2c/i2c-core-base.c:2315\n i2c_transfer_buffer_flags+0x125/0x1e0 drivers/i2c/i2c-core-base.c:2343\n i2c_master_send include/linux/i2c.h:109 [inline]\n i2cdev_write+0x210/0x280 drivers/i2c/i2c-dev.c:183\n do_loop_readv_writev fs/read_write.c:848 [inline]\n vfs_writev+0x963/0x14e0 fs/read_write.c:1057\n do_writev+0x247/0x5c0 fs/read_write.c:1101\n __do_sys_writev fs/read_write.c:1169 [inline]\n __se_sys_writev fs/read_write.c:1166 [inline]\n __x64_sys_writev+0x98/0xe0 fs/read_write.c:1166\n x64_sys_call+0x2229/0x3c80 arch/x86/include/generated/asm/syscalls_64.h:21\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38229",
"url": "https://www.suse.com/security/cve/CVE-2025-38229"
},
{
"category": "external",
"summary": "SUSE Bug 1246049 for CVE-2025-38229",
"url": "https://bugzilla.suse.com/1246049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38229"
},
{
"cve": "CVE-2025-38231",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38231"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: Initialize ssc before laundromat_work to prevent NULL dereference\n\nIn nfs4_state_start_net(), laundromat_work may access nfsd_ssc through\nnfs4_laundromat -\u003e nfsd4_ssc_expire_umount. If nfsd_ssc isn\u0027t initialized,\nthis can cause NULL pointer dereference.\n\nNormally the delayed start of laundromat_work allows sufficient time for\nnfsd_ssc initialization to complete. However, when the kernel waits too\nlong for userspace responses (e.g. in nfs4_state_start_net -\u003e\nnfsd4_end_grace -\u003e nfsd4_record_grace_done -\u003e nfsd4_cld_grace_done -\u003e\ncld_pipe_upcall -\u003e __cld_pipe_upcall -\u003e wait_for_completion path), the\ndelayed work may start before nfsd_ssc initialization finishes.\n\nFix this by moving nfsd_ssc initialization before starting laundromat_work.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38231",
"url": "https://www.suse.com/security/cve/CVE-2025-38231"
},
{
"category": "external",
"summary": "SUSE Bug 1246055 for CVE-2025-38231",
"url": "https://bugzilla.suse.com/1246055"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38231"
},
{
"cve": "CVE-2025-38232",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38232"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: fix race between nfsd registration and exports_proc\n\nAs of now nfsd calls create_proc_exports_entry() at start of init_nfsd\nand cleanup by remove_proc_entry() at last of exit_nfsd.\n\nWhich causes kernel OOPs if there is race between below 2 operations:\n(i) exportfs -r\n(ii) mount -t nfsd none /proc/fs/nfsd\n\nfor 5.4 kernel ARM64:\n\nCPU 1:\nel1_irq+0xbc/0x180\narch_counter_get_cntvct+0x14/0x18\nrunning_clock+0xc/0x18\npreempt_count_add+0x88/0x110\nprep_new_page+0xb0/0x220\nget_page_from_freelist+0x2d8/0x1778\n__alloc_pages_nodemask+0x15c/0xef0\n__vmalloc_node_range+0x28c/0x478\n__vmalloc_node_flags_caller+0x8c/0xb0\nkvmalloc_node+0x88/0xe0\nnfsd_init_net+0x6c/0x108 [nfsd]\nops_init+0x44/0x170\nregister_pernet_operations+0x114/0x270\nregister_pernet_subsys+0x34/0x50\ninit_nfsd+0xa8/0x718 [nfsd]\ndo_one_initcall+0x54/0x2e0\n\nCPU 2 :\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000010\n\nPC is at : exports_net_open+0x50/0x68 [nfsd]\n\nCall trace:\nexports_net_open+0x50/0x68 [nfsd]\nexports_proc_open+0x2c/0x38 [nfsd]\nproc_reg_open+0xb8/0x198\ndo_dentry_open+0x1c4/0x418\nvfs_open+0x38/0x48\npath_openat+0x28c/0xf18\ndo_filp_open+0x70/0xe8\ndo_sys_open+0x154/0x248\n\nSometimes it crashes at exports_net_open() and sometimes cache_seq_next_rcu().\n\nand same is happening on latest 6.14 kernel as well:\n\n[ 0.000000] Linux version 6.14.0-rc5-next-20250304-dirty\n...\n[ 285.455918] Unable to handle kernel paging request at virtual address 00001f4800001f48\n...\n[ 285.464902] pc : cache_seq_next_rcu+0x78/0xa4\n...\n[ 285.469695] Call trace:\n[ 285.470083] cache_seq_next_rcu+0x78/0xa4 (P)\n[ 285.470488] seq_read+0xe0/0x11c\n[ 285.470675] proc_reg_read+0x9c/0xf0\n[ 285.470874] vfs_read+0xc4/0x2fc\n[ 285.471057] ksys_read+0x6c/0xf4\n[ 285.471231] __arm64_sys_read+0x1c/0x28\n[ 285.471428] invoke_syscall+0x44/0x100\n[ 285.471633] el0_svc_common.constprop.0+0x40/0xe0\n[ 285.471870] do_el0_svc_compat+0x1c/0x34\n[ 285.472073] el0_svc_compat+0x2c/0x80\n[ 285.472265] el0t_32_sync_handler+0x90/0x140\n[ 285.472473] el0t_32_sync+0x19c/0x1a0\n[ 285.472887] Code: f9400885 93407c23 937d7c27 11000421 (f86378a3)\n[ 285.473422] ---[ end trace 0000000000000000 ]---\n\nIt reproduced simply with below script:\nwhile [ 1 ]\ndo\n/exportfs -r\ndone \u0026\n\nwhile [ 1 ]\ndo\ninsmod /nfsd.ko\nmount -t nfsd none /proc/fs/nfsd\numount /proc/fs/nfsd\nrmmod nfsd\ndone \u0026\n\nSo exporting interfaces to user space shall be done at last and\ncleanup at first place.\n\nWith change there is no Kernel OOPs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38232",
"url": "https://www.suse.com/security/cve/CVE-2025-38232"
},
{
"category": "external",
"summary": "SUSE Bug 1246054 for CVE-2025-38232",
"url": "https://bugzilla.suse.com/1246054"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38232"
},
{
"cve": "CVE-2025-38233",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38233"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc64/ftrace: fix clobbered r15 during livepatching\n\nWhile r15 is clobbered always with PPC_FTRACE_OUT_OF_LINE, it is\nnot restored in livepatch sequence leading to not so obvious fails\nlike below:\n\n BUG: Unable to handle kernel data access on write at 0xc0000000000f9078\n Faulting instruction address: 0xc0000000018ff958\n Oops: Kernel access of bad area, sig: 11 [#1]\n ...\n NIP: c0000000018ff958 LR: c0000000018ff930 CTR: c0000000009c0790\n REGS: c00000005f2e7790 TRAP: 0300 Tainted: G K (6.14.0+)\n MSR: 8000000000009033 \u003cSF,EE,ME,IR,DR,RI,LE\u003e CR: 2822880b XER: 20040000\n CFAR: c0000000008addc0 DAR: c0000000000f9078 DSISR: 0a000000 IRQMASK: 1\n GPR00: c0000000018f2584 c00000005f2e7a30 c00000000280a900 c000000017ffa488\n GPR04: 0000000000000008 0000000000000000 c0000000018f24fc 000000000000000d\n GPR08: fffffffffffe0000 000000000000000d 0000000000000000 0000000000008000\n GPR12: c0000000009c0790 c000000017ffa480 c00000005f2e7c78 c0000000000f9070\n GPR16: c00000005f2e7c90 0000000000000000 0000000000000000 0000000000000000\n GPR20: 0000000000000000 c00000005f3efa80 c00000005f2e7c60 c00000005f2e7c88\n GPR24: c00000005f2e7c60 0000000000000001 c0000000000f9078 0000000000000000\n GPR28: 00007fff97960000 c000000017ffa480 0000000000000000 c0000000000f9078\n ...\n Call Trace:\n check_heap_object+0x34/0x390 (unreliable)\n __mutex_unlock_slowpath.isra.0+0xe4/0x230\n seq_read_iter+0x430/0xa90\n proc_reg_read_iter+0xa4/0x200\n vfs_read+0x41c/0x510\n ksys_read+0xa4/0x190\n system_call_exception+0x1d0/0x440\n system_call_vectored_common+0x15c/0x2ec\n\nFix it by restoring r15 always.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38233",
"url": "https://www.suse.com/security/cve/CVE-2025-38233"
},
{
"category": "external",
"summary": "SUSE Bug 1246053 for CVE-2025-38233",
"url": "https://bugzilla.suse.com/1246053"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38233"
},
{
"cve": "CVE-2025-38234",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38234"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/rt: Fix race in push_rt_task\n\nOverview\n========\nWhen a CPU chooses to call push_rt_task and picks a task to push to\nanother CPU\u0027s runqueue then it will call find_lock_lowest_rq method\nwhich would take a double lock on both CPUs\u0027 runqueues. If one of the\nlocks aren\u0027t readily available, it may lead to dropping the current\nrunqueue lock and reacquiring both the locks at once. During this window\nit is possible that the task is already migrated and is running on some\nother CPU. These cases are already handled. However, if the task is\nmigrated and has already been executed and another CPU is now trying to\nwake it up (ttwu) such that it is queued again on the runqeue\n(on_rq is 1) and also if the task was run by the same CPU, then the\ncurrent checks will pass even though the task was migrated out and is no\nlonger in the pushable tasks list.\n\nCrashes\n=======\nThis bug resulted in quite a few flavors of crashes triggering kernel\npanics with various crash signatures such as assert failures, page\nfaults, null pointer dereferences, and queue corruption errors all\ncoming from scheduler itself.\n\nSome of the crashes:\n-\u003e kernel BUG at kernel/sched/rt.c:1616! BUG_ON(idx \u003e= MAX_RT_PRIO)\n Call Trace:\n ? __die_body+0x1a/0x60\n ? die+0x2a/0x50\n ? do_trap+0x85/0x100\n ? pick_next_task_rt+0x6e/0x1d0\n ? do_error_trap+0x64/0xa0\n ? pick_next_task_rt+0x6e/0x1d0\n ? exc_invalid_op+0x4c/0x60\n ? pick_next_task_rt+0x6e/0x1d0\n ? asm_exc_invalid_op+0x12/0x20\n ? pick_next_task_rt+0x6e/0x1d0\n __schedule+0x5cb/0x790\n ? update_ts_time_stats+0x55/0x70\n schedule_idle+0x1e/0x40\n do_idle+0x15e/0x200\n cpu_startup_entry+0x19/0x20\n start_secondary+0x117/0x160\n secondary_startup_64_no_verify+0xb0/0xbb\n\n-\u003e BUG: kernel NULL pointer dereference, address: 00000000000000c0\n Call Trace:\n ? __die_body+0x1a/0x60\n ? no_context+0x183/0x350\n ? __warn+0x8a/0xe0\n ? exc_page_fault+0x3d6/0x520\n ? asm_exc_page_fault+0x1e/0x30\n ? pick_next_task_rt+0xb5/0x1d0\n ? pick_next_task_rt+0x8c/0x1d0\n __schedule+0x583/0x7e0\n ? update_ts_time_stats+0x55/0x70\n schedule_idle+0x1e/0x40\n do_idle+0x15e/0x200\n cpu_startup_entry+0x19/0x20\n start_secondary+0x117/0x160\n secondary_startup_64_no_verify+0xb0/0xbb\n\n-\u003e BUG: unable to handle page fault for address: ffff9464daea5900\n kernel BUG at kernel/sched/rt.c:1861! BUG_ON(rq-\u003ecpu != task_cpu(p))\n\n-\u003e kernel BUG at kernel/sched/rt.c:1055! BUG_ON(!rq-\u003enr_running)\n Call Trace:\n ? __die_body+0x1a/0x60\n ? die+0x2a/0x50\n ? do_trap+0x85/0x100\n ? dequeue_top_rt_rq+0xa2/0xb0\n ? do_error_trap+0x64/0xa0\n ? dequeue_top_rt_rq+0xa2/0xb0\n ? exc_invalid_op+0x4c/0x60\n ? dequeue_top_rt_rq+0xa2/0xb0\n ? asm_exc_invalid_op+0x12/0x20\n ? dequeue_top_rt_rq+0xa2/0xb0\n dequeue_rt_entity+0x1f/0x70\n dequeue_task_rt+0x2d/0x70\n __schedule+0x1a8/0x7e0\n ? blk_finish_plug+0x25/0x40\n schedule+0x3c/0xb0\n futex_wait_queue_me+0xb6/0x120\n futex_wait+0xd9/0x240\n do_futex+0x344/0xa90\n ? get_mm_exe_file+0x30/0x60\n ? audit_exe_compare+0x58/0x70\n ? audit_filter_rules.constprop.26+0x65e/0x1220\n __x64_sys_futex+0x148/0x1f0\n do_syscall_64+0x30/0x80\n entry_SYSCALL_64_after_hwframe+0x62/0xc7\n\n-\u003e BUG: unable to handle page fault for address: ffff8cf3608bc2c0\n Call Trace:\n ? __die_body+0x1a/0x60\n ? no_context+0x183/0x350\n ? spurious_kernel_fault+0x171/0x1c0\n ? exc_page_fault+0x3b6/0x520\n ? plist_check_list+0x15/0x40\n ? plist_check_list+0x2e/0x40\n ? asm_exc_page_fault+0x1e/0x30\n ? _cond_resched+0x15/0x30\n ? futex_wait_queue_me+0xc8/0x120\n ? futex_wait+0xd9/0x240\n ? try_to_wake_up+0x1b8/0x490\n ? futex_wake+0x78/0x160\n ? do_futex+0xcd/0xa90\n ? plist_check_list+0x15/0x40\n ? plist_check_list+0x2e/0x40\n ? plist_del+0x6a/0xd0\n ? plist_check_list+0x15/0x40\n ? plist_check_list+0x2e/0x40\n ? dequeue_pushable_task+0x20/0x70\n ? __schedule+0x382/0x7e0\n ? asm_sysvec_reschedule_i\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38234",
"url": "https://www.suse.com/security/cve/CVE-2025-38234"
},
{
"category": "external",
"summary": "SUSE Bug 1246057 for CVE-2025-38234",
"url": "https://bugzilla.suse.com/1246057"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38234"
},
{
"cve": "CVE-2025-38242",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38242"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: userfaultfd: fix race of userfaultfd_move and swap cache\n\nThis commit fixes two kinds of races, they may have different results:\n\nBarry reported a BUG_ON in commit c50f8e6053b0, we may see the same\nBUG_ON if the filemap lookup returned NULL and folio is added to swap\ncache after that.\n\nIf another kind of race is triggered (folio changed after lookup) we\nmay see RSS counter is corrupted:\n\n[ 406.893936] BUG: Bad rss-counter state mm:ffff0000c5a9ddc0\ntype:MM_ANONPAGES val:-1\n[ 406.894071] BUG: Bad rss-counter state mm:ffff0000c5a9ddc0\ntype:MM_SHMEMPAGES val:1\n\nBecause the folio is being accounted to the wrong VMA.\n\nI\u0027m not sure if there will be any data corruption though, seems no. \nThe issues above are critical already.\n\n\nOn seeing a swap entry PTE, userfaultfd_move does a lockless swap cache\nlookup, and tries to move the found folio to the faulting vma. Currently,\nit relies on checking the PTE value to ensure that the moved folio still\nbelongs to the src swap entry and that no new folio has been added to the\nswap cache, which turns out to be unreliable.\n\nWhile working and reviewing the swap table series with Barry, following\nexisting races are observed and reproduced [1]:\n\nIn the example below, move_pages_pte is moving src_pte to dst_pte, where\nsrc_pte is a swap entry PTE holding swap entry S1, and S1 is not in the\nswap cache:\n\nCPU1 CPU2\nuserfaultfd_move\n move_pages_pte()\n entry = pte_to_swp_entry(orig_src_pte);\n // Here it got entry = S1\n ... \u003c interrupted\u003e ...\n \u003cswapin src_pte, alloc and use folio A\u003e\n // folio A is a new allocated folio\n // and get installed into src_pte\n \u003cfrees swap entry S1\u003e\n // src_pte now points to folio A, S1\n // has swap count == 0, it can be freed\n // by folio_swap_swap or swap\n // allocator\u0027s reclaim.\n \u003ctry to swap out another folio B\u003e\n // folio B is a folio in another VMA.\n \u003cput folio B to swap cache using S1 \u003e\n // S1 is freed, folio B can use it\n // for swap out with no problem.\n ...\n folio = filemap_get_folio(S1)\n // Got folio B here !!!\n ... \u003c interrupted again\u003e ...\n \u003cswapin folio B and free S1\u003e\n // Now S1 is free to be used again.\n \u003cswapout src_pte \u0026 folio A using S1\u003e\n // Now src_pte is a swap entry PTE\n // holding S1 again.\n folio_trylock(folio)\n move_swap_pte\n double_pt_lock\n is_pte_pages_stable\n // Check passed because src_pte == S1\n folio_move_anon_rmap(...)\n // Moved invalid folio B here !!!\n\nThe race window is very short and requires multiple collisions of multiple\nrare events, so it\u0027s very unlikely to happen, but with a deliberately\nconstructed reproducer and increased time window, it can be reproduced\neasily.\n\nThis can be fixed by checking if the folio returned by filemap is the\nvalid swap cache folio after acquiring the folio lock.\n\nAnother similar race is possible: filemap_get_folio may return NULL, but\nfolio (A) could be swapped in and then swapped out again using the same\nswap entry after the lookup. In such a case, folio (A) may remain in the\nswap cache, so it must be moved too:\n\nCPU1 CPU2\nuserfaultfd_move\n move_pages_pte()\n entry = pte_to_swp_entry(orig_src_pte);\n // Here it got entry = S1, and S1 is not in swap cache\n folio = filemap_get\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38242",
"url": "https://www.suse.com/security/cve/CVE-2025-38242"
},
{
"category": "external",
"summary": "SUSE Bug 1246176 for CVE-2025-38242",
"url": "https://bugzilla.suse.com/1246176"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38242"
},
{
"cve": "CVE-2025-38244",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38244"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential deadlock when reconnecting channels\n\nFix cifs_signal_cifsd_for_reconnect() to take the correct lock order\nand prevent the following deadlock from happening\n\n======================================================\nWARNING: possible circular locking dependency detected\n6.16.0-rc3-build2+ #1301 Tainted: G S W\n------------------------------------------------------\ncifsd/6055 is trying to acquire lock:\nffff88810ad56038 (\u0026tcp_ses-\u003esrv_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0x134/0x200\n\nbut task is already holding lock:\nffff888119c64330 (\u0026ret_buf-\u003echan_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0xcf/0x200\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-\u003e #2 (\u0026ret_buf-\u003echan_lock){+.+.}-{3:3}:\n validate_chain+0x1cf/0x270\n __lock_acquire+0x60e/0x780\n lock_acquire.part.0+0xb4/0x1f0\n _raw_spin_lock+0x2f/0x40\n cifs_setup_session+0x81/0x4b0\n cifs_get_smb_ses+0x771/0x900\n cifs_mount_get_session+0x7e/0x170\n cifs_mount+0x92/0x2d0\n cifs_smb3_do_mount+0x161/0x460\n smb3_get_tree+0x55/0x90\n vfs_get_tree+0x46/0x180\n do_new_mount+0x1b0/0x2e0\n path_mount+0x6ee/0x740\n do_mount+0x98/0xe0\n __do_sys_mount+0x148/0x180\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n-\u003e #1 (\u0026ret_buf-\u003eses_lock){+.+.}-{3:3}:\n validate_chain+0x1cf/0x270\n __lock_acquire+0x60e/0x780\n lock_acquire.part.0+0xb4/0x1f0\n _raw_spin_lock+0x2f/0x40\n cifs_match_super+0x101/0x320\n sget+0xab/0x270\n cifs_smb3_do_mount+0x1e0/0x460\n smb3_get_tree+0x55/0x90\n vfs_get_tree+0x46/0x180\n do_new_mount+0x1b0/0x2e0\n path_mount+0x6ee/0x740\n do_mount+0x98/0xe0\n __do_sys_mount+0x148/0x180\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n-\u003e #0 (\u0026tcp_ses-\u003esrv_lock){+.+.}-{3:3}:\n check_noncircular+0x95/0xc0\n check_prev_add+0x115/0x2f0\n validate_chain+0x1cf/0x270\n __lock_acquire+0x60e/0x780\n lock_acquire.part.0+0xb4/0x1f0\n _raw_spin_lock+0x2f/0x40\n cifs_signal_cifsd_for_reconnect+0x134/0x200\n __cifs_reconnect+0x8f/0x500\n cifs_handle_standard+0x112/0x280\n cifs_demultiplex_thread+0x64d/0xbc0\n kthread+0x2f7/0x310\n ret_from_fork+0x2a/0x230\n ret_from_fork_asm+0x1a/0x30\n\nother info that might help us debug this:\n\nChain exists of:\n \u0026tcp_ses-\u003esrv_lock --\u003e \u0026ret_buf-\u003eses_lock --\u003e \u0026ret_buf-\u003echan_lock\n\n Possible unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(\u0026ret_buf-\u003echan_lock);\n lock(\u0026ret_buf-\u003eses_lock);\n lock(\u0026ret_buf-\u003echan_lock);\n lock(\u0026tcp_ses-\u003esrv_lock);\n\n *** DEADLOCK ***\n\n3 locks held by cifsd/6055:\n #0: ffffffff857de398 (\u0026cifs_tcp_ses_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0x7b/0x200\n #1: ffff888119c64060 (\u0026ret_buf-\u003eses_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0x9c/0x200\n #2: ffff888119c64330 (\u0026ret_buf-\u003echan_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0xcf/0x200",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38244",
"url": "https://www.suse.com/security/cve/CVE-2025-38244"
},
{
"category": "external",
"summary": "SUSE Bug 1246183 for CVE-2025-38244",
"url": "https://bugzilla.suse.com/1246183"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38244"
},
{
"cve": "CVE-2025-38245",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38245"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: Release atm_dev_mutex after removing procfs in atm_dev_deregister().\n\nsyzbot reported a warning below during atm_dev_register(). [0]\n\nBefore creating a new device and procfs/sysfs for it, atm_dev_register()\nlooks up a duplicated device by __atm_dev_lookup(). These operations are\ndone under atm_dev_mutex.\n\nHowever, when removing a device in atm_dev_deregister(), it releases the\nmutex just after removing the device from the list that __atm_dev_lookup()\niterates over.\n\nSo, there will be a small race window where the device does not exist on\nthe device list but procfs/sysfs are still not removed, triggering the\nsplat.\n\nLet\u0027s hold the mutex until procfs/sysfs are removed in\natm_dev_deregister().\n\n[0]:\nproc_dir_entry \u0027atm/atmtcp:0\u0027 already registered\nWARNING: CPU: 0 PID: 5919 at fs/proc/generic.c:377 proc_register+0x455/0x5f0 fs/proc/generic.c:377\nModules linked in:\nCPU: 0 UID: 0 PID: 5919 Comm: syz-executor284 Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nRIP: 0010:proc_register+0x455/0x5f0 fs/proc/generic.c:377\nCode: 48 89 f9 48 c1 e9 03 80 3c 01 00 0f 85 a2 01 00 00 48 8b 44 24 10 48 c7 c7 20 c0 c2 8b 48 8b b0 d8 00 00 00 e8 0c 02 1c ff 90 \u003c0f\u003e 0b 90 90 48 c7 c7 80 f2 82 8e e8 0b de 23 09 48 8b 4c 24 28 48\nRSP: 0018:ffffc9000466fa30 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817ae248\nRDX: ffff888026280000 RSI: ffffffff817ae255 RDI: 0000000000000001\nRBP: ffff8880232bed48 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000001 R12: ffff888076ed2140\nR13: dffffc0000000000 R14: ffff888078a61340 R15: ffffed100edda444\nFS: 00007f38b3b0c6c0(0000) GS:ffff888124753000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f38b3bdf953 CR3: 0000000076d58000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n proc_create_data+0xbe/0x110 fs/proc/generic.c:585\n atm_proc_dev_register+0x112/0x1e0 net/atm/proc.c:361\n atm_dev_register+0x46d/0x890 net/atm/resources.c:113\n atmtcp_create+0x77/0x210 drivers/atm/atmtcp.c:369\n atmtcp_attach drivers/atm/atmtcp.c:403 [inline]\n atmtcp_ioctl+0x2f9/0xd60 drivers/atm/atmtcp.c:464\n do_vcc_ioctl+0x12c/0x930 net/atm/ioctl.c:159\n sock_do_ioctl+0x115/0x280 net/socket.c:1190\n sock_ioctl+0x227/0x6b0 net/socket.c:1311\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl fs/ioctl.c:893 [inline]\n __x64_sys_ioctl+0x18b/0x210 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f38b3b74459\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f38b3b0c198 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007f38b3bfe318 RCX: 00007f38b3b74459\nRDX: 0000000000000000 RSI: 0000000000006180 RDI: 0000000000000005\nRBP: 00007f38b3bfe310 R08: 65732f636f72702f R09: 65732f636f72702f\nR10: 65732f636f72702f R11: 0000000000000246 R12: 00007f38b3bcb0ac\nR13: 00007f38b3b0c1a0 R14: 0000200000000200 R15: 00007f38b3bcb03b\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38245",
"url": "https://www.suse.com/security/cve/CVE-2025-38245"
},
{
"category": "external",
"summary": "SUSE Bug 1246193 for CVE-2025-38245",
"url": "https://bugzilla.suse.com/1246193"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38245"
},
{
"cve": "CVE-2025-38246",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38246"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt: properly flush XDP redirect lists\n\nWe encountered following crash when testing a XDP_REDIRECT feature\nin production:\n\n[56251.579676] list_add corruption. next-\u003eprev should be prev (ffff93120dd40f30), but was ffffb301ef3a6740. (next=ffff93120dd\n40f30).\n[56251.601413] ------------[ cut here ]------------\n[56251.611357] kernel BUG at lib/list_debug.c:29!\n[56251.621082] Oops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n[56251.632073] CPU: 111 UID: 0 PID: 0 Comm: swapper/111 Kdump: loaded Tainted: P O 6.12.33-cloudflare-2025.6.\n3 #1\n[56251.653155] Tainted: [P]=PROPRIETARY_MODULE, [O]=OOT_MODULE\n[56251.663877] Hardware name: MiTAC GC68B-B8032-G11P6-GPU/S8032GM-HE-CFR, BIOS V7.020.B10-sig 01/22/2025\n[56251.682626] RIP: 0010:__list_add_valid_or_report+0x4b/0xa0\n[56251.693203] Code: 0e 48 c7 c7 68 e7 d9 97 e8 42 16 fe ff 0f 0b 48 8b 52 08 48 39 c2 74 14 48 89 f1 48 c7 c7 90 e7 d9 97 48\n 89 c6 e8 25 16 fe ff \u003c0f\u003e 0b 4c 8b 02 49 39 f0 74 14 48 89 d1 48 c7 c7 e8 e7 d9 97 4c 89\n[56251.725811] RSP: 0018:ffff93120dd40b80 EFLAGS: 00010246\n[56251.736094] RAX: 0000000000000075 RBX: ffffb301e6bba9d8 RCX: 0000000000000000\n[56251.748260] RDX: 0000000000000000 RSI: ffff9149afda0b80 RDI: ffff9149afda0b80\n[56251.760349] RBP: ffff9131e49c8000 R08: 0000000000000000 R09: ffff93120dd40a18\n[56251.772382] R10: ffff9159cf2ce1a8 R11: 0000000000000003 R12: ffff911a80850000\n[56251.784364] R13: ffff93120fbc7000 R14: 0000000000000010 R15: ffff9139e7510e40\n[56251.796278] FS: 0000000000000000(0000) GS:ffff9149afd80000(0000) knlGS:0000000000000000\n[56251.809133] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[56251.819561] CR2: 00007f5e85e6f300 CR3: 00000038b85e2006 CR4: 0000000000770ef0\n[56251.831365] PKRU: 55555554\n[56251.838653] Call Trace:\n[56251.845560] \u003cIRQ\u003e\n[56251.851943] cpu_map_enqueue.cold+0x5/0xa\n[56251.860243] xdp_do_redirect+0x2d9/0x480\n[56251.868388] bnxt_rx_xdp+0x1d8/0x4c0 [bnxt_en]\n[56251.877028] bnxt_rx_pkt+0x5f7/0x19b0 [bnxt_en]\n[56251.885665] ? cpu_max_write+0x1e/0x100\n[56251.893510] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.902276] __bnxt_poll_work+0x190/0x340 [bnxt_en]\n[56251.911058] bnxt_poll+0xab/0x1b0 [bnxt_en]\n[56251.919041] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.927568] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.935958] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.944250] __napi_poll+0x2b/0x160\n[56251.951155] bpf_trampoline_6442548651+0x79/0x123\n[56251.959262] __napi_poll+0x5/0x160\n[56251.966037] net_rx_action+0x3d2/0x880\n[56251.973133] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.981265] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.989262] ? __hrtimer_run_queues+0x162/0x2a0\n[56251.996967] ? srso_alias_return_thunk+0x5/0xfbef5\n[56252.004875] ? srso_alias_return_thunk+0x5/0xfbef5\n[56252.012673] ? bnxt_msix+0x62/0x70 [bnxt_en]\n[56252.019903] handle_softirqs+0xcf/0x270\n[56252.026650] irq_exit_rcu+0x67/0x90\n[56252.032933] common_interrupt+0x85/0xa0\n[56252.039498] \u003c/IRQ\u003e\n[56252.044246] \u003cTASK\u003e\n[56252.048935] asm_common_interrupt+0x26/0x40\n[56252.055727] RIP: 0010:cpuidle_enter_state+0xb8/0x420\n[56252.063305] Code: dc 01 00 00 e8 f9 79 3b ff e8 64 f7 ff ff 49 89 c5 0f 1f 44 00 00 31 ff e8 a5 32 3a ff 45 84 ff 0f 85 ae\n 01 00 00 fb 45 85 f6 \u003c0f\u003e 88 88 01 00 00 48 8b 04 24 49 63 ce 4c 89 ea 48 6b f1 68 48 29\n[56252.088911] RSP: 0018:ffff93120c97fe98 EFLAGS: 00000202\n[56252.096912] RAX: ffff9149afd80000 RBX: ffff9141d3a72800 RCX: 0000000000000000\n[56252.106844] RDX: 00003329176c6b98 RSI: ffffffe36db3fdc7 RDI: 0000000000000000\n[56252.116733] RBP: 0000000000000002 R08: 0000000000000002 R09: 000000000000004e\n[56252.126652] R10: ffff9149afdb30c4 R11: 071c71c71c71c71c R12: ffffffff985ff860\n[56252.136637] R13: 00003329176c6b98 R14: 0000000000000002 R15: 0000000000000000\n[56252.146667] ? cpuidle_enter_state+0xab/0x420\n[56252.153909] cpuidle_enter+0x2d/0x40\n[56252.160360] do_idle+0x176/0x1c0\n[56252.166456\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38246",
"url": "https://www.suse.com/security/cve/CVE-2025-38246"
},
{
"category": "external",
"summary": "SUSE Bug 1246195 for CVE-2025-38246",
"url": "https://bugzilla.suse.com/1246195"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38246"
},
{
"cve": "CVE-2025-38249",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38249"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3()\n\nIn snd_usb_get_audioformat_uac3(), the length value returned from\nsnd_usb_ctl_msg() is used directly for memory allocation without\nvalidation. This length is controlled by the USB device.\n\nThe allocated buffer is cast to a uac3_cluster_header_descriptor\nand its fields are accessed without verifying that the buffer\nis large enough. If the device returns a smaller than expected\nlength, this leads to an out-of-bounds read.\n\nAdd a length check to ensure the buffer is large enough for\nuac3_cluster_header_descriptor.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38249",
"url": "https://www.suse.com/security/cve/CVE-2025-38249"
},
{
"category": "external",
"summary": "SUSE Bug 1246171 for CVE-2025-38249",
"url": "https://bugzilla.suse.com/1246171"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38249"
},
{
"cve": "CVE-2025-38251",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38251"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: clip: prevent NULL deref in clip_push()\n\nBlamed commit missed that vcc_destroy_socket() calls\nclip_push() with a NULL skb.\n\nIf clip_devs is NULL, clip_push() then crashes when reading\nskb-\u003etruesize.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38251",
"url": "https://www.suse.com/security/cve/CVE-2025-38251"
},
{
"category": "external",
"summary": "SUSE Bug 1246181 for CVE-2025-38251",
"url": "https://bugzilla.suse.com/1246181"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38251"
},
{
"cve": "CVE-2025-38253",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38253"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: wacom: fix crash in wacom_aes_battery_handler()\n\nCommit fd2a9b29dc9c (\"HID: wacom: Remove AES power_supply after extended\ninactivity\") introduced wacom_aes_battery_handler() which is scheduled\nas a delayed work (aes_battery_work).\n\nIn wacom_remove(), aes_battery_work is not canceled. Consequently, if\nthe device is removed while aes_battery_work is still pending, then hard\ncrashes or \"Oops: general protection fault...\" are experienced when\nwacom_aes_battery_handler() is finally called. E.g., this happens with\nbuilt-in USB devices after resume from hibernate when aes_battery_work\nwas still pending at the time of hibernation.\n\nSo, take care to cancel aes_battery_work in wacom_remove().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38253",
"url": "https://www.suse.com/security/cve/CVE-2025-38253"
},
{
"category": "external",
"summary": "SUSE Bug 1246192 for CVE-2025-38253",
"url": "https://bugzilla.suse.com/1246192"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38253"
},
{
"cve": "CVE-2025-38255",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38255"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlib/group_cpus: fix NULL pointer dereference from group_cpus_evenly()\n\nWhile testing null_blk with configfs, echo 0 \u003e poll_queues will trigger\nfollowing panic:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000010\nOops: Oops: 0000 [#1] SMP NOPTI\nCPU: 27 UID: 0 PID: 920 Comm: bash Not tainted 6.15.0-02023-gadbdb95c8696-dirty #1238 PREEMPT(undef)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014\nRIP: 0010:__bitmap_or+0x48/0x70\nCall Trace:\n \u003cTASK\u003e\n __group_cpus_evenly+0x822/0x8c0\n group_cpus_evenly+0x2d9/0x490\n blk_mq_map_queues+0x1e/0x110\n null_map_queues+0xc9/0x170 [null_blk]\n blk_mq_update_queue_map+0xdb/0x160\n blk_mq_update_nr_hw_queues+0x22b/0x560\n nullb_update_nr_hw_queues+0x71/0xf0 [null_blk]\n nullb_device_poll_queues_store+0xa4/0x130 [null_blk]\n configfs_write_iter+0x109/0x1d0\n vfs_write+0x26e/0x6f0\n ksys_write+0x79/0x180\n __x64_sys_write+0x1d/0x30\n x64_sys_call+0x45c4/0x45f0\n do_syscall_64+0xa5/0x240\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nRoot cause is that numgrps is set to 0, and ZERO_SIZE_PTR is returned from\nkcalloc(), and later ZERO_SIZE_PTR will be deferenced.\n\nFix the problem by checking numgrps first in group_cpus_evenly(), and\nreturn NULL directly if numgrps is zero.\n\n[yukuai3@huawei.com: also fix the non-SMP version]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38255",
"url": "https://www.suse.com/security/cve/CVE-2025-38255"
},
{
"category": "external",
"summary": "SUSE Bug 1246190 for CVE-2025-38255",
"url": "https://bugzilla.suse.com/1246190"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38255"
},
{
"cve": "CVE-2025-38256",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38256"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/rsrc: fix folio unpinning\n\nsyzbot complains about an unmapping failure:\n\n[ 108.070381][ T14] kernel BUG at mm/gup.c:71!\n[ 108.070502][ T14] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP\n[ 108.123672][ T14] Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20250221-8.fc42 02/21/2025\n[ 108.127458][ T14] Workqueue: iou_exit io_ring_exit_work\n[ 108.174205][ T14] Call trace:\n[ 108.175649][ T14] sanity_check_pinned_pages+0x7cc/0x7d0 (P)\n[ 108.178138][ T14] unpin_user_page+0x80/0x10c\n[ 108.180189][ T14] io_release_ubuf+0x84/0xf8\n[ 108.182196][ T14] io_free_rsrc_node+0x250/0x57c\n[ 108.184345][ T14] io_rsrc_data_free+0x148/0x298\n[ 108.186493][ T14] io_sqe_buffers_unregister+0x84/0xa0\n[ 108.188991][ T14] io_ring_ctx_free+0x48/0x480\n[ 108.191057][ T14] io_ring_exit_work+0x764/0x7d8\n[ 108.193207][ T14] process_one_work+0x7e8/0x155c\n[ 108.195431][ T14] worker_thread+0x958/0xed8\n[ 108.197561][ T14] kthread+0x5fc/0x75c\n[ 108.199362][ T14] ret_from_fork+0x10/0x20\n\nWe can pin a tail page of a folio, but then io_uring will try to unpin\nthe head page of the folio. While it should be fine in terms of keeping\nthe page actually alive, mm folks say it\u0027s wrong and triggers a debug\nwarning. Use unpin_user_folio() instead of unpin_user_page*.\n\n[axboe: adapt to current tree, massage commit message]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38256",
"url": "https://www.suse.com/security/cve/CVE-2025-38256"
},
{
"category": "external",
"summary": "SUSE Bug 1246188 for CVE-2025-38256",
"url": "https://bugzilla.suse.com/1246188"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38256"
},
{
"cve": "CVE-2025-38257",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38257"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pkey: Prevent overflow in size calculation for memdup_user()\n\nNumber of apqn target list entries contained in \u0027nr_apqns\u0027 variable is\ndetermined by userspace via an ioctl call so the result of the product in\ncalculation of size passed to memdup_user() may overflow.\n\nIn this case the actual size of the allocated area and the value\ndescribing it won\u0027t be in sync leading to various types of unpredictable\nbehaviour later.\n\nUse a proper memdup_array_user() helper which returns an error if an\noverflow is detected. Note that it is different from when nr_apqns is\ninitially zero - that case is considered valid and should be handled in\nsubsequent pkey_handler implementations.\n\nFound by Linux Verification Center (linuxtesting.org).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38257",
"url": "https://www.suse.com/security/cve/CVE-2025-38257"
},
{
"category": "external",
"summary": "SUSE Bug 1246186 for CVE-2025-38257",
"url": "https://bugzilla.suse.com/1246186"
},
{
"category": "external",
"summary": "SUSE Bug 1246189 for CVE-2025-38257",
"url": "https://bugzilla.suse.com/1246189"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38257"
},
{
"cve": "CVE-2025-38258",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38258"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter-\u003ememcg_path on write\n\nmemcg_path_store() assigns a newly allocated memory buffer to\nfilter-\u003ememcg_path, without deallocating the previously allocated and\nassigned memory buffer. As a result, users can leak kernel memory by\ncontinuously writing a data to memcg_path DAMOS sysfs file. Fix the leak\nby deallocating the previously set memory buffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38258",
"url": "https://www.suse.com/security/cve/CVE-2025-38258"
},
{
"category": "external",
"summary": "SUSE Bug 1246185 for CVE-2025-38258",
"url": "https://bugzilla.suse.com/1246185"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "low"
}
],
"title": "CVE-2025-38258"
},
{
"cve": "CVE-2025-38259",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38259"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: codecs: wcd9335: Fix missing free of regulator supplies\n\nDriver gets and enables all regulator supplies in probe path\n(wcd9335_parse_dt() and wcd9335_power_on_reset()), but does not cleanup\nin final error paths and in unbind (missing remove() callback). This\nleads to leaked memory and unbalanced regulator enable count during\nprobe errors or unbind.\n\nFix this by converting entire code into devm_regulator_bulk_get_enable()\nwhich also greatly simplifies the code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38259",
"url": "https://www.suse.com/security/cve/CVE-2025-38259"
},
{
"category": "external",
"summary": "SUSE Bug 1246220 for CVE-2025-38259",
"url": "https://bugzilla.suse.com/1246220"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38259"
},
{
"cve": "CVE-2025-38263",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38263"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbcache: fix NULL pointer in cache_set_flush()\n\n1. LINE#1794 - LINE#1887 is some codes about function of\n bch_cache_set_alloc().\n2. LINE#2078 - LINE#2142 is some codes about function of\n register_cache_set().\n3. register_cache_set() will call bch_cache_set_alloc() in LINE#2098.\n\n 1794 struct cache_set *bch_cache_set_alloc(struct cache_sb *sb)\n 1795 {\n ...\n 1860 if (!(c-\u003edevices = kcalloc(c-\u003enr_uuids, sizeof(void *), GFP_KERNEL)) ||\n 1861 mempool_init_slab_pool(\u0026c-\u003esearch, 32, bch_search_cache) ||\n 1862 mempool_init_kmalloc_pool(\u0026c-\u003ebio_meta, 2,\n 1863 sizeof(struct bbio) + sizeof(struct bio_vec) *\n 1864 bucket_pages(c)) ||\n 1865 mempool_init_kmalloc_pool(\u0026c-\u003efill_iter, 1, iter_size) ||\n 1866 bioset_init(\u0026c-\u003ebio_split, 4, offsetof(struct bbio, bio),\n 1867 BIOSET_NEED_BVECS|BIOSET_NEED_RESCUER) ||\n 1868 !(c-\u003euuids = alloc_bucket_pages(GFP_KERNEL, c)) ||\n 1869 !(c-\u003emoving_gc_wq = alloc_workqueue(\"bcache_gc\",\n 1870 WQ_MEM_RECLAIM, 0)) ||\n 1871 bch_journal_alloc(c) ||\n 1872 bch_btree_cache_alloc(c) ||\n 1873 bch_open_buckets_alloc(c) ||\n 1874 bch_bset_sort_state_init(\u0026c-\u003esort, ilog2(c-\u003ebtree_pages)))\n 1875 goto err;\n ^^^^^^^^\n 1876\n ...\n 1883 return c;\n 1884 err:\n 1885 bch_cache_set_unregister(c);\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^\n 1886 return NULL;\n 1887 }\n ...\n 2078 static const char *register_cache_set(struct cache *ca)\n 2079 {\n ...\n 2098 c = bch_cache_set_alloc(\u0026ca-\u003esb);\n 2099 if (!c)\n 2100 return err;\n ^^^^^^^^^^\n ...\n 2128 ca-\u003eset = c;\n 2129 ca-\u003eset-\u003ecache[ca-\u003esb.nr_this_dev] = ca;\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n ...\n 2138 return NULL;\n 2139 err:\n 2140 bch_cache_set_unregister(c);\n 2141 return err;\n 2142 }\n\n(1) If LINE#1860 - LINE#1874 is true, then do \u0027goto err\u0027(LINE#1875) and\n call bch_cache_set_unregister()(LINE#1885).\n(2) As (1) return NULL(LINE#1886), LINE#2098 - LINE#2100 would return.\n(3) As (2) has returned, LINE#2128 - LINE#2129 would do *not* give the\n value to c-\u003ecache[], it means that c-\u003ecache[] is NULL.\n\nLINE#1624 - LINE#1665 is some codes about function of cache_set_flush().\nAs (1), in LINE#1885 call\nbch_cache_set_unregister()\n---\u003e bch_cache_set_stop()\n ---\u003e closure_queue()\n -.-\u003e cache_set_flush() (as below LINE#1624)\n\n 1624 static void cache_set_flush(struct closure *cl)\n 1625 {\n ...\n 1654 for_each_cache(ca, c, i)\n 1655 if (ca-\u003ealloc_thread)\n ^^\n 1656 kthread_stop(ca-\u003ealloc_thread);\n ...\n 1665 }\n\n(4) In LINE#1655 ca is NULL(see (3)) in cache_set_flush() then the\n kernel crash occurred as below:\n[ 846.712887] bcache: register_cache() error drbd6: cannot allocate memory\n[ 846.713242] bcache: register_bcache() error : failed to register device\n[ 846.713336] bcache: cache_set_free() Cache set 2f84bdc1-498a-4f2f-98a7-01946bf54287 unregistered\n[ 846.713768] BUG: unable to handle kernel NULL pointer dereference at 00000000000009f8\n[ 846.714790] PGD 0 P4D 0\n[ 846.715129] Oops: 0000 [#1] SMP PTI\n[ 846.715472] CPU: 19 PID: 5057 Comm: kworker/19:16 Kdump: loaded Tainted: G OE --------- - - 4.18.0-147.5.1.el8_1.5es.3.x86_64 #1\n[ 846.716082] Hardware name: ESPAN GI-25212/X11DPL-i, BIOS 2.1 06/15/2018\n[ 846.716451] Workqueue: events cache_set_flush [bcache]\n[ 846.716808] RIP: 0010:cache_set_flush+0xc9/0x1b0 [bcache]\n[ 846.717155] Code: 00 4c 89 a5 b0 03 00 00 48 8b 85 68 f6 ff ff a8 08 0f 84 88 00 00 00 31 db 66 83 bd 3c f7 ff ff 00 48 8b 85 48 ff ff ff 74 28 \u003c48\u003e 8b b8 f8 09 00 0\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38263",
"url": "https://www.suse.com/security/cve/CVE-2025-38263"
},
{
"category": "external",
"summary": "SUSE Bug 1246248 for CVE-2025-38263",
"url": "https://bugzilla.suse.com/1246248"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38263"
},
{
"cve": "CVE-2025-38265",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38265"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: jsm: fix NPE during jsm_uart_port_init\n\nNo device was set which caused serial_base_ctrl_add to crash.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000050\n Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 16 UID: 0 PID: 368 Comm: (udev-worker) Not tainted 6.12.25-amd64 #1 Debian 6.12.25-1\n RIP: 0010:serial_base_ctrl_add+0x96/0x120\n Call Trace:\n \u003cTASK\u003e\n serial_core_register_port+0x1a0/0x580\n ? __setup_irq+0x39c/0x660\n ? __kmalloc_cache_noprof+0x111/0x310\n jsm_uart_port_init+0xe8/0x180 [jsm]\n jsm_probe_one+0x1f4/0x410 [jsm]\n local_pci_probe+0x42/0x90\n pci_device_probe+0x22f/0x270\n really_probe+0xdb/0x340\n ? pm_runtime_barrier+0x54/0x90\n ? __pfx___driver_attach+0x10/0x10\n __driver_probe_device+0x78/0x110\n driver_probe_device+0x1f/0xa0\n __driver_attach+0xba/0x1c0\n bus_for_each_dev+0x8c/0xe0\n bus_add_driver+0x112/0x1f0\n driver_register+0x72/0xd0\n jsm_init_module+0x36/0xff0 [jsm]\n ? __pfx_jsm_init_module+0x10/0x10 [jsm]\n do_one_initcall+0x58/0x310\n do_init_module+0x60/0x230\n\nTested with Digi Neo PCIe 8 port card.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38265",
"url": "https://www.suse.com/security/cve/CVE-2025-38265"
},
{
"category": "external",
"summary": "SUSE Bug 1246244 for CVE-2025-38265",
"url": "https://bugzilla.suse.com/1246244"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38265"
},
{
"cve": "CVE-2025-38267",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38267"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nring-buffer: Do not trigger WARN_ON() due to a commit_overrun\n\nWhen reading a memory mapped buffer the reader page is just swapped out\nwith the last page written in the write buffer. If the reader page is the\nsame as the commit buffer (the buffer that is currently being written to)\nit was assumed that it should never have missed events. If it does, it\ntriggers a WARN_ON_ONCE().\n\nBut there just happens to be one scenario where this can legitimately\nhappen. That is on a commit_overrun. A commit overrun is when an interrupt\npreempts an event being written to the buffer and then the interrupt adds\nso many new events that it fills and wraps the buffer back to the commit.\nAny new events would then be dropped and be reported as \"missed_events\".\n\nIn this case, the next page to read is the commit buffer and after the\nswap of the reader page, the reader page will be the commit buffer, but\nthis time there will be missed events and this triggers the following\nwarning:\n\n ------------[ cut here ]------------\n WARNING: CPU: 2 PID: 1127 at kernel/trace/ring_buffer.c:7357 ring_buffer_map_get_reader+0x49a/0x780\n Modules linked in: kvm_intel kvm irqbypass\n CPU: 2 UID: 0 PID: 1127 Comm: trace-cmd Not tainted 6.15.0-rc7-test-00004-g478bc2824b45-dirty #564 PREEMPT\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n RIP: 0010:ring_buffer_map_get_reader+0x49a/0x780\n Code: 00 00 00 48 89 fe 48 c1 ee 03 80 3c 2e 00 0f 85 ec 01 00 00 4d 3b a6 a8 00 00 00 0f 85 8a fd ff ff 48 85 c0 0f 84 55 fe ff ff \u003c0f\u003e 0b e9 4e fe ff ff be 08 00 00 00 4c 89 54 24 58 48 89 54 24 50\n RSP: 0018:ffff888121787dc0 EFLAGS: 00010002\n RAX: 00000000000006a2 RBX: ffff888100062800 RCX: ffffffff8190cb49\n RDX: ffff888126934c00 RSI: 1ffff11020200a15 RDI: ffff8881010050a8\n RBP: dffffc0000000000 R08: 0000000000000000 R09: ffffed1024d26982\n R10: ffff888126934c17 R11: ffff8881010050a8 R12: ffff888126934c00\n R13: ffff8881010050b8 R14: ffff888101005000 R15: ffff888126930008\n FS: 00007f95c8cd7540(0000) GS:ffff8882b576e000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f95c8de4dc0 CR3: 0000000128452002 CR4: 0000000000172ef0\n Call Trace:\n \u003cTASK\u003e\n ? __pfx_ring_buffer_map_get_reader+0x10/0x10\n tracing_buffers_ioctl+0x283/0x370\n __x64_sys_ioctl+0x134/0x190\n do_syscall_64+0x79/0x1c0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n RIP: 0033:0x7f95c8de48db\n Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 \u003c89\u003e c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00\n RSP: 002b:00007ffe037ba110 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\n RAX: ffffffffffffffda RBX: 00007ffe037bb2b0 RCX: 00007f95c8de48db\n RDX: 0000000000000000 RSI: 0000000000005220 RDI: 0000000000000006\n RBP: 00007ffe037ba180 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n R13: 00007ffe037bb6f8 R14: 00007f95c9065000 R15: 00005575c7492c90\n \u003c/TASK\u003e\n irq event stamp: 5080\n hardirqs last enabled at (5079): [\u003cffffffff83e0adb0\u003e] _raw_spin_unlock_irqrestore+0x50/0x70\n hardirqs last disabled at (5080): [\u003cffffffff83e0aa83\u003e] _raw_spin_lock_irqsave+0x63/0x70\n softirqs last enabled at (4182): [\u003cffffffff81516122\u003e] handle_softirqs+0x552/0x710\n softirqs last disabled at (4159): [\u003cffffffff815163f7\u003e] __irq_exit_rcu+0x107/0x210\n ---[ end trace 0000000000000000 ]---\n\nThe above was triggered by running on a kernel with both lockdep and KASAN\nas well as kmemleak enabled and executing the following command:\n\n # perf record -o perf-test.dat -a -- trace-cmd record --nosplice -e all -p function hackbench 50\n\nWith perf interjecting a lot of interrupts and trace-cmd enabling all\nevents as well as function tracing, with lockdep, KASAN and kmemleak\nenabled, it could cause an interrupt preempting an event being written to\nadd enough event\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38267",
"url": "https://www.suse.com/security/cve/CVE-2025-38267"
},
{
"category": "external",
"summary": "SUSE Bug 1246245 for CVE-2025-38267",
"url": "https://bugzilla.suse.com/1246245"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "low"
}
],
"title": "CVE-2025-38267"
},
{
"cve": "CVE-2025-38268",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38268"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: tcpm: move tcpm_queue_vdm_unlocked to asynchronous work\n\nA state check was previously added to tcpm_queue_vdm_unlocked to\nprevent a deadlock where the DisplayPort Alt Mode driver would be\nexecuting work and attempting to grab the tcpm_lock while the TCPM\nwas holding the lock and attempting to unregister the altmode, blocking\non the altmode driver\u0027s cancel_work_sync call.\n\nBecause the state check isn\u0027t protected, there is a small window\nwhere the Alt Mode driver could determine that the TCPM is\nin a ready state and attempt to grab the lock while the\nTCPM grabs the lock and changes the TCPM state to one that\ncauses the deadlock. The callstack is provided below:\n\n[110121.667392][ C7] Call trace:\n[110121.667396][ C7] __switch_to+0x174/0x338\n[110121.667406][ C7] __schedule+0x608/0x9f0\n[110121.667414][ C7] schedule+0x7c/0xe8\n[110121.667423][ C7] kernfs_drain+0xb0/0x114\n[110121.667431][ C7] __kernfs_remove+0x16c/0x20c\n[110121.667436][ C7] kernfs_remove_by_name_ns+0x74/0xe8\n[110121.667442][ C7] sysfs_remove_group+0x84/0xe8\n[110121.667450][ C7] sysfs_remove_groups+0x34/0x58\n[110121.667458][ C7] device_remove_groups+0x10/0x20\n[110121.667464][ C7] device_release_driver_internal+0x164/0x2e4\n[110121.667475][ C7] device_release_driver+0x18/0x28\n[110121.667484][ C7] bus_remove_device+0xec/0x118\n[110121.667491][ C7] device_del+0x1e8/0x4ac\n[110121.667498][ C7] device_unregister+0x18/0x38\n[110121.667504][ C7] typec_unregister_altmode+0x30/0x44\n[110121.667515][ C7] tcpm_reset_port+0xac/0x370\n[110121.667523][ C7] tcpm_snk_detach+0x84/0xb8\n[110121.667529][ C7] run_state_machine+0x4c0/0x1b68\n[110121.667536][ C7] tcpm_state_machine_work+0x94/0xe4\n[110121.667544][ C7] kthread_worker_fn+0x10c/0x244\n[110121.667552][ C7] kthread+0x104/0x1d4\n[110121.667557][ C7] ret_from_fork+0x10/0x20\n\n[110121.667689][ C7] Workqueue: events dp_altmode_work\n[110121.667697][ C7] Call trace:\n[110121.667701][ C7] __switch_to+0x174/0x338\n[110121.667710][ C7] __schedule+0x608/0x9f0\n[110121.667717][ C7] schedule+0x7c/0xe8\n[110121.667725][ C7] schedule_preempt_disabled+0x24/0x40\n[110121.667733][ C7] __mutex_lock+0x408/0xdac\n[110121.667741][ C7] __mutex_lock_slowpath+0x14/0x24\n[110121.667748][ C7] mutex_lock+0x40/0xec\n[110121.667757][ C7] tcpm_altmode_enter+0x78/0xb4\n[110121.667764][ C7] typec_altmode_enter+0xdc/0x10c\n[110121.667769][ C7] dp_altmode_work+0x68/0x164\n[110121.667775][ C7] process_one_work+0x1e4/0x43c\n[110121.667783][ C7] worker_thread+0x25c/0x430\n[110121.667789][ C7] kthread+0x104/0x1d4\n[110121.667794][ C7] ret_from_fork+0x10/0x20\n\nChange tcpm_queue_vdm_unlocked to queue for tcpm_queue_vdm_work,\nwhich can perform the state check while holding the TCPM lock\nwhile the Alt Mode lock is no longer held. This requires a new\nstruct to hold the vdm data, altmode_vdm_event.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38268",
"url": "https://www.suse.com/security/cve/CVE-2025-38268"
},
{
"category": "external",
"summary": "SUSE Bug 1246385 for CVE-2025-38268",
"url": "https://bugzilla.suse.com/1246385"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38268"
},
{
"cve": "CVE-2025-38270",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38270"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: drv: netdevsim: don\u0027t napi_complete() from netpoll\n\nnetdevsim supports netpoll. Make sure we don\u0027t call napi_complete()\nfrom it, since it may not be scheduled. Breno reports hitting a\nwarning in napi_complete_done():\n\nWARNING: CPU: 14 PID: 104 at net/core/dev.c:6592 napi_complete_done+0x2cc/0x560\n __napi_poll+0x2d8/0x3a0\n handle_softirqs+0x1fe/0x710\n\nThis is presumably after netpoll stole the SCHED bit prematurely.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38270",
"url": "https://www.suse.com/security/cve/CVE-2025-38270"
},
{
"category": "external",
"summary": "SUSE Bug 1246252 for CVE-2025-38270",
"url": "https://bugzilla.suse.com/1246252"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38270"
},
{
"cve": "CVE-2025-38272",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38272"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: b53: do not enable EEE on bcm63xx\n\nBCM63xx internal switches do not support EEE, but provide multiple RGMII\nports where external PHYs may be connected. If one of these PHYs are EEE\ncapable, we may try to enable EEE for the MACs, which then hangs the\nsystem on access of the (non-existent) EEE registers.\n\nFix this by checking if the switch actually supports EEE before\nattempting to configure it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38272",
"url": "https://www.suse.com/security/cve/CVE-2025-38272"
},
{
"category": "external",
"summary": "SUSE Bug 1246268 for CVE-2025-38272",
"url": "https://bugzilla.suse.com/1246268"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38272"
},
{
"cve": "CVE-2025-38273",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38273"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tipc: fix refcount warning in tipc_aead_encrypt\n\nsyzbot reported a refcount warning [1] caused by calling get_net() on\na network namespace that is being destroyed (refcount=0). This happens\nwhen a TIPC discovery timer fires during network namespace cleanup.\n\nThe recently added get_net() call in commit e279024617134 (\"net/tipc:\nfix slab-use-after-free Read in tipc_aead_encrypt_done\") attempts to\nhold a reference to the network namespace. However, if the namespace\nis already being destroyed, its refcount might be zero, leading to the\nuse-after-free warning.\n\nReplace get_net() with maybe_get_net(), which safely checks if the\nrefcount is non-zero before incrementing it. If the namespace is being\ndestroyed, return -ENODEV early, after releasing the bearer reference.\n\n[1]: https://lore.kernel.org/all/68342b55.a70a0220.253bc2.0091.GAE@google.com/T/#m12019cf9ae77e1954f666914640efa36d52704a2",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38273",
"url": "https://www.suse.com/security/cve/CVE-2025-38273"
},
{
"category": "external",
"summary": "SUSE Bug 1246266 for CVE-2025-38273",
"url": "https://bugzilla.suse.com/1246266"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38273"
},
{
"cve": "CVE-2025-38274",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38274"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfpga: fix potential null pointer deref in fpga_mgr_test_img_load_sgt()\n\nfpga_mgr_test_img_load_sgt() allocates memory for sgt using\nkunit_kzalloc() however it does not check if the allocation failed.\nIt then passes sgt to sg_alloc_table(), which passes it to\n__sg_alloc_table(). This function calls memset() on sgt in an attempt to\nzero it out. If the allocation fails then sgt will be NULL and the\nmemset will trigger a NULL pointer dereference.\n\nFix this by checking the allocation with KUNIT_ASSERT_NOT_ERR_OR_NULL().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38274",
"url": "https://www.suse.com/security/cve/CVE-2025-38274"
},
{
"category": "external",
"summary": "SUSE Bug 1246234 for CVE-2025-38274",
"url": "https://bugzilla.suse.com/1246234"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38274"
},
{
"cve": "CVE-2025-38275",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38275"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug\n\nThe qmp_usb_iomap() helper function currently returns the raw result of\ndevm_ioremap() for non-exclusive mappings. Since devm_ioremap() may return\na NULL pointer and the caller only checks error pointers with IS_ERR(),\nNULL could bypass the check and lead to an invalid dereference.\n\nFix the issue by checking if devm_ioremap() returns NULL. When it does,\nqmp_usb_iomap() now returns an error pointer via IOMEM_ERR_PTR(-ENOMEM),\nensuring safe and consistent error handling.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38275",
"url": "https://www.suse.com/security/cve/CVE-2025-38275"
},
{
"category": "external",
"summary": "SUSE Bug 1246236 for CVE-2025-38275",
"url": "https://bugzilla.suse.com/1246236"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38275"
},
{
"cve": "CVE-2025-38277",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38277"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: nand: ecc-mxic: Fix use of uninitialized variable ret\n\nIf ctx-\u003esteps is zero, the loop processing ECC steps is skipped,\nand the variable ret remains uninitialized. It is later checked\nand returned, which leads to undefined behavior and may cause\nunpredictable results in user space or kernel crashes.\n\nThis scenario can be triggered in edge cases such as misconfigured\ngeometry, ECC engine misuse, or if ctx-\u003esteps is not validated\nafter initialization.\n\nInitialize ret to zero before the loop to ensure correct and safe\nbehavior regardless of the ctx-\u003esteps value.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38277",
"url": "https://www.suse.com/security/cve/CVE-2025-38277"
},
{
"category": "external",
"summary": "SUSE Bug 1246246 for CVE-2025-38277",
"url": "https://bugzilla.suse.com/1246246"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38277"
},
{
"cve": "CVE-2025-38278",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38278"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: QOS: Refactor TC_HTB_LEAF_DEL_LAST callback\n\nThis patch addresses below issues,\n\n1. Active traffic on the leaf node must be stopped before its send queue\n is reassigned to the parent. This patch resolves the issue by marking\n the node as \u0027Inner\u0027.\n\n2. During a system reboot, the interface receives TC_HTB_LEAF_DEL\n and TC_HTB_LEAF_DEL_LAST callbacks to delete its HTB queues.\n In the case of TC_HTB_LEAF_DEL_LAST, although the same send queue\n is reassigned to the parent, the current logic still attempts to update\n the real number of queues, leadning to below warnings\n\n New queues can\u0027t be registered after device unregistration.\n WARNING: CPU: 0 PID: 6475 at net/core/net-sysfs.c:1714\n netdev_queue_update_kobjects+0x1e4/0x200",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38278",
"url": "https://www.suse.com/security/cve/CVE-2025-38278"
},
{
"category": "external",
"summary": "SUSE Bug 1246255 for CVE-2025-38278",
"url": "https://bugzilla.suse.com/1246255"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38278"
},
{
"cve": "CVE-2025-38286",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38286"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: at91: Fix possible out-of-boundary access\n\nat91_gpio_probe() doesn\u0027t check that given OF alias is not available or\nsomething went wrong when trying to get it. This might have consequences\nwhen accessing gpio_chips array with that value as an index. Note, that\nBUG() can be compiled out and hence won\u0027t actually perform the required\nchecks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38286",
"url": "https://www.suse.com/security/cve/CVE-2025-38286"
},
{
"category": "external",
"summary": "SUSE Bug 1246283 for CVE-2025-38286",
"url": "https://bugzilla.suse.com/1246283"
},
{
"category": "external",
"summary": "SUSE Bug 1246284 for CVE-2025-38286",
"url": "https://bugzilla.suse.com/1246284"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38286"
},
{
"cve": "CVE-2025-38287",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38287"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/cm: Drop lockdep assert and WARN when freeing old msg\n\nThe send completion handler can run after cm_id has advanced to another\nmessage. The cm_id lock is not needed in this case, but a recent change\nre-used cm_free_priv_msg(), which asserts that the lock is held and\nWARNs if the cm_id\u0027s currently outstanding msg is different than the one\nbeing freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38287",
"url": "https://www.suse.com/security/cve/CVE-2025-38287"
},
{
"category": "external",
"summary": "SUSE Bug 1246285 for CVE-2025-38287",
"url": "https://bugzilla.suse.com/1246285"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38287"
},
{
"cve": "CVE-2025-38288",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38288"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: smartpqi: Fix smp_processor_id() call trace for preemptible kernels\n\nCorrect kernel call trace when calling smp_processor_id() when called in\npreemptible kernels by using raw_smp_processor_id().\n\nsmp_processor_id() checks to see if preemption is disabled and if not,\nissue an error message followed by a call to dump_stack().\n\nBrief example of call trace:\nkernel: check_preemption_disabled: 436 callbacks suppressed\nkernel: BUG: using smp_processor_id() in preemptible [00000000]\n code: kworker/u1025:0/2354\nkernel: caller is pqi_scsi_queue_command+0x183/0x310 [smartpqi]\nkernel: CPU: 129 PID: 2354 Comm: kworker/u1025:0\nkernel: ...\nkernel: Workqueue: writeback wb_workfn (flush-253:0)\nkernel: Call Trace:\nkernel: \u003cTASK\u003e\nkernel: dump_stack_lvl+0x34/0x48\nkernel: check_preemption_disabled+0xdd/0xe0\nkernel: pqi_scsi_queue_command+0x183/0x310 [smartpqi]\nkernel: ...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38288",
"url": "https://www.suse.com/security/cve/CVE-2025-38288"
},
{
"category": "external",
"summary": "SUSE Bug 1246286 for CVE-2025-38288",
"url": "https://bugzilla.suse.com/1246286"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38288"
},
{
"cve": "CVE-2025-38289",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38289"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk\n\nSmatch detected a potential use-after-free of an ndlp oject in\ndev_loss_tmo_callbk during driver unload or fatal error handling.\n\nFix by reordering code to avoid potential use-after-free if initial\nnodelist reference has been previously removed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38289",
"url": "https://www.suse.com/security/cve/CVE-2025-38289"
},
{
"category": "external",
"summary": "SUSE Bug 1246287 for CVE-2025-38289",
"url": "https://bugzilla.suse.com/1246287"
},
{
"category": "external",
"summary": "SUSE Bug 1246288 for CVE-2025-38289",
"url": "https://bugzilla.suse.com/1246288"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38289"
},
{
"cve": "CVE-2025-38290",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38290"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix node corruption in ar-\u003earvifs list\n\nIn current WLAN recovery code flow, ath12k_core_halt() only reinitializes\nthe \"arvifs\" list head. This will cause the list node immediately following\nthe list head to become an invalid list node. Because the prev of that node\nstill points to the list head \"arvifs\", but the next of the list head\n\"arvifs\" no longer points to that list node.\n\nWhen a WLAN recovery occurs during the execution of a vif removal, and it\nhappens before the spin_lock_bh(\u0026ar-\u003edata_lock) in\nath12k_mac_vdev_delete(), list_del() will detect the previously mentioned\nsituation, thereby triggering a kernel panic.\n\nThe fix is to remove and reinitialize all vif list nodes from the list head\n\"arvifs\" during WLAN halt. The reinitialization is to make the list nodes\nvalid, ensuring that the list_del() in ath12k_mac_vdev_delete() can execute\nnormally.\n\nCall trace:\n__list_del_entry_valid_or_report+0xd4/0x100 (P)\nath12k_mac_remove_link_interface.isra.0+0xf8/0x2e4 [ath12k]\nath12k_scan_vdev_clean_work+0x40/0x164 [ath12k]\ncfg80211_wiphy_work+0xfc/0x100\nprocess_one_work+0x164/0x2d0\nworker_thread+0x254/0x380\nkthread+0xfc/0x100\nret_from_fork+0x10/0x20\n\nThe change is mostly copied from the ath11k patch:\nhttps://lore.kernel.org/all/20250320053145.3445187-1-quic_stonez@quicinc.com/\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.4.1-00199-QCAHKSWPL_SILICONZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38290",
"url": "https://www.suse.com/security/cve/CVE-2025-38290"
},
{
"category": "external",
"summary": "SUSE Bug 1246293 for CVE-2025-38290",
"url": "https://bugzilla.suse.com/1246293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38290"
},
{
"cve": "CVE-2025-38291",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38291"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Prevent sending WMI commands to firmware during firmware crash\n\nCurrently, we encounter the following kernel call trace when a firmware\ncrash occurs. This happens because the host sends WMI commands to the\nfirmware while it is in recovery, causing the commands to fail and\nresulting in the kernel call trace.\n\nSet the ATH12K_FLAG_CRASH_FLUSH and ATH12K_FLAG_RECOVERY flags when the\nhost driver receives the firmware crash notification from MHI. This\nprevents sending WMI commands to the firmware during recovery.\n\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x75/0xc0\n register_lock_class+0x6be/0x7a0\n ? __lock_acquire+0x644/0x19a0\n __lock_acquire+0x95/0x19a0\n lock_acquire+0x265/0x310\n ? ath12k_ce_send+0xa2/0x210 [ath12k]\n ? find_held_lock+0x34/0xa0\n ? ath12k_ce_send+0x56/0x210 [ath12k]\n _raw_spin_lock_bh+0x33/0x70\n ? ath12k_ce_send+0xa2/0x210 [ath12k]\n ath12k_ce_send+0xa2/0x210 [ath12k]\n ath12k_htc_send+0x178/0x390 [ath12k]\n ath12k_wmi_cmd_send_nowait+0x76/0xa0 [ath12k]\n ath12k_wmi_cmd_send+0x62/0x190 [ath12k]\n ath12k_wmi_pdev_bss_chan_info_request+0x62/0xc0 [ath1\n ath12k_mac_op_get_survey+0x2be/0x310 [ath12k]\n ieee80211_dump_survey+0x99/0x240 [mac80211]\n nl80211_dump_survey+0xe7/0x470 [cfg80211]\n ? kmalloc_reserve+0x59/0xf0\n genl_dumpit+0x24/0x70\n netlink_dump+0x177/0x360\n __netlink_dump_start+0x206/0x280\n genl_family_rcv_msg_dumpit.isra.22+0x8a/0xe0\n ? genl_family_rcv_msg_attrs_parse.isra.23+0xe0/0xe0\n ? genl_op_lock.part.12+0x10/0x10\n ? genl_dumpit+0x70/0x70\n genl_rcv_msg+0x1d0/0x290\n ? nl80211_del_station+0x330/0x330 [cfg80211]\n ? genl_get_cmd_both+0x50/0x50\n netlink_rcv_skb+0x4f/0x100\n genl_rcv+0x1f/0x30\n netlink_unicast+0x1b6/0x260\n netlink_sendmsg+0x31a/0x450\n __sock_sendmsg+0xa8/0xb0\n ____sys_sendmsg+0x1e4/0x260\n ___sys_sendmsg+0x89/0xe0\n ? local_clock_noinstr+0xb/0xc0\n ? rcu_is_watching+0xd/0x40\n ? kfree+0x1de/0x370\n ? __sys_sendmsg+0x7a/0xc0\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.4.1-00199-QCAHKSWPL_SILICONZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38291",
"url": "https://www.suse.com/security/cve/CVE-2025-38291"
},
{
"category": "external",
"summary": "SUSE Bug 1246297 for CVE-2025-38291",
"url": "https://bugzilla.suse.com/1246297"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "low"
}
],
"title": "CVE-2025-38291"
},
{
"cve": "CVE-2025-38292",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38292"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix invalid access to memory\n\nIn ath12k_dp_rx_msdu_coalesce(), rxcb is fetched from skb and boolean\nis_continuation is part of rxcb.\nCurrently, after freeing the skb, the rxcb-\u003eis_continuation accessed\nagain which is wrong since the memory is already freed.\nThis might lead use-after-free error.\n\nHence, fix by locally defining bool is_continuation from rxcb,\nso that after freeing skb, is_continuation can be used.\n\nCompile tested only.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38292",
"url": "https://www.suse.com/security/cve/CVE-2025-38292"
},
{
"category": "external",
"summary": "SUSE Bug 1246295 for CVE-2025-38292",
"url": "https://bugzilla.suse.com/1246295"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38292"
},
{
"cve": "CVE-2025-38293",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38293"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix node corruption in ar-\u003earvifs list\n\nIn current WLAN recovery code flow, ath11k_core_halt() only\nreinitializes the \"arvifs\" list head. This will cause the\nlist node immediately following the list head to become an\ninvalid list node. Because the prev of that node still points\nto the list head \"arvifs\", but the next of the list head \"arvifs\"\nno longer points to that list node.\n\nWhen a WLAN recovery occurs during the execution of a vif\nremoval, and it happens before the spin_lock_bh(\u0026ar-\u003edata_lock)\nin ath11k_mac_op_remove_interface(), list_del() will detect the\npreviously mentioned situation, thereby triggering a kernel panic.\n\nThe fix is to remove and reinitialize all vif list nodes from the\nlist head \"arvifs\" during WLAN halt. The reinitialization is to make\nthe list nodes valid, ensuring that the list_del() in\nath11k_mac_op_remove_interface() can execute normally.\n\nCall trace:\n__list_del_entry_valid_or_report+0xb8/0xd0\nath11k_mac_op_remove_interface+0xb0/0x27c [ath11k]\ndrv_remove_interface+0x48/0x194 [mac80211]\nieee80211_do_stop+0x6e0/0x844 [mac80211]\nieee80211_stop+0x44/0x17c [mac80211]\n__dev_close_many+0xac/0x150\n__dev_change_flags+0x194/0x234\ndev_change_flags+0x24/0x6c\ndevinet_ioctl+0x3a0/0x670\ninet_ioctl+0x200/0x248\nsock_do_ioctl+0x60/0x118\nsock_ioctl+0x274/0x35c\n__arm64_sys_ioctl+0xac/0xf0\ninvoke_syscall+0x48/0x114\n...\n\nTested-on: QCA6698AQ hw2.1 PCI WLAN.HSP.1.1-04591-QCAHSPSWPL_V1_V2_SILICONZ_IOE-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38293",
"url": "https://www.suse.com/security/cve/CVE-2025-38293"
},
{
"category": "external",
"summary": "SUSE Bug 1246292 for CVE-2025-38293",
"url": "https://bugzilla.suse.com/1246292"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38293"
},
{
"cve": "CVE-2025-38299",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38299"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mediatek: mt8195: Set ETDM1/2 IN/OUT to COMP_DUMMY()\n\nETDM2_IN_BE and ETDM1_OUT_BE are defined as COMP_EMPTY(),\nin the case the codec dai_name will be null.\n\nAvoid a crash if the device tree is not assigning a codec\nto these links.\n\n[ 1.179936] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n[ 1.181065] Mem abort info:\n[ 1.181420] ESR = 0x0000000096000004\n[ 1.181892] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 1.182576] SET = 0, FnV = 0\n[ 1.182964] EA = 0, S1PTW = 0\n[ 1.183367] FSC = 0x04: level 0 translation fault\n[ 1.183983] Data abort info:\n[ 1.184406] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[ 1.185097] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 1.185766] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 1.186439] [0000000000000000] user address but active_mm is swapper\n[ 1.187239] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 1.188029] Modules linked in:\n[ 1.188420] CPU: 7 UID: 0 PID: 70 Comm: kworker/u32:1 Not tainted 6.14.0-rc4-next-20250226+ #85\n[ 1.189515] Hardware name: Radxa NIO 12L (DT)\n[ 1.190065] Workqueue: events_unbound deferred_probe_work_func\n[ 1.190808] pstate: 40400009 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 1.191683] pc : __pi_strcmp+0x24/0x140\n[ 1.192170] lr : mt8195_mt6359_soc_card_probe+0x224/0x7b0\n[ 1.192854] sp : ffff800083473970\n[ 1.193271] x29: ffff800083473a10 x28: 0000000000001008 x27: 0000000000000002\n[ 1.194168] x26: ffff800082408960 x25: ffff800082417db0 x24: ffff800082417d88\n[ 1.195065] x23: 000000000000001e x22: ffff800082dbf480 x21: ffff800082dc07b8\n[ 1.195961] x20: 0000000000000000 x19: 0000000000000013 x18: 00000000ffffffff\n[ 1.196858] x17: 000000040044ffff x16: 005000f2b5503510 x15: 0000000000000006\n[ 1.197755] x14: ffff800082407af0 x13: 6e6f69737265766e x12: 692d6b636f6c6374\n[ 1.198651] x11: 0000000000000002 x10: ffff80008240b920 x9 : 0000000000000018\n[ 1.199547] x8 : 0101010101010101 x7 : 0000000000000000 x6 : 0000000000000000\n[ 1.200443] x5 : 0000000000000000 x4 : 8080808080000000 x3 : 303933383978616d\n[ 1.201339] x2 : 0000000000000000 x1 : ffff80008240b920 x0 : 0000000000000000\n[ 1.202236] Call trace:\n[ 1.202545] __pi_strcmp+0x24/0x140 (P)\n[ 1.203029] mtk_soundcard_common_probe+0x3bc/0x5b8\n[ 1.203644] platform_probe+0x70/0xe8\n[ 1.204106] really_probe+0xc8/0x3a0\n[ 1.204556] __driver_probe_device+0x84/0x160\n[ 1.205104] driver_probe_device+0x44/0x130\n[ 1.205630] __device_attach_driver+0xc4/0x170\n[ 1.206189] bus_for_each_drv+0x8c/0xf8\n[ 1.206672] __device_attach+0xa8/0x1c8\n[ 1.207155] device_initial_probe+0x1c/0x30\n[ 1.207681] bus_probe_device+0xb0/0xc0\n[ 1.208165] deferred_probe_work_func+0xa4/0x100\n[ 1.208747] process_one_work+0x158/0x3e0\n[ 1.209254] worker_thread+0x2c4/0x3e8\n[ 1.209727] kthread+0x134/0x1f0\n[ 1.210136] ret_from_fork+0x10/0x20\n[ 1.210589] Code: 54000401 b50002c6 d503201f f86a6803 (f8408402)\n[ 1.211355] ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38299",
"url": "https://www.suse.com/security/cve/CVE-2025-38299"
},
{
"category": "external",
"summary": "SUSE Bug 1246290 for CVE-2025-38299",
"url": "https://bugzilla.suse.com/1246290"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38299"
},
{
"cve": "CVE-2025-38300",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38300"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare()\n\nFix two DMA cleanup issues on the error path in sun8i_ce_cipher_prepare():\n\n1] If dma_map_sg() fails for areq-\u003edst, the device driver would try to free\n DMA memory it has not allocated in the first place. To fix this, on the\n \"theend_sgs\" error path, call dma unmap only if the corresponding dma\n map was successful.\n\n2] If the dma_map_single() call for the IV fails, the device driver would\n try to free an invalid DMA memory address on the \"theend_iv\" path:\n ------------[ cut here ]------------\n DMA-API: sun8i-ce 1904000.crypto: device driver tries to free an invalid DMA memory address\n WARNING: CPU: 2 PID: 69 at kernel/dma/debug.c:968 check_unmap+0x123c/0x1b90\n Modules linked in: skcipher_example(O+)\n CPU: 2 UID: 0 PID: 69 Comm: 1904000.crypto- Tainted: G O 6.15.0-rc3+ #24 PREEMPT\n Tainted: [O]=OOT_MODULE\n Hardware name: OrangePi Zero2 (DT)\n pc : check_unmap+0x123c/0x1b90\n lr : check_unmap+0x123c/0x1b90\n ...\n Call trace:\n check_unmap+0x123c/0x1b90 (P)\n debug_dma_unmap_page+0xac/0xc0\n dma_unmap_page_attrs+0x1f4/0x5fc\n sun8i_ce_cipher_do_one+0x1bd4/0x1f40\n crypto_pump_work+0x334/0x6e0\n kthread_worker_fn+0x21c/0x438\n kthread+0x374/0x664\n ret_from_fork+0x10/0x20\n ---[ end trace 0000000000000000 ]---\n\nTo fix this, check for !dma_mapping_error() before calling\ndma_unmap_single() on the \"theend_iv\" path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38300",
"url": "https://www.suse.com/security/cve/CVE-2025-38300"
},
{
"category": "external",
"summary": "SUSE Bug 1246349 for CVE-2025-38300",
"url": "https://bugzilla.suse.com/1246349"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38300"
},
{
"cve": "CVE-2025-38301",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38301"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmem: zynqmp_nvmem: unbreak driver after cleanup\n\nCommit 29be47fcd6a0 (\"nvmem: zynqmp_nvmem: zynqmp_nvmem_probe cleanup\")\nchanged the driver to expect the device pointer to be passed as the\n\"context\", but in nvmem the context parameter comes from nvmem_config.priv\nwhich is never set - Leading to null pointer exceptions when the device is\naccessed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38301",
"url": "https://www.suse.com/security/cve/CVE-2025-38301"
},
{
"category": "external",
"summary": "SUSE Bug 1246351 for CVE-2025-38301",
"url": "https://bugzilla.suse.com/1246351"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38301"
},
{
"cve": "CVE-2025-38302",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38302"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: don\u0027t use submit_bio_noacct_nocheck in blk_zone_wplug_bio_work\n\nBios queued up in the zone write plug have already gone through all all\npreparation in the submit_bio path, including the freeze protection.\n\nSubmitting them through submit_bio_noacct_nocheck duplicates the work\nand can can cause deadlocks when freezing a queue with pending bio\nwrite plugs.\n\nGo straight to -\u003esubmit_bio or blk_mq_submit_bio to bypass the\nsuperfluous extra freeze protection and checks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38302",
"url": "https://www.suse.com/security/cve/CVE-2025-38302"
},
{
"category": "external",
"summary": "SUSE Bug 1246353 for CVE-2025-38302",
"url": "https://bugzilla.suse.com/1246353"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38302"
},
{
"cve": "CVE-2025-38303",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38303"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: eir: Fix possible crashes on eir_create_adv_data\n\neir_create_adv_data may attempt to add EIR_FLAGS and EIR_TX_POWER\nwithout checking if that would fit.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38303",
"url": "https://www.suse.com/security/cve/CVE-2025-38303"
},
{
"category": "external",
"summary": "SUSE Bug 1246354 for CVE-2025-38303",
"url": "https://bugzilla.suse.com/1246354"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38303"
},
{
"cve": "CVE-2025-38304",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38304"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix NULL pointer deference on eir_get_service_data\n\nThe len parameter is considered optional so it can be NULL so it cannot\nbe used for skipping to next entry of EIR_SERVICE_DATA.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38304",
"url": "https://www.suse.com/security/cve/CVE-2025-38304"
},
{
"category": "external",
"summary": "SUSE Bug 1246240 for CVE-2025-38304",
"url": "https://bugzilla.suse.com/1246240"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38304"
},
{
"cve": "CVE-2025-38305",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38305"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptp: remove ptp-\u003en_vclocks check logic in ptp_vclock_in_use()\n\nThere is no disagreement that we should check both ptp-\u003eis_virtual_clock\nand ptp-\u003en_vclocks to check if the ptp virtual clock is in use.\n\nHowever, when we acquire ptp-\u003en_vclocks_mux to read ptp-\u003en_vclocks in\nptp_vclock_in_use(), we observe a recursive lock in the call trace\nstarting from n_vclocks_store().\n\n============================================\nWARNING: possible recursive locking detected\n6.15.0-rc6 #1 Not tainted\n--------------------------------------------\nsyz.0.1540/13807 is trying to acquire lock:\nffff888035a24868 (\u0026ptp-\u003en_vclocks_mux){+.+.}-{4:4}, at:\n ptp_vclock_in_use drivers/ptp/ptp_private.h:103 [inline]\nffff888035a24868 (\u0026ptp-\u003en_vclocks_mux){+.+.}-{4:4}, at:\n ptp_clock_unregister+0x21/0x250 drivers/ptp/ptp_clock.c:415\n\nbut task is already holding lock:\nffff888030704868 (\u0026ptp-\u003en_vclocks_mux){+.+.}-{4:4}, at:\n n_vclocks_store+0xf1/0x6d0 drivers/ptp/ptp_sysfs.c:215\n\nother info that might help us debug this:\n Possible unsafe locking scenario:\n\n CPU0\n ----\n lock(\u0026ptp-\u003en_vclocks_mux);\n lock(\u0026ptp-\u003en_vclocks_mux);\n\n *** DEADLOCK ***\n....\n============================================\n\nThe best way to solve this is to remove the logic that checks\nptp-\u003en_vclocks in ptp_vclock_in_use().\n\nThe reason why this is appropriate is that any path that uses\nptp-\u003en_vclocks must unconditionally check if ptp-\u003en_vclocks is greater\nthan 0 before unregistering vclocks, and all functions are already\nwritten this way. And in the function that uses ptp-\u003en_vclocks, we\nalready get ptp-\u003en_vclocks_mux before unregistering vclocks.\n\nTherefore, we need to remove the redundant check for ptp-\u003en_vclocks in\nptp_vclock_in_use() to prevent recursive locking.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38305",
"url": "https://www.suse.com/security/cve/CVE-2025-38305"
},
{
"category": "external",
"summary": "SUSE Bug 1246358 for CVE-2025-38305",
"url": "https://bugzilla.suse.com/1246358"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38305"
},
{
"cve": "CVE-2025-38306",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38306"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/fhandle.c: fix a race in call of has_locked_children()\n\nmay_decode_fh() is calling has_locked_children() while holding no locks.\nThat\u0027s an oopsable race...\n\nThe rest of the callers are safe since they are holding namespace_sem and\nare guaranteed a positive refcount on the mount in question.\n\nRename the current has_locked_children() to __has_locked_children(), make\nit static and switch the fs/namespace.c users to it.\n\nMake has_locked_children() a wrapper for __has_locked_children(), calling\nthe latter under read_seqlock_excl(\u0026mount_lock).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38306",
"url": "https://www.suse.com/security/cve/CVE-2025-38306"
},
{
"category": "external",
"summary": "SUSE Bug 1246366 for CVE-2025-38306",
"url": "https://bugzilla.suse.com/1246366"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38306"
},
{
"cve": "CVE-2025-38307",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38307"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: Intel: avs: Verify content returned by parse_int_array()\n\nThe first element of the returned array stores its length. If it is 0,\nany manipulation beyond the element at index 0 ends with null-ptr-deref.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38307",
"url": "https://www.suse.com/security/cve/CVE-2025-38307"
},
{
"category": "external",
"summary": "SUSE Bug 1246364 for CVE-2025-38307",
"url": "https://bugzilla.suse.com/1246364"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38307"
},
{
"cve": "CVE-2025-38311",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38311"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: get rid of the crit lock\n\nGet rid of the crit lock.\nThat frees us from the error prone logic of try_locks.\n\nThanks to netdev_lock() by Jakub it is now easy, and in most cases we were\nprotected by it already - replace crit lock by netdev lock when it was not\nthe case.\n\nLockdep reports that we should cancel the work under crit_lock [splat1],\nand that was the scheme we have mostly followed since [1] by Slawomir.\nBut when that is done we still got into deadlocks [splat2]. So instead\nwe should look at the bigger problem, namely \"weird locking/scheduling\"\nof the iavf. The first step to fix that is to remove the crit lock.\nI will followup with a -next series that simplifies scheduling/tasks.\n\nCancel the work without netdev lock (weird unlock+lock scheme),\nto fix the [splat2] (which would be totally ugly if we would kept\nthe crit lock).\n\nExtend protected part of iavf_watchdog_task() to include scheduling\nmore work.\n\nNote that the removed comment in iavf_reset_task() was misplaced,\nit belonged to inside of the removed if condition, so it\u0027s gone now.\n\n[splat1] - w/o this patch - The deadlock during VF removal:\n WARNING: possible circular locking dependency detected\n sh/3825 is trying to acquire lock:\n ((work_completion)(\u0026(\u0026adapter-\u003ewatchdog_task)-\u003ework)){+.+.}-{0:0}, at: start_flush_work+0x1a1/0x470\n but task is already holding lock:\n (\u0026adapter-\u003ecrit_lock){+.+.}-{4:4}, at: iavf_remove+0xd1/0x690 [iavf]\n which lock already depends on the new lock.\n\n[splat2] - when cancelling work under crit lock, w/o this series,\n\t see [2] for the band aid attempt\n WARNING: possible circular locking dependency detected\n sh/3550 is trying to acquire lock:\n ((wq_completion)iavf){+.+.}-{0:0}, at: touch_wq_lockdep_map+0x26/0x90\n but task is already holding lock:\n (\u0026dev-\u003elock){+.+.}-{4:4}, at: iavf_remove+0xa6/0x6e0 [iavf]\n which lock already depends on the new lock.\n\n[1] fc2e6b3b132a (\"iavf: Rework mutexes for better synchronisation\")\n[2] https://github.com/pkitszel/linux/commit/52dddbfc2bb60294083f5711a158a",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38311",
"url": "https://www.suse.com/security/cve/CVE-2025-38311"
},
{
"category": "external",
"summary": "SUSE Bug 1246376 for CVE-2025-38311",
"url": "https://bugzilla.suse.com/1246376"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38311"
},
{
"cve": "CVE-2025-38312",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38312"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod()\n\nIn fb_find_mode_cvt(), iff mode-\u003erefresh somehow happens to be 0x80000000,\ncvt.f_refresh will become 0 when multiplying it by 2 due to overflow. It\u0027s\nthen passed to fb_cvt_hperiod(), where it\u0027s used as a divider -- division\nby 0 will result in kernel oops. Add a sanity check for cvt.f_refresh to\navoid such overflow...\n\nFound by Linux Verification Center (linuxtesting.org) with the Svace static\nanalysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38312",
"url": "https://www.suse.com/security/cve/CVE-2025-38312"
},
{
"category": "external",
"summary": "SUSE Bug 1246386 for CVE-2025-38312",
"url": "https://bugzilla.suse.com/1246386"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38312"
},
{
"cve": "CVE-2025-38313",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38313"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: fsl-mc: fix double-free on mc_dev\n\nThe blamed commit tried to simplify how the deallocations are done but,\nin the process, introduced a double-free on the mc_dev variable.\n\nIn case the MC device is a DPRC, a new mc_bus is allocated and the\nmc_dev variable is just a reference to one of its fields. In this\ncircumstance, on the error path only the mc_bus should be freed.\n\nThis commit introduces back the following checkpatch warning which is a\nfalse-positive.\n\nWARNING: kfree(NULL) is safe and this check is probably not required\n+ if (mc_bus)\n+ kfree(mc_bus);",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38313",
"url": "https://www.suse.com/security/cve/CVE-2025-38313"
},
{
"category": "external",
"summary": "SUSE Bug 1246342 for CVE-2025-38313",
"url": "https://bugzilla.suse.com/1246342"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38313"
},
{
"cve": "CVE-2025-38315",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38315"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btintel: Check dsbr size from EFI variable\n\nSince the size of struct btintel_dsbr is already known, we can just\nstart there instead of querying the EFI variable size. If the final\nresult doesn\u0027t match what we expect also fail. This fixes a stack buffer\noverflow when the EFI variable is larger than struct btintel_dsbr.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38315",
"url": "https://www.suse.com/security/cve/CVE-2025-38315"
},
{
"category": "external",
"summary": "SUSE Bug 1246333 for CVE-2025-38315",
"url": "https://bugzilla.suse.com/1246333"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38315"
},
{
"cve": "CVE-2025-38317",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38317"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Fix buffer overflow in debugfs\n\nIf the user tries to write more than 32 bytes then it results in memory\ncorruption. Fortunately, this is debugfs so it\u0027s limited to root users.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38317",
"url": "https://www.suse.com/security/cve/CVE-2025-38317"
},
{
"category": "external",
"summary": "SUSE Bug 1246443 for CVE-2025-38317",
"url": "https://bugzilla.suse.com/1246443"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38317"
},
{
"cve": "CVE-2025-38318",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38318"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: arm-ni: Fix missing platform_set_drvdata()\n\nAdd missing platform_set_drvdata in arm_ni_probe(), otherwise\ncalling platform_get_drvdata() in remove returns NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38318",
"url": "https://www.suse.com/security/cve/CVE-2025-38318"
},
{
"category": "external",
"summary": "SUSE Bug 1246444 for CVE-2025-38318",
"url": "https://bugzilla.suse.com/1246444"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38318"
},
{
"cve": "CVE-2025-38319",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38319"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table\n\nThe function atomctrl_initialize_mc_reg_table() and\natomctrl_initialize_mc_reg_table_v2_2() does not check the return\nvalue of smu_atom_get_data_table(). If smu_atom_get_data_table()\nfails to retrieve vram_info, it returns NULL which is later\ndereferenced.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38319",
"url": "https://www.suse.com/security/cve/CVE-2025-38319"
},
{
"category": "external",
"summary": "SUSE Bug 1246243 for CVE-2025-38319",
"url": "https://bugzilla.suse.com/1246243"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38319"
},
{
"cve": "CVE-2025-38322",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38322"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/intel: Fix crash in icl_update_topdown_event()\n\nThe perf_fuzzer found a hard-lockup crash on a RaptorLake machine:\n\n Oops: general protection fault, maybe for address 0xffff89aeceab400: 0000\n CPU: 23 UID: 0 PID: 0 Comm: swapper/23\n Tainted: [W]=WARN\n Hardware name: Dell Inc. Precision 9660/0VJ762\n RIP: 0010:native_read_pmc+0x7/0x40\n Code: cc e8 8d a9 01 00 48 89 03 5b cd cc cc cc cc 0f 1f ...\n RSP: 000:fffb03100273de8 EFLAGS: 00010046\n ....\n Call Trace:\n \u003cTASK\u003e\n icl_update_topdown_event+0x165/0x190\n ? ktime_get+0x38/0xd0\n intel_pmu_read_event+0xf9/0x210\n __perf_event_read+0xf9/0x210\n\nCPUs 16-23 are E-core CPUs that don\u0027t support the perf metrics feature.\nThe icl_update_topdown_event() should not be invoked on these CPUs.\n\nIt\u0027s a regression of commit:\n\n f9bdf1f95339 (\"perf/x86/intel: Avoid disable PMU if !cpuc-\u003eenabled in sample read\")\n\nThe bug introduced by that commit is that the is_topdown_event() function\nis mistakenly used to replace the is_topdown_count() call to check if the\ntopdown functions for the perf metrics feature should be invoked.\n\nFix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38322",
"url": "https://www.suse.com/security/cve/CVE-2025-38322"
},
{
"category": "external",
"summary": "SUSE Bug 1246447 for CVE-2025-38322",
"url": "https://bugzilla.suse.com/1246447"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38322"
},
{
"cve": "CVE-2025-38323",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38323"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: atm: add lec_mutex\n\nsyzbot found its way in net/atm/lec.c, and found an error path\nin lecd_attach() could leave a dangling pointer in dev_lec[].\n\nAdd a mutex to protect dev_lecp[] uses from lecd_attach(),\nlec_vcc_attach() and lec_mcast_attach().\n\nFollowing patch will use this mutex for /proc/net/atm/lec.\n\nBUG: KASAN: slab-use-after-free in lecd_attach net/atm/lec.c:751 [inline]\nBUG: KASAN: slab-use-after-free in lane_ioctl+0x2224/0x23e0 net/atm/lec.c:1008\nRead of size 8 at addr ffff88807c7b8e68 by task syz.1.17/6142\n\nCPU: 1 UID: 0 PID: 6142 Comm: syz.1.17 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xcd/0x680 mm/kasan/report.c:521\n kasan_report+0xe0/0x110 mm/kasan/report.c:634\n lecd_attach net/atm/lec.c:751 [inline]\n lane_ioctl+0x2224/0x23e0 net/atm/lec.c:1008\n do_vcc_ioctl+0x12c/0x930 net/atm/ioctl.c:159\n sock_do_ioctl+0x118/0x280 net/socket.c:1190\n sock_ioctl+0x227/0x6b0 net/socket.c:1311\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl fs/ioctl.c:893 [inline]\n __x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n \u003c/TASK\u003e\n\nAllocated by task 6132:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4328 [inline]\n __kvmalloc_node_noprof+0x27b/0x620 mm/slub.c:5015\n alloc_netdev_mqs+0xd2/0x1570 net/core/dev.c:11711\n lecd_attach net/atm/lec.c:737 [inline]\n lane_ioctl+0x17db/0x23e0 net/atm/lec.c:1008\n do_vcc_ioctl+0x12c/0x930 net/atm/ioctl.c:159\n sock_do_ioctl+0x118/0x280 net/socket.c:1190\n sock_ioctl+0x227/0x6b0 net/socket.c:1311\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl fs/ioctl.c:893 [inline]\n __x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 6132:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x51/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2381 [inline]\n slab_free mm/slub.c:4643 [inline]\n kfree+0x2b4/0x4d0 mm/slub.c:4842\n free_netdev+0x6c5/0x910 net/core/dev.c:11892\n lecd_attach net/atm/lec.c:744 [inline]\n lane_ioctl+0x1ce8/0x23e0 net/atm/lec.c:1008\n do_vcc_ioctl+0x12c/0x930 net/atm/ioctl.c:159\n sock_do_ioctl+0x118/0x280 net/socket.c:1190\n sock_ioctl+0x227/0x6b0 net/socket.c:1311\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl fs/ioctl.c:893 [inline]\n __x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:893",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38323",
"url": "https://www.suse.com/security/cve/CVE-2025-38323"
},
{
"category": "external",
"summary": "SUSE Bug 1246473 for CVE-2025-38323",
"url": "https://bugzilla.suse.com/1246473"
},
{
"category": "external",
"summary": "SUSE Bug 1246525 for CVE-2025-38323",
"url": "https://bugzilla.suse.com/1246525"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38323"
},
{
"cve": "CVE-2025-38326",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38326"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naoe: clean device rq_list in aoedev_downdev()\n\nAn aoe device\u0027s rq_list contains accepted block requests that are\nwaiting to be transmitted to the aoe target. This queue was added as\npart of the conversion to blk_mq. However, the queue was not cleaned out\nwhen an aoe device is downed which caused blk_mq_freeze_queue() to sleep\nindefinitely waiting for those requests to complete, causing a hang. This\nfix cleans out the queue before calling blk_mq_freeze_queue().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38326",
"url": "https://www.suse.com/security/cve/CVE-2025-38326"
},
{
"category": "external",
"summary": "SUSE Bug 1246490 for CVE-2025-38326",
"url": "https://bugzilla.suse.com/1246490"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38326"
},
{
"cve": "CVE-2025-38332",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38332"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Use memcpy() for BIOS version\n\nThe strlcat() with FORTIFY support is triggering a panic because it\nthinks the target buffer will overflow although the correct target\nbuffer size is passed in.\n\nAnyway, instead of memset() with 0 followed by a strlcat(), just use\nmemcpy() and ensure that the resulting buffer is NULL terminated.\n\nBIOSVersion is only used for the lpfc_printf_log() which expects a\nproperly terminated string.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38332",
"url": "https://www.suse.com/security/cve/CVE-2025-38332"
},
{
"category": "external",
"summary": "SUSE Bug 1246375 for CVE-2025-38332",
"url": "https://bugzilla.suse.com/1246375"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38332"
},
{
"cve": "CVE-2025-38335",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38335"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: gpio-keys - fix a sleep while atomic with PREEMPT_RT\n\nWhen enabling PREEMPT_RT, the gpio_keys_irq_timer() callback runs in\nhard irq context, but the input_event() takes a spin_lock, which isn\u0027t\nallowed there as it is converted to a rt_spin_lock().\n\n[ 4054.289999] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n[ 4054.290028] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/0\n...\n[ 4054.290195] __might_resched+0x13c/0x1f4\n[ 4054.290209] rt_spin_lock+0x54/0x11c\n[ 4054.290219] input_event+0x48/0x80\n[ 4054.290230] gpio_keys_irq_timer+0x4c/0x78\n[ 4054.290243] __hrtimer_run_queues+0x1a4/0x438\n[ 4054.290257] hrtimer_interrupt+0xe4/0x240\n[ 4054.290269] arch_timer_handler_phys+0x2c/0x44\n[ 4054.290283] handle_percpu_devid_irq+0x8c/0x14c\n[ 4054.290297] handle_irq_desc+0x40/0x58\n[ 4054.290307] generic_handle_domain_irq+0x1c/0x28\n[ 4054.290316] gic_handle_irq+0x44/0xcc\n\nConsidering the gpio_keys_irq_isr() can run in any context, e.g. it can\nbe threaded, it seems there\u0027s no point in requesting the timer isr to\nrun in hard irq context.\n\nRelax the hrtimer not to use the hard context.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38335",
"url": "https://www.suse.com/security/cve/CVE-2025-38335"
},
{
"category": "external",
"summary": "SUSE Bug 1246250 for CVE-2025-38335",
"url": "https://bugzilla.suse.com/1246250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38335"
},
{
"cve": "CVE-2025-38336",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38336"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330\n\nThe controller has a hardware bug that can hard hang the system when\ndoing ATAPI DMAs without any trace of what happened. Depending on the\ndevice attached, it can also prevent the system from booting.\n\nIn this case, the system hangs when reading the ATIP from optical media\nwith cdrecord -vvv -atip on an _NEC DVD_RW ND-4571A 1-01 and an\nOptiarc DVD RW AD-7200A 1.06 attached to an ASRock 990FX Extreme 4,\nrunning at UDMA/33.\n\nThe issue can be reproduced by running the same command with a cygwin\nbuild of cdrecord on WinXP, although it requires more attempts to cause\nit. The hang in that case is also resolved by forcing PIO. It doesn\u0027t\nappear that VIA has produced any drivers for that OS, thus no known\nworkaround exists.\n\nHDDs attached to the controller do not suffer from any DMA issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38336",
"url": "https://www.suse.com/security/cve/CVE-2025-38336"
},
{
"category": "external",
"summary": "SUSE Bug 1246370 for CVE-2025-38336",
"url": "https://bugzilla.suse.com/1246370"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38336"
},
{
"cve": "CVE-2025-38337",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38337"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata()\n\nSince handle-\u003eh_transaction may be a NULL pointer, so we should change it\nto call is_handle_aborted(handle) first before dereferencing it.\n\nAnd the following data-race was reported in my fuzzer:\n\n==================================================================\nBUG: KCSAN: data-race in jbd2_journal_dirty_metadata / jbd2_journal_dirty_metadata\n\nwrite to 0xffff888011024104 of 4 bytes by task 10881 on cpu 1:\n jbd2_journal_dirty_metadata+0x2a5/0x770 fs/jbd2/transaction.c:1556\n __ext4_handle_dirty_metadata+0xe7/0x4b0 fs/ext4/ext4_jbd2.c:358\n ext4_do_update_inode fs/ext4/inode.c:5220 [inline]\n ext4_mark_iloc_dirty+0x32c/0xd50 fs/ext4/inode.c:5869\n __ext4_mark_inode_dirty+0xe1/0x450 fs/ext4/inode.c:6074\n ext4_dirty_inode+0x98/0xc0 fs/ext4/inode.c:6103\n....\n\nread to 0xffff888011024104 of 4 bytes by task 10880 on cpu 0:\n jbd2_journal_dirty_metadata+0xf2/0x770 fs/jbd2/transaction.c:1512\n __ext4_handle_dirty_metadata+0xe7/0x4b0 fs/ext4/ext4_jbd2.c:358\n ext4_do_update_inode fs/ext4/inode.c:5220 [inline]\n ext4_mark_iloc_dirty+0x32c/0xd50 fs/ext4/inode.c:5869\n __ext4_mark_inode_dirty+0xe1/0x450 fs/ext4/inode.c:6074\n ext4_dirty_inode+0x98/0xc0 fs/ext4/inode.c:6103\n....\n\nvalue changed: 0x00000000 -\u003e 0x00000001\n==================================================================\n\nThis issue is caused by missing data-race annotation for jh-\u003eb_modified.\nTherefore, the missing annotation needs to be added.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38337",
"url": "https://www.suse.com/security/cve/CVE-2025-38337"
},
{
"category": "external",
"summary": "SUSE Bug 1246253 for CVE-2025-38337",
"url": "https://bugzilla.suse.com/1246253"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38337"
},
{
"cve": "CVE-2025-38338",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38338"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/nfs/read: fix double-unlock bug in nfs_return_empty_folio()\n\nSometimes, when a file was read while it was being truncated by\nanother NFS client, the kernel could deadlock because folio_unlock()\nwas called twice, and the second call would XOR back the `PG_locked`\nflag.\n\nMost of the time (depending on the timing of the truncation), nobody\nnotices the problem because folio_unlock() gets called three times,\nwhich flips `PG_locked` back off:\n\n 1. vfs_read, nfs_read_folio, ... nfs_read_add_folio,\n nfs_return_empty_folio\n 2. vfs_read, nfs_read_folio, ... netfs_read_collection,\n netfs_unlock_abandoned_read_pages\n 3. vfs_read, ... nfs_do_read_folio, nfs_read_add_folio,\n nfs_return_empty_folio\n\nThe problem is that nfs_read_add_folio() is not supposed to unlock the\nfolio if fscache is enabled, and a nfs_netfs_folio_unlock() check is\nmissing in nfs_return_empty_folio().\n\nRarely this leads to a warning in netfs_read_collection():\n\n ------------[ cut here ]------------\n R=0000031c: folio 10 is not locked\n WARNING: CPU: 0 PID: 29 at fs/netfs/read_collect.c:133 netfs_read_collection+0x7c0/0xf00\n [...]\n Workqueue: events_unbound netfs_read_collection_worker\n RIP: 0010:netfs_read_collection+0x7c0/0xf00\n [...]\n Call Trace:\n \u003cTASK\u003e\n netfs_read_collection_worker+0x67/0x80\n process_one_work+0x12e/0x2c0\n worker_thread+0x295/0x3a0\n\nMost of the time, however, processes just get stuck forever in\nfolio_wait_bit_common(), waiting for `PG_locked` to disappear, which\nnever happens because nobody is really holding the folio lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38338",
"url": "https://www.suse.com/security/cve/CVE-2025-38338"
},
{
"category": "external",
"summary": "SUSE Bug 1246258 for CVE-2025-38338",
"url": "https://bugzilla.suse.com/1246258"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38338"
},
{
"cve": "CVE-2025-38339",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38339"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/bpf: fix JIT code size calculation of bpf trampoline\n\narch_bpf_trampoline_size() provides JIT size of the BPF trampoline\nbefore the buffer for JIT\u0027ing it is allocated. The total number of\ninstructions emitted for BPF trampoline JIT code depends on where\nthe final image is located. So, the size arrived at with the dummy\npass in arch_bpf_trampoline_size() can vary from the actual size\nneeded in arch_prepare_bpf_trampoline(). When the instructions\naccounted in arch_bpf_trampoline_size() is less than the number of\ninstructions emitted during the actual JIT compile of the trampoline,\nthe below warning is produced:\n\n WARNING: CPU: 8 PID: 204190 at arch/powerpc/net/bpf_jit_comp.c:981 __arch_prepare_bpf_trampoline.isra.0+0xd2c/0xdcc\n\nwhich is:\n\n /* Make sure the trampoline generation logic doesn\u0027t overflow */\n if (image \u0026\u0026 WARN_ON_ONCE(\u0026image[ctx-\u003eidx] \u003e\n \t\t\t(u32 *)rw_image_end - BPF_INSN_SAFETY)) {\n\nSo, during the dummy pass, instead of providing some arbitrary image\nlocation, account for maximum possible instructions if and when there\nis a dependency with image location for JIT\u0027ing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38339",
"url": "https://www.suse.com/security/cve/CVE-2025-38339"
},
{
"category": "external",
"summary": "SUSE Bug 1246259 for CVE-2025-38339",
"url": "https://bugzilla.suse.com/1246259"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38339"
},
{
"cve": "CVE-2025-38341",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38341"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\neth: fbnic: avoid double free when failing to DMA-map FW msg\n\nThe semantics are that caller of fbnic_mbx_map_msg() retains\nthe ownership of the message on error. All existing callers\ndutifully free the page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38341",
"url": "https://www.suse.com/security/cve/CVE-2025-38341"
},
{
"category": "external",
"summary": "SUSE Bug 1246260 for CVE-2025-38341",
"url": "https://bugzilla.suse.com/1246260"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38341"
},
{
"cve": "CVE-2025-38342",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38342"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoftware node: Correct a OOB check in software_node_get_reference_args()\n\nsoftware_node_get_reference_args() wants to get @index-th element, so\nthe property value requires at least \u0027(index + 1) * sizeof(*ref)\u0027 bytes\nbut that can not be guaranteed by current OOB check, and may cause OOB\nfor malformed property.\n\nFix by using as OOB check \u0027((index + 1) * sizeof(*ref) \u003e prop-\u003elength)\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38342",
"url": "https://www.suse.com/security/cve/CVE-2025-38342"
},
{
"category": "external",
"summary": "SUSE Bug 1246453 for CVE-2025-38342",
"url": "https://bugzilla.suse.com/1246453"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38342"
},
{
"cve": "CVE-2025-38343",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38343"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7996: drop fragments with multicast or broadcast RA\n\nIEEE 802.11 fragmentation can only be applied to unicast frames.\nTherefore, drop fragments with multicast or broadcast RA. This patch\naddresses vulnerabilities such as CVE-2020-26145.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38343",
"url": "https://www.suse.com/security/cve/CVE-2025-38343"
},
{
"category": "external",
"summary": "SUSE Bug 1246438 for CVE-2025-38343",
"url": "https://bugzilla.suse.com/1246438"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38343"
},
{
"cve": "CVE-2025-38344",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38344"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: fix acpi parse and parseext cache leaks\n\nACPICA commit 8829e70e1360c81e7a5a901b5d4f48330e021ea5\n\nI\u0027m Seunghun Han, and I work for National Security Research Institute of\nSouth Korea.\n\nI have been doing a research on ACPI and found an ACPI cache leak in ACPI\nearly abort cases.\n\nBoot log of ACPI cache leak is as follows:\n[ 0.352414] ACPI: Added _OSI(Module Device)\n[ 0.353182] ACPI: Added _OSI(Processor Device)\n[ 0.353182] ACPI: Added _OSI(3.0 _SCP Extensions)\n[ 0.353182] ACPI: Added _OSI(Processor Aggregator Device)\n[ 0.356028] ACPI: Unable to start the ACPI Interpreter\n[ 0.356799] ACPI Error: Could not remove SCI handler (20170303/evmisc-281)\n[ 0.360215] kmem_cache_destroy Acpi-State: Slab cache still has objects\n[ 0.360648] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G W\n4.12.0-rc4-next-20170608+ #10\n[ 0.361273] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS\nvirtual_box 12/01/2006\n[ 0.361873] Call Trace:\n[ 0.362243] ? dump_stack+0x5c/0x81\n[ 0.362591] ? kmem_cache_destroy+0x1aa/0x1c0\n[ 0.362944] ? acpi_sleep_proc_init+0x27/0x27\n[ 0.363296] ? acpi_os_delete_cache+0xa/0x10\n[ 0.363646] ? acpi_ut_delete_caches+0x6d/0x7b\n[ 0.364000] ? acpi_terminate+0xa/0x14\n[ 0.364000] ? acpi_init+0x2af/0x34f\n[ 0.364000] ? __class_create+0x4c/0x80\n[ 0.364000] ? video_setup+0x7f/0x7f\n[ 0.364000] ? acpi_sleep_proc_init+0x27/0x27\n[ 0.364000] ? do_one_initcall+0x4e/0x1a0\n[ 0.364000] ? kernel_init_freeable+0x189/0x20a\n[ 0.364000] ? rest_init+0xc0/0xc0\n[ 0.364000] ? kernel_init+0xa/0x100\n[ 0.364000] ? ret_from_fork+0x25/0x30\n\nI analyzed this memory leak in detail. I found that \"Acpi-State\" cache and\n\"Acpi-Parse\" cache were merged because the size of cache objects was same\nslab cache size.\n\nI finally found \"Acpi-Parse\" cache and \"Acpi-parse_ext\" cache were leaked\nusing SLAB_NEVER_MERGE flag in kmem_cache_create() function.\n\nReal ACPI cache leak point is as follows:\n[ 0.360101] ACPI: Added _OSI(Module Device)\n[ 0.360101] ACPI: Added _OSI(Processor Device)\n[ 0.360101] ACPI: Added _OSI(3.0 _SCP Extensions)\n[ 0.361043] ACPI: Added _OSI(Processor Aggregator Device)\n[ 0.364016] ACPI: Unable to start the ACPI Interpreter\n[ 0.365061] ACPI Error: Could not remove SCI handler (20170303/evmisc-281)\n[ 0.368174] kmem_cache_destroy Acpi-Parse: Slab cache still has objects\n[ 0.369332] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G W\n4.12.0-rc4-next-20170608+ #8\n[ 0.371256] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS\nvirtual_box 12/01/2006\n[ 0.372000] Call Trace:\n[ 0.372000] ? dump_stack+0x5c/0x81\n[ 0.372000] ? kmem_cache_destroy+0x1aa/0x1c0\n[ 0.372000] ? acpi_sleep_proc_init+0x27/0x27\n[ 0.372000] ? acpi_os_delete_cache+0xa/0x10\n[ 0.372000] ? acpi_ut_delete_caches+0x56/0x7b\n[ 0.372000] ? acpi_terminate+0xa/0x14\n[ 0.372000] ? acpi_init+0x2af/0x34f\n[ 0.372000] ? __class_create+0x4c/0x80\n[ 0.372000] ? video_setup+0x7f/0x7f\n[ 0.372000] ? acpi_sleep_proc_init+0x27/0x27\n[ 0.372000] ? do_one_initcall+0x4e/0x1a0\n[ 0.372000] ? kernel_init_freeable+0x189/0x20a\n[ 0.372000] ? rest_init+0xc0/0xc0\n[ 0.372000] ? kernel_init+0xa/0x100\n[ 0.372000] ? ret_from_fork+0x25/0x30\n[ 0.388039] kmem_cache_destroy Acpi-parse_ext: Slab cache still has objects\n[ 0.389063] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G W\n4.12.0-rc4-next-20170608+ #8\n[ 0.390557] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS\nvirtual_box 12/01/2006\n[ 0.392000] Call Trace:\n[ 0.392000] ? dump_stack+0x5c/0x81\n[ 0.392000] ? kmem_cache_destroy+0x1aa/0x1c0\n[ 0.392000] ? acpi_sleep_proc_init+0x27/0x27\n[ 0.392000] ? acpi_os_delete_cache+0xa/0x10\n[ 0.392000] ? acpi_ut_delete_caches+0x6d/0x7b\n[ 0.392000] ? acpi_terminate+0xa/0x14\n[ 0.392000] ? acpi_init+0x2af/0x3\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38344",
"url": "https://www.suse.com/security/cve/CVE-2025-38344"
},
{
"category": "external",
"summary": "SUSE Bug 1246334 for CVE-2025-38344",
"url": "https://bugzilla.suse.com/1246334"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38344"
},
{
"cve": "CVE-2025-38345",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38345"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: fix acpi operand cache leak in dswstate.c\n\nACPICA commit 987a3b5cf7175916e2a4b6ea5b8e70f830dfe732\n\nI found an ACPI cache leak in ACPI early termination and boot continuing case.\n\nWhen early termination occurs due to malicious ACPI table, Linux kernel\nterminates ACPI function and continues to boot process. While kernel terminates\nACPI function, kmem_cache_destroy() reports Acpi-Operand cache leak.\n\nBoot log of ACPI operand cache leak is as follows:\n\u003e[ 0.585957] ACPI: Added _OSI(Module Device)\n\u003e[ 0.587218] ACPI: Added _OSI(Processor Device)\n\u003e[ 0.588530] ACPI: Added _OSI(3.0 _SCP Extensions)\n\u003e[ 0.589790] ACPI: Added _OSI(Processor Aggregator Device)\n\u003e[ 0.591534] ACPI Error: Illegal I/O port address/length above 64K: C806E00000004002/0x2 (20170303/hwvalid-155)\n\u003e[ 0.594351] ACPI Exception: AE_LIMIT, Unable to initialize fixed events (20170303/evevent-88)\n\u003e[ 0.597858] ACPI: Unable to start the ACPI Interpreter\n\u003e[ 0.599162] ACPI Error: Could not remove SCI handler (20170303/evmisc-281)\n\u003e[ 0.601836] kmem_cache_destroy Acpi-Operand: Slab cache still has objects\n\u003e[ 0.603556] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.12.0-rc5 #26\n\u003e[ 0.605159] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS virtual_box 12/01/2006\n\u003e[ 0.609177] Call Trace:\n\u003e[ 0.610063] ? dump_stack+0x5c/0x81\n\u003e[ 0.611118] ? kmem_cache_destroy+0x1aa/0x1c0\n\u003e[ 0.612632] ? acpi_sleep_proc_init+0x27/0x27\n\u003e[ 0.613906] ? acpi_os_delete_cache+0xa/0x10\n\u003e[ 0.617986] ? acpi_ut_delete_caches+0x3f/0x7b\n\u003e[ 0.619293] ? acpi_terminate+0xa/0x14\n\u003e[ 0.620394] ? acpi_init+0x2af/0x34f\n\u003e[ 0.621616] ? __class_create+0x4c/0x80\n\u003e[ 0.623412] ? video_setup+0x7f/0x7f\n\u003e[ 0.624585] ? acpi_sleep_proc_init+0x27/0x27\n\u003e[ 0.625861] ? do_one_initcall+0x4e/0x1a0\n\u003e[ 0.627513] ? kernel_init_freeable+0x19e/0x21f\n\u003e[ 0.628972] ? rest_init+0x80/0x80\n\u003e[ 0.630043] ? kernel_init+0xa/0x100\n\u003e[ 0.631084] ? ret_from_fork+0x25/0x30\n\u003e[ 0.633343] vgaarb: loaded\n\u003e[ 0.635036] EDAC MC: Ver: 3.0.0\n\u003e[ 0.638601] PCI: Probing PCI hardware\n\u003e[ 0.639833] PCI host bridge to bus 0000:00\n\u003e[ 0.641031] pci_bus 0000:00: root bus resource [io 0x0000-0xffff]\n\u003e ... Continue to boot and log is omitted ...\n\nI analyzed this memory leak in detail and found acpi_ds_obj_stack_pop_and_\ndelete() function miscalculated the top of the stack. acpi_ds_obj_stack_push()\nfunction uses walk_state-\u003eoperand_index for start position of the top, but\nacpi_ds_obj_stack_pop_and_delete() function considers index 0 for it.\nTherefore, this causes acpi operand memory leak.\n\nThis cache leak causes a security threat because an old kernel (\u003c= 4.9) shows\nmemory locations of kernel functions in stack dump. Some malicious users\ncould use this information to neutralize kernel ASLR.\n\nI made a patch to fix ACPI operand cache leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38345",
"url": "https://www.suse.com/security/cve/CVE-2025-38345"
},
{
"category": "external",
"summary": "SUSE Bug 1246337 for CVE-2025-38345",
"url": "https://bugzilla.suse.com/1246337"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38345"
},
{
"cve": "CVE-2025-38348",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38348"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback()\n\nRobert Morris reported:\n\n|If a malicious USB device pretends to be an Intersil p54 wifi\n|interface and generates an eeprom_readback message with a large\n|eeprom-\u003ev1.len, p54_rx_eeprom_readback() will copy data from the\n|message beyond the end of priv-\u003eeeprom.\n|\n|static void p54_rx_eeprom_readback(struct p54_common *priv,\n| struct sk_buff *skb)\n|{\n| struct p54_hdr *hdr = (struct p54_hdr *) skb-\u003edata;\n| struct p54_eeprom_lm86 *eeprom = (struct p54_eeprom_lm86 *) hdr-\u003edata;\n|\n| if (priv-\u003efw_var \u003e= 0x509) {\n| memcpy(priv-\u003eeeprom, eeprom-\u003ev2.data,\n| le16_to_cpu(eeprom-\u003ev2.len));\n| } else {\n| memcpy(priv-\u003eeeprom, eeprom-\u003ev1.data,\n| le16_to_cpu(eeprom-\u003ev1.len));\n| }\n| [...]\n\nThe eeprom-\u003ev{1,2}.len is set by the driver in p54_download_eeprom().\nThe device is supposed to provide the same length back to the driver.\nBut yes, it\u0027s possible (like shown in the report) to alter the value\nto something that causes a crash/panic due to overrun.\n\nThis patch addresses the issue by adding the size to the common device\ncontext, so p54_rx_eeprom_readback no longer relies on possibly tampered\nvalues... That said, it also checks if the \"firmware\" altered the value\nand no longer copies them.\n\nThe one, small saving grace is: Before the driver tries to read the eeprom,\nit needs to upload \u003ea\u003c firmware. the vendor firmware has a proprietary\nlicense and as a reason, it is not present on most distributions by\ndefault.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38348",
"url": "https://www.suse.com/security/cve/CVE-2025-38348"
},
{
"category": "external",
"summary": "SUSE Bug 1246262 for CVE-2025-38348",
"url": "https://bugzilla.suse.com/1246262"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38348"
},
{
"cve": "CVE-2025-38349",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38349"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\neventpoll: don\u0027t decrement ep refcount while still holding the ep mutex\n\nJann Horn points out that epoll is decrementing the ep refcount and then\ndoing a\n\n mutex_unlock(\u0026ep-\u003emtx);\n\nafterwards. That\u0027s very wrong, because it can lead to a use-after-free.\n\nThat pattern is actually fine for the very last reference, because the\ncode in question will delay the actual call to \"ep_free(ep)\" until after\nit has unlocked the mutex.\n\nBut it\u0027s wrong for the much subtler \"next to last\" case when somebody\n*else* may also be dropping their reference and free the ep while we\u0027re\nstill using the mutex.\n\nNote that this is true even if that other user is also using the same ep\nmutex: mutexes, unlike spinlocks, can not be used for object ownership,\neven if they guarantee mutual exclusion.\n\nA mutex \"unlock\" operation is not atomic, and as one user is still\naccessing the mutex as part of unlocking it, another user can come in\nand get the now released mutex and free the data structure while the\nfirst user is still cleaning up.\n\nSee our mutex documentation in Documentation/locking/mutex-design.rst,\nin particular the section [1] about semantics:\n\n\t\"mutex_unlock() may access the mutex structure even after it has\n\t internally released the lock already - so it\u0027s not safe for\n\t another context to acquire the mutex and assume that the\n\t mutex_unlock() context is not using the structure anymore\"\n\nSo if we drop our ep ref before the mutex unlock, but we weren\u0027t the\nlast one, we may then unlock the mutex, another user comes in, drops\n_their_ reference and releases the \u0027ep\u0027 as it now has no users - all\nwhile the mutex_unlock() is still accessing it.\n\nFix this by simply moving the ep refcount dropping to outside the mutex:\nthe refcount itself is atomic, and doesn\u0027t need mutex protection (that\u0027s\nthe whole _point_ of refcounts: unlike mutexes, they are inherently\nabout object lifetimes).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38349",
"url": "https://www.suse.com/security/cve/CVE-2025-38349"
},
{
"category": "external",
"summary": "SUSE Bug 1246777 for CVE-2025-38349",
"url": "https://bugzilla.suse.com/1246777"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38349"
},
{
"cve": "CVE-2025-38350",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38350"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Always pass notifications when child class becomes empty\n\nCertain classful qdiscs may invoke their classes\u0027 dequeue handler on an\nenqueue operation. This may unexpectedly empty the child qdisc and thus\nmake an in-flight class passive via qlen_notify(). Most qdiscs do not\nexpect such behaviour at this point in time and may re-activate the\nclass eventually anyways which will lead to a use-after-free.\n\nThe referenced fix commit attempted to fix this behavior for the HFSC\ncase by moving the backlog accounting around, though this turned out to\nbe incomplete since the parent\u0027s parent may run into the issue too.\nThe following reproducer demonstrates this use-after-free:\n\n tc qdisc add dev lo root handle 1: drr\n tc filter add dev lo parent 1: basic classid 1:1\n tc class add dev lo parent 1: classid 1:1 drr\n tc qdisc add dev lo parent 1:1 handle 2: hfsc def 1\n tc class add dev lo parent 2: classid 2:1 hfsc rt m1 8 d 1 m2 0\n tc qdisc add dev lo parent 2:1 handle 3: netem\n tc qdisc add dev lo parent 3:1 handle 4: blackhole\n\n echo 1 | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888\n tc class delete dev lo classid 1:1\n echo 1 | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888\n\nSince backlog accounting issues leading to a use-after-frees on stale\nclass pointers is a recurring pattern at this point, this patch takes\na different approach. Instead of trying to fix the accounting, the patch\nensures that qdisc_tree_reduce_backlog always calls qlen_notify when\nthe child qdisc is empty. This solves the problem because deletion of\nqdiscs always involves a call to qdisc_reset() and / or\nqdisc_purge_queue() which ultimately resets its qlen to 0 thus causing\nthe following qdisc_tree_reduce_backlog() to report to the parent. Note\nthat this may call qlen_notify on passive classes multiple times. This\nis not a problem after the recent patch series that made all the\nclassful qdiscs qlen_notify() handlers idempotent.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38350",
"url": "https://www.suse.com/security/cve/CVE-2025-38350"
},
{
"category": "external",
"summary": "SUSE Bug 1246781 for CVE-2025-38350",
"url": "https://bugzilla.suse.com/1246781"
},
{
"category": "external",
"summary": "SUSE Bug 1247043 for CVE-2025-38350",
"url": "https://bugzilla.suse.com/1247043"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38350"
},
{
"cve": "CVE-2025-38351",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38351"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush\n\nIn KVM guests with Hyper-V hypercalls enabled, the hypercalls\nHVCALL_FLUSH_VIRTUAL_ADDRESS_LIST and HVCALL_FLUSH_VIRTUAL_ADDRESS_LIST_EX\nallow a guest to request invalidation of portions of a virtual TLB.\nFor this, the hypercall parameter includes a list of GVAs that are supposed\nto be invalidated.\n\nHowever, when non-canonical GVAs are passed, there is currently no\nfiltering in place and they are eventually passed to checked invocations of\nINVVPID on Intel / INVLPGA on AMD. While AMD\u0027s INVLPGA silently ignores\nnon-canonical addresses (effectively a no-op), Intel\u0027s INVVPID explicitly\nsignals VM-Fail and ultimately triggers the WARN_ONCE in invvpid_error():\n\n invvpid failed: ext=0x0 vpid=1 gva=0xaaaaaaaaaaaaa000\n WARNING: CPU: 6 PID: 326 at arch/x86/kvm/vmx/vmx.c:482\n invvpid_error+0x91/0xa0 [kvm_intel]\n Modules linked in: kvm_intel kvm 9pnet_virtio irqbypass fuse\n CPU: 6 UID: 0 PID: 326 Comm: kvm-vm Not tainted 6.15.0 #14 PREEMPT(voluntary)\n RIP: 0010:invvpid_error+0x91/0xa0 [kvm_intel]\n Call Trace:\n vmx_flush_tlb_gva+0x320/0x490 [kvm_intel]\n kvm_hv_vcpu_flush_tlb+0x24f/0x4f0 [kvm]\n kvm_arch_vcpu_ioctl_run+0x3013/0x5810 [kvm]\n\nHyper-V documents that invalid GVAs (those that are beyond a partition\u0027s\nGVA space) are to be ignored. While not completely clear whether this\nruling also applies to non-canonical GVAs, it is likely fine to make that\nassumption, and manual testing on Azure confirms \"real\" Hyper-V interprets\nthe specification in the same way.\n\nSkip non-canonical GVAs when processing the list of address to avoid\ntripping the INVVPID failure. Alternatively, KVM could filter out \"bad\"\nGVAs before inserting into the FIFO, but practically speaking the only\ndownside of pushing validation to the final processing is that doing so\nis suboptimal for the guest, and no well-behaved guest will request TLB\nflushes for non-canonical addresses.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38351",
"url": "https://www.suse.com/security/cve/CVE-2025-38351"
},
{
"category": "external",
"summary": "SUSE Bug 1246782 for CVE-2025-38351",
"url": "https://bugzilla.suse.com/1246782"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38351"
},
{
"cve": "CVE-2025-38352",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38352"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nposix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()\n\nIf an exiting non-autoreaping task has already passed exit_notify() and\ncalls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent\nor debugger right after unlock_task_sighand().\n\nIf a concurrent posix_cpu_timer_del() runs at that moment, it won\u0027t be\nable to detect timer-\u003eit.cpu.firing != 0: cpu_timer_task_rcu() and/or\nlock_task_sighand() will fail.\n\nAdd the tsk-\u003eexit_state check into run_posix_cpu_timers() to fix this.\n\nThis fix is not needed if CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y, because\nexit_task_work() is called before exit_notify(). But the check still\nmakes sense, task_work_add(\u0026tsk-\u003eposix_cputimers_work.work) will fail\nanyway in this case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38352",
"url": "https://www.suse.com/security/cve/CVE-2025-38352"
},
{
"category": "external",
"summary": "SUSE Bug 1246911 for CVE-2025-38352",
"url": "https://bugzilla.suse.com/1246911"
},
{
"category": "external",
"summary": "SUSE Bug 1249205 for CVE-2025-38352",
"url": "https://bugzilla.suse.com/1249205"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38352"
},
{
"cve": "CVE-2025-38353",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38353"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix taking invalid lock on wedge\n\nIf device wedges on e.g. GuC upload, the submission is not yet enabled\nand the state is not even initialized. Protect the wedge call so it does\nnothing in this case. It fixes the following splat:\n\n\t[] xe 0000:bf:00.0: [drm] device wedged, needs recovery\n\t[] ------------[ cut here ]------------\n\t[] DEBUG_LOCKS_WARN_ON(lock-\u003emagic != lock)\n\t[] WARNING: CPU: 48 PID: 312 at kernel/locking/mutex.c:564 __mutex_lock+0x8a1/0xe60\n\t...\n\t[] RIP: 0010:__mutex_lock+0x8a1/0xe60\n\t[] mutex_lock_nested+0x1b/0x30\n\t[] xe_guc_submit_wedge+0x80/0x2b0 [xe]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38353",
"url": "https://www.suse.com/security/cve/CVE-2025-38353"
},
{
"category": "external",
"summary": "SUSE Bug 1247265 for CVE-2025-38353",
"url": "https://bugzilla.suse.com/1247265"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38353"
},
{
"cve": "CVE-2025-38354",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38354"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/gpu: Fix crash when throttling GPU immediately during boot\n\nThere is a small chance that the GPU is already hot during boot. In that\ncase, the call to of_devfreq_cooling_register() will immediately try to\napply devfreq cooling, as seen in the following crash:\n\n Unable to handle kernel paging request at virtual address 0000000000014110\n pc : a6xx_gpu_busy+0x1c/0x58 [msm]\n lr : msm_devfreq_get_dev_status+0xbc/0x140 [msm]\n Call trace:\n a6xx_gpu_busy+0x1c/0x58 [msm] (P)\n devfreq_simple_ondemand_func+0x3c/0x150\n devfreq_update_target+0x44/0xd8\n qos_max_notifier_call+0x30/0x84\n blocking_notifier_call_chain+0x6c/0xa0\n pm_qos_update_target+0xd0/0x110\n freq_qos_apply+0x3c/0x74\n apply_constraint+0x88/0x148\n __dev_pm_qos_update_request+0x7c/0xcc\n dev_pm_qos_update_request+0x38/0x5c\n devfreq_cooling_set_cur_state+0x98/0xf0\n __thermal_cdev_update+0x64/0xb4\n thermal_cdev_update+0x4c/0x58\n step_wise_manage+0x1f0/0x318\n __thermal_zone_device_update+0x278/0x424\n __thermal_cooling_device_register+0x2bc/0x308\n thermal_of_cooling_device_register+0x10/0x1c\n of_devfreq_cooling_register_power+0x240/0x2bc\n of_devfreq_cooling_register+0x14/0x20\n msm_devfreq_init+0xc4/0x1a0 [msm]\n msm_gpu_init+0x304/0x574 [msm]\n adreno_gpu_init+0x1c4/0x2e0 [msm]\n a6xx_gpu_init+0x5c8/0x9c8 [msm]\n adreno_bind+0x2a8/0x33c [msm]\n ...\n\nAt this point we haven\u0027t initialized the GMU at all yet, so we cannot read\nthe GMU registers inside a6xx_gpu_busy(). A similar issue was fixed before\nin commit 6694482a70e9 (\"drm/msm: Avoid unclocked GMU register access in\n6xx gpu_busy\"): msm_devfreq_init() does call devfreq_suspend_device(), but\nunlike msm_devfreq_suspend(), it doesn\u0027t set the df-\u003esuspended flag\naccordingly. This means the df-\u003esuspended flag does not match the actual\ndevfreq state after initialization and msm_devfreq_get_dev_status() will\nend up accessing GMU registers, causing the crash.\n\nFix this by setting df-\u003esuspended correctly during initialization.\n\nPatchwork: https://patchwork.freedesktop.org/patch/650772/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38354",
"url": "https://www.suse.com/security/cve/CVE-2025-38354"
},
{
"category": "external",
"summary": "SUSE Bug 1247061 for CVE-2025-38354",
"url": "https://bugzilla.suse.com/1247061"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38354"
},
{
"cve": "CVE-2025-38355",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38355"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Process deferred GGTT node removals on device unwind\n\nWhile we are indirectly draining our dedicated workqueue ggtt-\u003ewq\nthat we use to complete asynchronous removal of some GGTT nodes,\nthis happends as part of the managed-drm unwinding (ggtt_fini_early),\nwhich could be later then manage-device unwinding, where we could\nalready unmap our MMIO/GMS mapping (mmio_fini).\n\nThis was recently observed during unsuccessful VF initialization:\n\n [ ] xe 0000:00:02.1: probe with driver xe failed with error -62\n [ ] xe 0000:00:02.1: DEVRES REL ffff88811e747340 __xe_bo_unpin_map_no_vm (16 bytes)\n [ ] xe 0000:00:02.1: DEVRES REL ffff88811e747540 __xe_bo_unpin_map_no_vm (16 bytes)\n [ ] xe 0000:00:02.1: DEVRES REL ffff88811e747240 __xe_bo_unpin_map_no_vm (16 bytes)\n [ ] xe 0000:00:02.1: DEVRES REL ffff88811e747040 tiles_fini (16 bytes)\n [ ] xe 0000:00:02.1: DEVRES REL ffff88811e746840 mmio_fini (16 bytes)\n [ ] xe 0000:00:02.1: DEVRES REL ffff88811e747f40 xe_bo_pinned_fini (16 bytes)\n [ ] xe 0000:00:02.1: DEVRES REL ffff88811e746b40 devm_drm_dev_init_release (16 bytes)\n [ ] xe 0000:00:02.1: [drm:drm_managed_release] drmres release begin\n [ ] xe 0000:00:02.1: [drm:drm_managed_release] REL ffff88810ef81640 __fini_relay (8 bytes)\n [ ] xe 0000:00:02.1: [drm:drm_managed_release] REL ffff88810ef80d40 guc_ct_fini (8 bytes)\n [ ] xe 0000:00:02.1: [drm:drm_managed_release] REL ffff88810ef80040 __drmm_mutex_release (8 bytes)\n [ ] xe 0000:00:02.1: [drm:drm_managed_release] REL ffff88810ef80140 ggtt_fini_early (8 bytes)\n\nand this was leading to:\n\n [ ] BUG: unable to handle page fault for address: ffffc900058162a0\n [ ] #PF: supervisor write access in kernel mode\n [ ] #PF: error_code(0x0002) - not-present page\n [ ] Oops: Oops: 0002 [#1] SMP NOPTI\n [ ] Tainted: [W]=WARN\n [ ] Workqueue: xe-ggtt-wq ggtt_node_remove_work_func [xe]\n [ ] RIP: 0010:xe_ggtt_set_pte+0x6d/0x350 [xe]\n [ ] Call Trace:\n [ ] \u003cTASK\u003e\n [ ] xe_ggtt_clear+0xb0/0x270 [xe]\n [ ] ggtt_node_remove+0xbb/0x120 [xe]\n [ ] ggtt_node_remove_work_func+0x30/0x50 [xe]\n [ ] process_one_work+0x22b/0x6f0\n [ ] worker_thread+0x1e8/0x3d\n\nAdd managed-device action that will explicitly drain the workqueue\nwith all pending node removals prior to releasing MMIO/GSM mapping.\n\n(cherry picked from commit 89d2835c3680ab1938e22ad81b1c9f8c686bd391)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38355",
"url": "https://www.suse.com/security/cve/CVE-2025-38355"
},
{
"category": "external",
"summary": "SUSE Bug 1247062 for CVE-2025-38355",
"url": "https://bugzilla.suse.com/1247062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38355"
},
{
"cve": "CVE-2025-38356",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38356"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/guc: Explicitly exit CT safe mode on unwind\n\nDuring driver probe we might be briefly using CT safe mode, which\nis based on a delayed work, but usually we are able to stop this\nonce we have IRQ fully operational. However, if we abort the probe\nquite early then during unwind we might try to destroy the workqueue\nwhile there is still a pending delayed work that attempts to restart\nitself which triggers a WARN.\n\nThis was recently observed during unsuccessful VF initialization:\n\n [ ] xe 0000:00:02.1: probe with driver xe failed with error -62\n [ ] ------------[ cut here ]------------\n [ ] workqueue: cannot queue safe_mode_worker_func [xe] on wq xe-g2h-wq\n [ ] WARNING: CPU: 9 PID: 0 at kernel/workqueue.c:2257 __queue_work+0x287/0x710\n [ ] RIP: 0010:__queue_work+0x287/0x710\n [ ] Call Trace:\n [ ] delayed_work_timer_fn+0x19/0x30\n [ ] call_timer_fn+0xa1/0x2a0\n\nExit the CT safe mode on unwind to avoid that warning.\n\n(cherry picked from commit 2ddbb73ec20b98e70a5200cb85deade22ccea2ec)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38356",
"url": "https://www.suse.com/security/cve/CVE-2025-38356"
},
{
"category": "external",
"summary": "SUSE Bug 1247064 for CVE-2025-38356",
"url": "https://bugzilla.suse.com/1247064"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38356"
},
{
"cve": "CVE-2025-38359",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38359"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/mm: Fix in_atomic() handling in do_secure_storage_access()\n\nKernel user spaces accesses to not exported pages in atomic context\nincorrectly try to resolve the page fault.\nWith debug options enabled call traces like this can be seen:\n\nBUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1523\nin_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 419074, name: qemu-system-s39\npreempt_count: 1, expected: 0\nRCU nest depth: 0, expected: 0\nINFO: lockdep is turned off.\nPreemption disabled at:\n[\u003c00000383ea47cfa2\u003e] copy_page_from_iter_atomic+0xa2/0x8a0\nCPU: 12 UID: 0 PID: 419074 Comm: qemu-system-s39\nTainted: G W 6.16.0-20250531.rc0.git0.69b3a602feac.63.fc42.s390x+debug #1 PREEMPT\nTainted: [W]=WARN\nHardware name: IBM 3931 A01 703 (LPAR)\nCall Trace:\n [\u003c00000383e990d282\u003e] dump_stack_lvl+0xa2/0xe8\n [\u003c00000383e99bf152\u003e] __might_resched+0x292/0x2d0\n [\u003c00000383eaa7c374\u003e] down_read+0x34/0x2d0\n [\u003c00000383e99432f8\u003e] do_secure_storage_access+0x108/0x360\n [\u003c00000383eaa724b0\u003e] __do_pgm_check+0x130/0x220\n [\u003c00000383eaa842e4\u003e] pgm_check_handler+0x114/0x160\n [\u003c00000383ea47d028\u003e] copy_page_from_iter_atomic+0x128/0x8a0\n([\u003c00000383ea47d016\u003e] copy_page_from_iter_atomic+0x116/0x8a0)\n [\u003c00000383e9c45eae\u003e] generic_perform_write+0x16e/0x310\n [\u003c00000383e9eb87f4\u003e] ext4_buffered_write_iter+0x84/0x160\n [\u003c00000383e9da0de4\u003e] vfs_write+0x1c4/0x460\n [\u003c00000383e9da123c\u003e] ksys_write+0x7c/0x100\n [\u003c00000383eaa7284e\u003e] __do_syscall+0x15e/0x280\n [\u003c00000383eaa8417e\u003e] system_call+0x6e/0x90\nINFO: lockdep is turned off.\n\nIt is not allowed to take the mmap_lock while in atomic context. Therefore\nhandle such a secure storage access fault as if the accessed page is not\nmapped: the uaccess function will return -EFAULT, and the caller has to\ndeal with this. Usually this means that the access is retried in process\ncontext, which allows to resolve the page fault (or in this case export the\npage).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38359",
"url": "https://www.suse.com/security/cve/CVE-2025-38359"
},
{
"category": "external",
"summary": "SUSE Bug 1247076 for CVE-2025-38359",
"url": "https://bugzilla.suse.com/1247076"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38359"
},
{
"cve": "CVE-2025-38360",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38360"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add more checks for DSC / HUBP ONO guarantees\n\n[WHY]\nFor non-zero DSC instances it\u0027s possible that the HUBP domain required\nto drive it for sequential ONO ASICs isn\u0027t met, potentially causing\nthe logic to the tile to enter an undefined state leading to a system\nhang.\n\n[HOW]\nAdd more checks to ensure that the HUBP domain matching the DSC instance\nis appropriately powered.\n\n(cherry picked from commit da63df07112e5a9857a8d2aaa04255c4206754ec)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38360",
"url": "https://www.suse.com/security/cve/CVE-2025-38360"
},
{
"category": "external",
"summary": "SUSE Bug 1247078 for CVE-2025-38360",
"url": "https://bugzilla.suse.com/1247078"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38360"
},
{
"cve": "CVE-2025-38361",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38361"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check dce_hwseq before dereferencing it\n\n[WHAT]\n\nhws was checked for null earlier in dce110_blank_stream, indicating hws\ncan be null, and should be checked whenever it is used.\n\n(cherry picked from commit 79db43611ff61280b6de58ce1305e0b2ecf675ad)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38361",
"url": "https://www.suse.com/security/cve/CVE-2025-38361"
},
{
"category": "external",
"summary": "SUSE Bug 1247079 for CVE-2025-38361",
"url": "https://bugzilla.suse.com/1247079"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38361"
},
{
"cve": "CVE-2025-38362",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38362"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null pointer check for get_first_active_display()\n\nThe function mod_hdcp_hdcp1_enable_encryption() calls the function\nget_first_active_display(), but does not check its return value.\nThe return value is a null pointer if the display list is empty.\nThis will lead to a null pointer dereference in\nmod_hdcp_hdcp2_enable_encryption().\n\nAdd a null pointer check for get_first_active_display() and return\nMOD_HDCP_STATUS_DISPLAY_NOT_FOUND if the function return null.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38362",
"url": "https://www.suse.com/security/cve/CVE-2025-38362"
},
{
"category": "external",
"summary": "SUSE Bug 1247089 for CVE-2025-38362",
"url": "https://bugzilla.suse.com/1247089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38362"
},
{
"cve": "CVE-2025-38363",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38363"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/tegra: Fix a possible null pointer dereference\n\nIn tegra_crtc_reset(), new memory is allocated with kzalloc(), but\nno check is performed. Before calling __drm_atomic_helper_crtc_reset,\nstate should be checked to prevent possible null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38363",
"url": "https://www.suse.com/security/cve/CVE-2025-38363"
},
{
"category": "external",
"summary": "SUSE Bug 1247018 for CVE-2025-38363",
"url": "https://bugzilla.suse.com/1247018"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38363"
},
{
"cve": "CVE-2025-38364",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38364"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmaple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate()\n\nTemporarily clear the preallocation flag when explicitly requesting\nallocations. Pre-existing allocations are already counted against the\nrequest through mas_node_count_gfp(), but the allocations will not happen\nif the MA_STATE_PREALLOC flag is set. This flag is meant to avoid\nre-allocating in bulk allocation mode, and to detect issues with\npreallocation calculations.\n\nThe MA_STATE_PREALLOC flag should also always be set on zero allocations\nso that detection of underflow allocations will print a WARN_ON() during\nconsumption.\n\nUser visible effect of this flaw is a WARN_ON() followed by a null pointer\ndereference when subsequent requests for larger number of nodes is\nignored, such as the vma merge retry in mmap_region() caused by drivers\naltering the vma flags (which happens in v6.6, at least)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38364",
"url": "https://www.suse.com/security/cve/CVE-2025-38364"
},
{
"category": "external",
"summary": "SUSE Bug 1247091 for CVE-2025-38364",
"url": "https://bugzilla.suse.com/1247091"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38364"
},
{
"cve": "CVE-2025-38365",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38365"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix a race between renames and directory logging\n\nWe have a race between a rename and directory inode logging that if it\nhappens and we crash/power fail before the rename completes, the next time\nthe filesystem is mounted, the log replay code will end up deleting the\nfile that was being renamed.\n\nThis is best explained following a step by step analysis of an interleaving\nof steps that lead into this situation.\n\nConsider the initial conditions:\n\n1) We are at transaction N;\n\n2) We have directories A and B created in a past transaction (\u003c N);\n\n3) We have inode X corresponding to a file that has 2 hardlinks, one in\n directory A and the other in directory B, so we\u0027ll name them as\n \"A/foo_link1\" and \"B/foo_link2\". Both hard links were persisted in a\n past transaction (\u003c N);\n\n4) We have inode Y corresponding to a file that as a single hard link and\n is located in directory A, we\u0027ll name it as \"A/bar\". This file was also\n persisted in a past transaction (\u003c N).\n\nThe steps leading to a file loss are the following and for all of them we\nare under transaction N:\n\n 1) Link \"A/foo_link1\" is removed, so inode\u0027s X last_unlink_trans field\n is updated to N, through btrfs_unlink() -\u003e btrfs_record_unlink_dir();\n\n 2) Task A starts a rename for inode Y, with the goal of renaming from\n \"A/bar\" to \"A/baz\", so we enter btrfs_rename();\n\n 3) Task A inserts the new BTRFS_INODE_REF_KEY for inode Y by calling\n btrfs_insert_inode_ref();\n\n 4) Because the rename happens in the same directory, we don\u0027t set the\n last_unlink_trans field of directoty A\u0027s inode to the current\n transaction id, that is, we don\u0027t cal btrfs_record_unlink_dir();\n\n 5) Task A then removes the entries from directory A (BTRFS_DIR_ITEM_KEY\n and BTRFS_DIR_INDEX_KEY items) when calling __btrfs_unlink_inode()\n (actually the dir index item is added as a delayed item, but the\n effect is the same);\n\n 6) Now before task A adds the new entry \"A/baz\" to directory A by\n calling btrfs_add_link(), another task, task B is logging inode X;\n\n 7) Task B starts a fsync of inode X and after logging inode X, at\n btrfs_log_inode_parent() it calls btrfs_log_all_parents(), since\n inode X has a last_unlink_trans value of N, set at in step 1;\n\n 8) At btrfs_log_all_parents() we search for all parent directories of\n inode X using the commit root, so we find directories A and B and log\n them. Bu when logging direct A, we don\u0027t have a dir index item for\n inode Y anymore, neither the old name \"A/bar\" nor for the new name\n \"A/baz\" since the rename has deleted the old name but has not yet\n inserted the new name - task A hasn\u0027t called yet btrfs_add_link() to\n do that.\n\n Note that logging directory A doesn\u0027t fallback to a transaction\n commit because its last_unlink_trans has a lower value than the\n current transaction\u0027s id (see step 4);\n\n 9) Task B finishes logging directories A and B and gets back to\n btrfs_sync_file() where it calls btrfs_sync_log() to persist the log\n tree;\n\n10) Task B successfully persisted the log tree, btrfs_sync_log() completed\n with success, and a power failure happened.\n\n We have a log tree without any directory entry for inode Y, so the\n log replay code deletes the entry for inode Y, name \"A/bar\", from the\n subvolume tree since it doesn\u0027t exist in the log tree and the log\n tree is authorative for its index (we logged a BTRFS_DIR_LOG_INDEX_KEY\n item that covers the index range for the dentry that corresponds to\n \"A/bar\").\n\n Since there\u0027s no other hard link for inode Y and the log replay code\n deletes the name \"A/bar\", the file is lost.\n\nThe issue wouldn\u0027t happen if task B synced the log only after task A\ncalled btrfs_log_new_name(), which would update the log with the new name\nfor inode Y (\"A/bar\").\n\nFix this by pinning the log root during renames before removing the old\ndirectory entry, and unpinning af\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38365",
"url": "https://www.suse.com/security/cve/CVE-2025-38365"
},
{
"category": "external",
"summary": "SUSE Bug 1247023 for CVE-2025-38365",
"url": "https://bugzilla.suse.com/1247023"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38365"
},
{
"cve": "CVE-2025-38368",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38368"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: tps6594-pfsm: Add NULL pointer check in tps6594_pfsm_probe()\n\nThe returned value, pfsm-\u003emiscdev.name, from devm_kasprintf()\ncould be NULL.\nA pointer check is added to prevent potential NULL pointer dereference.\nThis is similar to the fix in commit 3027e7b15b02\n(\"ice: Fix some null pointer dereference issues in ice_ptp.c\").\n\nThis issue is found by our static analysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38368",
"url": "https://www.suse.com/security/cve/CVE-2025-38368"
},
{
"category": "external",
"summary": "SUSE Bug 1247022 for CVE-2025-38368",
"url": "https://bugzilla.suse.com/1247022"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38368"
},
{
"cve": "CVE-2025-38369",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38369"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using\n\nRunning IDXD workloads in a container with the /dev directory mounted can\ntrigger a call trace or even a kernel panic when the parent process of the\ncontainer is terminated.\n\nThis issue occurs because, under certain configurations, Docker does not\nproperly propagate the mount replica back to the original mount point.\n\nIn this case, when the user driver detaches, the WQ is destroyed but it\nstill calls destroy_workqueue() attempting to completes all pending work.\nIt\u0027s necessary to check wq-\u003ewq and skip the drain if it no longer exists.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38369",
"url": "https://www.suse.com/security/cve/CVE-2025-38369"
},
{
"category": "external",
"summary": "SUSE Bug 1247209 for CVE-2025-38369",
"url": "https://bugzilla.suse.com/1247209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38369"
},
{
"cve": "CVE-2025-38371",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38371"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Disable interrupts before resetting the GPU\n\nCurrently, an interrupt can be triggered during a GPU reset, which can\nlead to GPU hangs and NULL pointer dereference in an interrupt context\nas shown in the following trace:\n\n [ 314.035040] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000c0\n [ 314.043822] Mem abort info:\n [ 314.046606] ESR = 0x0000000096000005\n [ 314.050347] EC = 0x25: DABT (current EL), IL = 32 bits\n [ 314.055651] SET = 0, FnV = 0\n [ 314.058695] EA = 0, S1PTW = 0\n [ 314.061826] FSC = 0x05: level 1 translation fault\n [ 314.066694] Data abort info:\n [ 314.069564] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n [ 314.075039] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n [ 314.080080] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n [ 314.085382] user pgtable: 4k pages, 39-bit VAs, pgdp=0000000102728000\n [ 314.091814] [00000000000000c0] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n [ 314.100511] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n [ 314.106770] Modules linked in: v3d i2c_brcmstb vc4 snd_soc_hdmi_codec gpu_sched drm_shmem_helper drm_display_helper cec drm_dma_helper drm_kms_helper drm drm_panel_orientation_quirks snd_soc_core snd_compress snd_pcm_dmaengine snd_pcm snd_timer snd backlight\n [ 314.129654] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.25+rpt-rpi-v8 #1 Debian 1:6.12.25-1+rpt1\n [ 314.139388] Hardware name: Raspberry Pi 4 Model B Rev 1.4 (DT)\n [ 314.145211] pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n [ 314.152165] pc : v3d_irq+0xec/0x2e0 [v3d]\n [ 314.156187] lr : v3d_irq+0xe0/0x2e0 [v3d]\n [ 314.160198] sp : ffffffc080003ea0\n [ 314.163502] x29: ffffffc080003ea0 x28: ffffffec1f184980 x27: 021202b000000000\n [ 314.170633] x26: ffffffec1f17f630 x25: ffffff8101372000 x24: ffffffec1f17d9f0\n [ 314.177764] x23: 000000000000002a x22: 000000000000002a x21: ffffff8103252000\n [ 314.184895] x20: 0000000000000001 x19: 00000000deadbeef x18: 0000000000000000\n [ 314.192026] x17: ffffff94e51d2000 x16: ffffffec1dac3cb0 x15: c306000000000000\n [ 314.199156] x14: 0000000000000000 x13: b2fc982e03cc5168 x12: 0000000000000001\n [ 314.206286] x11: ffffff8103f8bcc0 x10: ffffffec1f196868 x9 : ffffffec1dac3874\n [ 314.213416] x8 : 0000000000000000 x7 : 0000000000042a3a x6 : ffffff810017a180\n [ 314.220547] x5 : ffffffec1ebad400 x4 : ffffffec1ebad320 x3 : 00000000000bebeb\n [ 314.227677] x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000\n [ 314.234807] Call trace:\n [ 314.237243] v3d_irq+0xec/0x2e0 [v3d]\n [ 314.240906] __handle_irq_event_percpu+0x58/0x218\n [ 314.245609] handle_irq_event+0x54/0xb8\n [ 314.249439] handle_fasteoi_irq+0xac/0x240\n [ 314.253527] handle_irq_desc+0x48/0x68\n [ 314.257269] generic_handle_domain_irq+0x24/0x38\n [ 314.261879] gic_handle_irq+0x48/0xd8\n [ 314.265533] call_on_irq_stack+0x24/0x58\n [ 314.269448] do_interrupt_handler+0x88/0x98\n [ 314.273624] el1_interrupt+0x34/0x68\n [ 314.277193] el1h_64_irq_handler+0x18/0x28\n [ 314.281281] el1h_64_irq+0x64/0x68\n [ 314.284673] default_idle_call+0x3c/0x168\n [ 314.288675] do_idle+0x1fc/0x230\n [ 314.291895] cpu_startup_entry+0x3c/0x50\n [ 314.295810] rest_init+0xe4/0xf0\n [ 314.299030] start_kernel+0x5e8/0x790\n [ 314.302684] __primary_switched+0x80/0x90\n [ 314.306691] Code: 940029eb 360ffc13 f9442ea0 52800001 (f9406017)\n [ 314.312775] ---[ end trace 0000000000000000 ]---\n [ 314.317384] Kernel panic - not syncing: Oops: Fatal exception in interrupt\n [ 314.324249] SMP: stopping secondary CPUs\n [ 314.328167] Kernel Offset: 0x2b9da00000 from 0xffffffc080000000\n [ 314.334076] PHYS_OFFSET: 0x0\n [ 314.336946] CPU features: 0x08,00002013,c0200000,0200421b\n [ 314.342337] Memory Limit: none\n [ 314.345382] ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---\n\nBefore resetting the G\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38371",
"url": "https://www.suse.com/security/cve/CVE-2025-38371"
},
{
"category": "external",
"summary": "SUSE Bug 1247178 for CVE-2025-38371",
"url": "https://bugzilla.suse.com/1247178"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38371"
},
{
"cve": "CVE-2025-38372",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38372"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix unsafe xarray access in implicit ODP handling\n\n__xa_store() and __xa_erase() were used without holding the proper lock,\nwhich led to a lockdep warning due to unsafe RCU usage. This patch\nreplaces them with xa_store() and xa_erase(), which perform the necessary\nlocking internally.\n\n =============================\n WARNING: suspicious RCPU usage\n 6.14.0-rc7_for_upstream_debug_2025_03_18_15_01 #1 Not tainted\n -----------------------------\n ./include/linux/xarray.h:1211 suspicious rcu_dereference_protected() usage!\n\n other info that might help us debug this:\n\n rcu_scheduler_active = 2, debug_locks = 1\n 3 locks held by kworker/u136:0/219:\n at: process_one_work+0xbe4/0x15f0\n process_one_work+0x75c/0x15f0\n pagefault_mr+0x9a5/0x1390 [mlx5_ib]\n\n stack backtrace:\n CPU: 14 UID: 0 PID: 219 Comm: kworker/u136:0 Not tainted\n 6.14.0-rc7_for_upstream_debug_2025_03_18_15_01 #1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS\n rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\n Workqueue: mlx5_ib_page_fault mlx5_ib_eqe_pf_action [mlx5_ib]\n Call Trace:\n dump_stack_lvl+0xa8/0xc0\n lockdep_rcu_suspicious+0x1e6/0x260\n xas_create+0xb8a/0xee0\n xas_store+0x73/0x14c0\n __xa_store+0x13c/0x220\n ? xa_store_range+0x390/0x390\n ? spin_bug+0x1d0/0x1d0\n pagefault_mr+0xcb5/0x1390 [mlx5_ib]\n ? _raw_spin_unlock+0x1f/0x30\n mlx5_ib_eqe_pf_action+0x3be/0x2620 [mlx5_ib]\n ? lockdep_hardirqs_on_prepare+0x400/0x400\n ? mlx5_ib_invalidate_range+0xcb0/0xcb0 [mlx5_ib]\n process_one_work+0x7db/0x15f0\n ? pwq_dec_nr_in_flight+0xda0/0xda0\n ? assign_work+0x168/0x240\n worker_thread+0x57d/0xcd0\n ? rescuer_thread+0xc40/0xc40\n kthread+0x3b3/0x800\n ? kthread_is_per_cpu+0xb0/0xb0\n ? lock_downgrade+0x680/0x680\n ? do_raw_spin_lock+0x12d/0x270\n ? spin_bug+0x1d0/0x1d0\n ? finish_task_switch.isra.0+0x284/0x9e0\n ? lockdep_hardirqs_on_prepare+0x284/0x400\n ? kthread_is_per_cpu+0xb0/0xb0\n ret_from_fork+0x2d/0x70\n ? kthread_is_per_cpu+0xb0/0xb0\n ret_from_fork_asm+0x11/0x20",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38372",
"url": "https://www.suse.com/security/cve/CVE-2025-38372"
},
{
"category": "external",
"summary": "SUSE Bug 1247020 for CVE-2025-38372",
"url": "https://bugzilla.suse.com/1247020"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38372"
},
{
"cve": "CVE-2025-38373",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38373"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/mlx5: Fix potential deadlock in MR deregistration\n\nThe issue arises when kzalloc() is invoked while holding umem_mutex or\nany other lock acquired under umem_mutex. This is problematic because\nkzalloc() can trigger fs_reclaim_aqcuire(), which may, in turn, invoke\nmmu_notifier_invalidate_range_start(). This function can lead to\nmlx5_ib_invalidate_range(), which attempts to acquire umem_mutex again,\nresulting in a deadlock.\n\nThe problematic flow:\n CPU0 | CPU1\n---------------------------------------|------------------------------------------------\nmlx5_ib_dereg_mr() |\n -\u003e revoke_mr() |\n -\u003e mutex_lock(\u0026umem_odp-\u003eumem_mutex) |\n | mlx5_mkey_cache_init()\n | -\u003e mutex_lock(\u0026dev-\u003ecache.rb_lock)\n | -\u003e mlx5r_cache_create_ent_locked()\n | -\u003e kzalloc(GFP_KERNEL)\n | -\u003e fs_reclaim()\n | -\u003e mmu_notifier_invalidate_range_start()\n | -\u003e mlx5_ib_invalidate_range()\n | -\u003e mutex_lock(\u0026umem_odp-\u003eumem_mutex)\n -\u003e cache_ent_find_and_store() |\n -\u003e mutex_lock(\u0026dev-\u003ecache.rb_lock) |\n\nAdditionally, when kzalloc() is called from within\ncache_ent_find_and_store(), we encounter the same deadlock due to\nre-acquisition of umem_mutex.\n\nSolve by releasing umem_mutex in dereg_mr() after umr_revoke_mr()\nand before acquiring rb_lock. This ensures that we don\u0027t hold\numem_mutex while performing memory allocations that could trigger\nthe reclaim path.\n\nThis change prevents the deadlock by ensuring proper lock ordering and\navoiding holding locks during memory allocation operations that could\ntrigger the reclaim path.\n\nThe following lockdep warning demonstrates the deadlock:\n\n python3/20557 is trying to acquire lock:\n ffff888387542128 (\u0026umem_odp-\u003eumem_mutex){+.+.}-{4:4}, at:\n mlx5_ib_invalidate_range+0x5b/0x550 [mlx5_ib]\n\n but task is already holding lock:\n ffffffff82f6b840 (mmu_notifier_invalidate_range_start){+.+.}-{0:0}, at:\n unmap_vmas+0x7b/0x1a0\n\n which lock already depends on the new lock.\n\n the existing dependency chain (in reverse order) is:\n\n -\u003e #3 (mmu_notifier_invalidate_range_start){+.+.}-{0:0}:\n fs_reclaim_acquire+0x60/0xd0\n mem_cgroup_css_alloc+0x6f/0x9b0\n cgroup_init_subsys+0xa4/0x240\n cgroup_init+0x1c8/0x510\n start_kernel+0x747/0x760\n x86_64_start_reservations+0x25/0x30\n x86_64_start_kernel+0x73/0x80\n common_startup_64+0x129/0x138\n\n -\u003e #2 (fs_reclaim){+.+.}-{0:0}:\n fs_reclaim_acquire+0x91/0xd0\n __kmalloc_cache_noprof+0x4d/0x4c0\n mlx5r_cache_create_ent_locked+0x75/0x620 [mlx5_ib]\n mlx5_mkey_cache_init+0x186/0x360 [mlx5_ib]\n mlx5_ib_stage_post_ib_reg_umr_init+0x3c/0x60 [mlx5_ib]\n __mlx5_ib_add+0x4b/0x190 [mlx5_ib]\n mlx5r_probe+0xd9/0x320 [mlx5_ib]\n auxiliary_bus_probe+0x42/0x70\n really_probe+0xdb/0x360\n __driver_probe_device+0x8f/0x130\n driver_probe_device+0x1f/0xb0\n __driver_attach+0xd4/0x1f0\n bus_for_each_dev+0x79/0xd0\n bus_add_driver+0xf0/0x200\n driver_register+0x6e/0xc0\n __auxiliary_driver_register+0x6a/0xc0\n do_one_initcall+0x5e/0x390\n do_init_module+0x88/0x240\n init_module_from_file+0x85/0xc0\n idempotent_init_module+0x104/0x300\n __x64_sys_finit_module+0x68/0xc0\n do_syscall_64+0x6d/0x140\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n -\u003e #1 (\u0026dev-\u003ecache.rb_lock){+.+.}-{4:4}:\n __mutex_lock+0x98/0xf10\n __mlx5_ib_dereg_mr+0x6f2/0x890 [mlx5_ib]\n mlx5_ib_dereg_mr+0x21/0x110 [mlx5_ib]\n ib_dereg_mr_user+0x85/0x1f0 [ib_core]\n \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38373",
"url": "https://www.suse.com/security/cve/CVE-2025-38373"
},
{
"category": "external",
"summary": "SUSE Bug 1247033 for CVE-2025-38373",
"url": "https://bugzilla.suse.com/1247033"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38373"
},
{
"cve": "CVE-2025-38374",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38374"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\noptee: ffa: fix sleep in atomic context\n\nThe OP-TEE driver registers the function notif_callback() for FF-A\nnotifications. However, this function is called in an atomic context\nleading to errors like this when processing asynchronous notifications:\n\n | BUG: sleeping function called from invalid context at kernel/locking/mutex.c:258\n | in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 9, name: kworker/0:0\n | preempt_count: 1, expected: 0\n | RCU nest depth: 0, expected: 0\n | CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted 6.14.0-00019-g657536ebe0aa #13\n | Hardware name: linux,dummy-virt (DT)\n | Workqueue: ffa_pcpu_irq_notification notif_pcpu_irq_work_fn\n | Call trace:\n | show_stack+0x18/0x24 (C)\n | dump_stack_lvl+0x78/0x90\n | dump_stack+0x18/0x24\n | __might_resched+0x114/0x170\n | __might_sleep+0x48/0x98\n | mutex_lock+0x24/0x80\n | optee_get_msg_arg+0x7c/0x21c\n | simple_call_with_arg+0x50/0xc0\n | optee_do_bottom_half+0x14/0x20\n | notif_callback+0x3c/0x48\n | handle_notif_callbacks+0x9c/0xe0\n | notif_get_and_handle+0x40/0x88\n | generic_exec_single+0x80/0xc0\n | smp_call_function_single+0xfc/0x1a0\n | notif_pcpu_irq_work_fn+0x2c/0x38\n | process_one_work+0x14c/0x2b4\n | worker_thread+0x2e4/0x3e0\n | kthread+0x13c/0x210\n | ret_from_fork+0x10/0x20\n\nFix this by adding work queue to process the notification in a\nnon-atomic context.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38374",
"url": "https://www.suse.com/security/cve/CVE-2025-38374"
},
{
"category": "external",
"summary": "SUSE Bug 1247024 for CVE-2025-38374",
"url": "https://bugzilla.suse.com/1247024"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38374"
},
{
"cve": "CVE-2025-38375",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38375"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-net: ensure the received length does not exceed allocated size\n\nIn xdp_linearize_page, when reading the following buffers from the ring,\nwe forget to check the received length with the true allocate size. This\ncan lead to an out-of-bound read. This commit adds that missing check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38375",
"url": "https://www.suse.com/security/cve/CVE-2025-38375"
},
{
"category": "external",
"summary": "SUSE Bug 1247177 for CVE-2025-38375",
"url": "https://bugzilla.suse.com/1247177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38375"
},
{
"cve": "CVE-2025-38376",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38376"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: chipidea: udc: disconnect/reconnect from host when do suspend/resume\n\nShawn and John reported a hang issue during system suspend as below:\n\n - USB gadget is enabled as Ethernet\n - There is data transfer over USB Ethernet (scp a big file between host\n and device)\n - Device is going in/out suspend (echo mem \u003e /sys/power/state)\n\nThe root cause is the USB device controller is suspended but the USB bus\nis still active which caused the USB host continues to transfer data with\ndevice and the device continues to queue USB requests (in this case, a\ndelayed TCP ACK packet trigger the issue) after controller is suspended,\nhowever the USB controller clock is already gated off. Then if udc driver\naccess registers after that point, the system will hang.\n\nThe correct way to avoid such issue is to disconnect device from host when\nthe USB bus is not at suspend state. Then the host will receive disconnect\nevent and stop data transfer in time. To continue make USB gadget device\nwork after system resume, this will reconnect device automatically.\n\nTo make usb wakeup work if USB bus is already at suspend state, this will\nkeep connection for it only when USB device controller has enabled wakeup\ncapability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38376",
"url": "https://www.suse.com/security/cve/CVE-2025-38376"
},
{
"category": "external",
"summary": "SUSE Bug 1247176 for CVE-2025-38376",
"url": "https://bugzilla.suse.com/1247176"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38376"
},
{
"cve": "CVE-2025-38377",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38377"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrose: fix dangling neighbour pointers in rose_rt_device_down()\n\nThere are two bugs in rose_rt_device_down() that can cause\nuse-after-free:\n\n1. The loop bound `t-\u003ecount` is modified within the loop, which can\n cause the loop to terminate early and miss some entries.\n\n2. When removing an entry from the neighbour array, the subsequent entries\n are moved up to fill the gap, but the loop index `i` is still\n incremented, causing the next entry to be skipped.\n\nFor example, if a node has three neighbours (A, A, B) with count=3 and A\nis being removed, the second A is not checked.\n\n i=0: (A, A, B) -\u003e (A, B) with count=2\n ^ checked\n i=1: (A, B) -\u003e (A, B) with count=2\n ^ checked (B, not A!)\n i=2: (doesn\u0027t occur because i \u003c count is false)\n\nThis leaves the second A in the array with count=2, but the rose_neigh\nstructure has been freed. Code that accesses these entries assumes that\nthe first `count` entries are valid pointers, causing a use-after-free\nwhen it accesses the dangling pointer.\n\nFix both issues by iterating over the array in reverse order with a fixed\nloop bound. This ensures that all entries are examined and that the removal\nof an entry doesn\u0027t affect subsequent iterations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38377",
"url": "https://www.suse.com/security/cve/CVE-2025-38377"
},
{
"category": "external",
"summary": "SUSE Bug 1247174 for CVE-2025-38377",
"url": "https://bugzilla.suse.com/1247174"
},
{
"category": "external",
"summary": "SUSE Bug 1247175 for CVE-2025-38377",
"url": "https://bugzilla.suse.com/1247175"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38377"
},
{
"cve": "CVE-2025-38380",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38380"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38380",
"url": "https://www.suse.com/security/cve/CVE-2025-38380"
},
{
"category": "external",
"summary": "SUSE Bug 1247028 for CVE-2025-38380",
"url": "https://bugzilla.suse.com/1247028"
},
{
"category": "external",
"summary": "SUSE Bug 1247029 for CVE-2025-38380",
"url": "https://bugzilla.suse.com/1247029"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38380"
},
{
"cve": "CVE-2025-38381",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38381"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: cs40l50-vibra - fix potential NULL dereference in cs40l50_upload_owt()\n\nThe cs40l50_upload_owt() function allocates memory via kmalloc()\nwithout checking for allocation failure, which could lead to a\nNULL pointer dereference.\n\nReturn -ENOMEM in case allocation fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38381",
"url": "https://www.suse.com/security/cve/CVE-2025-38381"
},
{
"category": "external",
"summary": "SUSE Bug 1247027 for CVE-2025-38381",
"url": "https://bugzilla.suse.com/1247027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38381"
},
{
"cve": "CVE-2025-38382",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38382"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix iteration of extrefs during log replay\n\nAt __inode_add_ref() when processing extrefs, if we jump into the next\nlabel we have an undefined value of victim_name.len, since we haven\u0027t\ninitialized it before we did the goto. This results in an invalid memory\naccess in the next iteration of the loop since victim_name.len was not\ninitialized to the length of the name of the current extref.\n\nFix this by initializing victim_name.len with the current extref\u0027s name\nlength.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38382",
"url": "https://www.suse.com/security/cve/CVE-2025-38382"
},
{
"category": "external",
"summary": "SUSE Bug 1247031 for CVE-2025-38382",
"url": "https://bugzilla.suse.com/1247031"
},
{
"category": "external",
"summary": "SUSE Bug 1247032 for CVE-2025-38382",
"url": "https://bugzilla.suse.com/1247032"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38382"
},
{
"cve": "CVE-2025-38383",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38383"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/vmalloc: fix data race in show_numa_info()\n\nThe following data-race was found in show_numa_info():\n\n==================================================================\nBUG: KCSAN: data-race in vmalloc_info_show / vmalloc_info_show\n\nread to 0xffff88800971fe30 of 4 bytes by task 8289 on cpu 0:\n show_numa_info mm/vmalloc.c:4936 [inline]\n vmalloc_info_show+0x5a8/0x7e0 mm/vmalloc.c:5016\n seq_read_iter+0x373/0xb40 fs/seq_file.c:230\n proc_reg_read_iter+0x11e/0x170 fs/proc/inode.c:299\n....\n\nwrite to 0xffff88800971fe30 of 4 bytes by task 8287 on cpu 1:\n show_numa_info mm/vmalloc.c:4934 [inline]\n vmalloc_info_show+0x38f/0x7e0 mm/vmalloc.c:5016\n seq_read_iter+0x373/0xb40 fs/seq_file.c:230\n proc_reg_read_iter+0x11e/0x170 fs/proc/inode.c:299\n....\n\nvalue changed: 0x0000008f -\u003e 0x00000000\n==================================================================\n\nAccording to this report,there is a read/write data-race because\nm-\u003eprivate is accessible to multiple CPUs. To fix this, instead of\nallocating the heap in proc_vmalloc_init() and passing the heap address to\nm-\u003eprivate, vmalloc_info_show() should allocate the heap.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38383",
"url": "https://www.suse.com/security/cve/CVE-2025-38383"
},
{
"category": "external",
"summary": "SUSE Bug 1247250 for CVE-2025-38383",
"url": "https://bugzilla.suse.com/1247250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38383"
},
{
"cve": "CVE-2025-38384",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38384"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: spinand: fix memory leak of ECC engine conf\n\nMemory allocated for the ECC engine conf is not released during spinand\ncleanup. Below kmemleak trace is seen for this memory leak:\n\nunreferenced object 0xffffff80064f00e0 (size 8):\n comm \"swapper/0\", pid 1, jiffies 4294937458\n hex dump (first 8 bytes):\n 00 00 00 00 00 00 00 00 ........\n backtrace (crc 0):\n kmemleak_alloc+0x30/0x40\n __kmalloc_cache_noprof+0x208/0x3c0\n spinand_ondie_ecc_init_ctx+0x114/0x200\n nand_ecc_init_ctx+0x70/0xa8\n nanddev_ecc_engine_init+0xec/0x27c\n spinand_probe+0xa2c/0x1620\n spi_mem_probe+0x130/0x21c\n spi_probe+0xf0/0x170\n really_probe+0x17c/0x6e8\n __driver_probe_device+0x17c/0x21c\n driver_probe_device+0x58/0x180\n __device_attach_driver+0x15c/0x1f8\n bus_for_each_drv+0xec/0x150\n __device_attach+0x188/0x24c\n device_initial_probe+0x10/0x20\n bus_probe_device+0x11c/0x160\n\nFix the leak by calling nanddev_ecc_engine_cleanup() inside\nspinand_cleanup().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38384",
"url": "https://www.suse.com/security/cve/CVE-2025-38384"
},
{
"category": "external",
"summary": "SUSE Bug 1247035 for CVE-2025-38384",
"url": "https://bugzilla.suse.com/1247035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "low"
}
],
"title": "CVE-2025-38384"
},
{
"cve": "CVE-2025-38385",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38385"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect\n\nRemove redundant netif_napi_del() call from disconnect path.\n\nA WARN may be triggered in __netif_napi_del_locked() during USB device\ndisconnect:\n\n WARNING: CPU: 0 PID: 11 at net/core/dev.c:7417 __netif_napi_del_locked+0x2b4/0x350\n\nThis happens because netif_napi_del() is called in the disconnect path while\nNAPI is still enabled. However, it is not necessary to call netif_napi_del()\nexplicitly, since unregister_netdev() will handle NAPI teardown automatically\nand safely. Removing the redundant call avoids triggering the warning.\n\nFull trace:\n lan78xx 1-1:1.0 enu1: Failed to read register index 0x000000c4. ret = -ENODEV\n lan78xx 1-1:1.0 enu1: Failed to set MAC down with error -ENODEV\n lan78xx 1-1:1.0 enu1: Link is Down\n lan78xx 1-1:1.0 enu1: Failed to read register index 0x00000120. ret = -ENODEV\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 11 at net/core/dev.c:7417 __netif_napi_del_locked+0x2b4/0x350\n Modules linked in: flexcan can_dev fuse\n CPU: 0 UID: 0 PID: 11 Comm: kworker/0:1 Not tainted 6.16.0-rc2-00624-ge926949dab03 #9 PREEMPT\n Hardware name: SKOV IMX8MP CPU revC - bd500 (DT)\n Workqueue: usb_hub_wq hub_event\n pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : __netif_napi_del_locked+0x2b4/0x350\n lr : __netif_napi_del_locked+0x7c/0x350\n sp : ffffffc085b673c0\n x29: ffffffc085b673c0 x28: ffffff800b7f2000 x27: ffffff800b7f20d8\n x26: ffffff80110bcf58 x25: ffffff80110bd978 x24: 1ffffff0022179eb\n x23: ffffff80110bc000 x22: ffffff800b7f5000 x21: ffffff80110bc000\n x20: ffffff80110bcf38 x19: ffffff80110bcf28 x18: dfffffc000000000\n x17: ffffffc081578940 x16: ffffffc08284cee0 x15: 0000000000000028\n x14: 0000000000000006 x13: 0000000000040000 x12: ffffffb0022179e8\n x11: 1ffffff0022179e7 x10: ffffffb0022179e7 x9 : dfffffc000000000\n x8 : 0000004ffdde8619 x7 : ffffff80110bcf3f x6 : 0000000000000001\n x5 : ffffff80110bcf38 x4 : ffffff80110bcf38 x3 : 0000000000000000\n x2 : 0000000000000000 x1 : 1ffffff0022179e7 x0 : 0000000000000000\n Call trace:\n __netif_napi_del_locked+0x2b4/0x350 (P)\n lan78xx_disconnect+0xf4/0x360\n usb_unbind_interface+0x158/0x718\n device_remove+0x100/0x150\n device_release_driver_internal+0x308/0x478\n device_release_driver+0x1c/0x30\n bus_remove_device+0x1a8/0x368\n device_del+0x2e0/0x7b0\n usb_disable_device+0x244/0x540\n usb_disconnect+0x220/0x758\n hub_event+0x105c/0x35e0\n process_one_work+0x760/0x17b0\n worker_thread+0x768/0xce8\n kthread+0x3bc/0x690\n ret_from_fork+0x10/0x20\n irq event stamp: 211604\n hardirqs last enabled at (211603): [\u003cffffffc0828cc9ec\u003e] _raw_spin_unlock_irqrestore+0x84/0x98\n hardirqs last disabled at (211604): [\u003cffffffc0828a9a84\u003e] el1_dbg+0x24/0x80\n softirqs last enabled at (211296): [\u003cffffffc080095f10\u003e] handle_softirqs+0x820/0xbc8\n softirqs last disabled at (210993): [\u003cffffffc080010288\u003e] __do_softirq+0x18/0x20\n ---[ end trace 0000000000000000 ]---\n lan78xx 1-1:1.0 enu1: failed to kill vid 0081/0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38385",
"url": "https://www.suse.com/security/cve/CVE-2025-38385"
},
{
"category": "external",
"summary": "SUSE Bug 1247149 for CVE-2025-38385",
"url": "https://bugzilla.suse.com/1247149"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "low"
}
],
"title": "CVE-2025-38385"
},
{
"cve": "CVE-2025-38386",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38386"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: Refuse to evaluate a method if arguments are missing\n\nAs reported in [1], a platform firmware update that increased the number\nof method parameters and forgot to update a least one of its callers,\ncaused ACPICA to crash due to use-after-free.\n\nSince this a result of a clear AML issue that arguably cannot be fixed\nup by the interpreter (it cannot produce missing data out of thin air),\naddress it by making ACPICA refuse to evaluate a method if the caller\nattempts to pass fewer arguments than expected to it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38386",
"url": "https://www.suse.com/security/cve/CVE-2025-38386"
},
{
"category": "external",
"summary": "SUSE Bug 1247138 for CVE-2025-38386",
"url": "https://bugzilla.suse.com/1247138"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38386"
},
{
"cve": "CVE-2025-38387",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38387"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Initialize obj_event-\u003eobj_sub_list before xa_insert\n\nThe obj_event may be loaded immediately after inserted, then if the\nlist_head is not initialized then we may get a poisonous pointer. This\nfixes the crash below:\n\n mlx5_core 0000:03:00.0: MLX5E: StrdRq(1) RqSz(8) StrdSz(2048) RxCqeCmprss(0 enhanced)\n mlx5_core.sf mlx5_core.sf.4: firmware version: 32.38.3056\n mlx5_core 0000:03:00.0 en3f0pf0sf2002: renamed from eth0\n mlx5_core.sf mlx5_core.sf.4: Rate limit: 127 rates are supported, range: 0Mbps to 195312Mbps\n IPv6: ADDRCONF(NETDEV_CHANGE): en3f0pf0sf2002: link becomes ready\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000060\n Mem abort info:\n ESR = 0x96000006\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n Data abort info:\n ISV = 0, ISS = 0x00000006\n CM = 0, WnR = 0\n user pgtable: 4k pages, 48-bit VAs, pgdp=00000007760fb000\n [0000000000000060] pgd=000000076f6d7003, p4d=000000076f6d7003, pud=0000000777841003, pmd=0000000000000000\n Internal error: Oops: 96000006 [#1] SMP\n Modules linked in: ipmb_host(OE) act_mirred(E) cls_flower(E) sch_ingress(E) mptcp_diag(E) udp_diag(E) raw_diag(E) unix_diag(E) tcp_diag(E) inet_diag(E) binfmt_misc(E) bonding(OE) rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) isofs(E) cdrom(E) mst_pciconf(OE) ib_umad(OE) mlx5_ib(OE) ipmb_dev_int(OE) mlx5_core(OE) kpatch_15237886(OEK) mlxdevm(OE) auxiliary(OE) ib_uverbs(OE) ib_core(OE) psample(E) mlxfw(OE) tls(E) sunrpc(E) vfat(E) fat(E) crct10dif_ce(E) ghash_ce(E) sha1_ce(E) sbsa_gwdt(E) virtio_console(E) ext4(E) mbcache(E) jbd2(E) xfs(E) libcrc32c(E) mmc_block(E) virtio_net(E) net_failover(E) failover(E) sha2_ce(E) sha256_arm64(E) nvme(OE) nvme_core(OE) gpio_mlxbf3(OE) mlx_compat(OE) mlxbf_pmc(OE) i2c_mlxbf(OE) sdhci_of_dwcmshc(OE) pinctrl_mlxbf3(OE) mlxbf_pka(OE) gpio_generic(E) i2c_core(E) mmc_core(E) mlxbf_gige(OE) vitesse(E) pwr_mlxbf(OE) mlxbf_tmfifo(OE) micrel(E) mlxbf_bootctl(OE) virtio_ring(E) virtio(E) ipmi_devintf(E) ipmi_msghandler(E)\n [last unloaded: mst_pci]\n CPU: 11 PID: 20913 Comm: rte-worker-11 Kdump: loaded Tainted: G OE K 5.10.134-13.1.an8.aarch64 #1\n Hardware name: https://www.mellanox.com BlueField-3 SmartNIC Main Card/BlueField-3 SmartNIC Main Card, BIOS 4.2.2.12968 Oct 26 2023\n pstate: a0400089 (NzCv daIf +PAN -UAO -TCO BTYPE=--)\n pc : dispatch_event_fd+0x68/0x300 [mlx5_ib]\n lr : devx_event_notifier+0xcc/0x228 [mlx5_ib]\n sp : ffff80001005bcf0\n x29: ffff80001005bcf0 x28: 0000000000000001\n x27: ffff244e0740a1d8 x26: ffff244e0740a1d0\n x25: ffffda56beff5ae0 x24: ffffda56bf911618\n x23: ffff244e0596a480 x22: ffff244e0596a480\n x21: ffff244d8312ad90 x20: ffff244e0596a480\n x19: fffffffffffffff0 x18: 0000000000000000\n x17: 0000000000000000 x16: ffffda56be66d620\n x15: 0000000000000000 x14: 0000000000000000\n x13: 0000000000000000 x12: 0000000000000000\n x11: 0000000000000040 x10: ffffda56bfcafb50\n x9 : ffffda5655c25f2c x8 : 0000000000000010\n x7 : 0000000000000000 x6 : ffff24545a2e24b8\n x5 : 0000000000000003 x4 : ffff80001005bd28\n x3 : 0000000000000000 x2 : 0000000000000000\n x1 : ffff244e0596a480 x0 : ffff244d8312ad90\n Call trace:\n dispatch_event_fd+0x68/0x300 [mlx5_ib]\n devx_event_notifier+0xcc/0x228 [mlx5_ib]\n atomic_notifier_call_chain+0x58/0x80\n mlx5_eq_async_int+0x148/0x2b0 [mlx5_core]\n atomic_notifier_call_chain+0x58/0x80\n irq_int_handler+0x20/0x30 [mlx5_core]\n __handle_irq_event_percpu+0x60/0x220\n handle_irq_event_percpu+0x3c/0x90\n handle_irq_event+0x58/0x158\n handle_fasteoi_irq+0xfc/0x188\n generic_handle_irq+0x34/0x48\n ...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38387",
"url": "https://www.suse.com/security/cve/CVE-2025-38387"
},
{
"category": "external",
"summary": "SUSE Bug 1247154 for CVE-2025-38387",
"url": "https://bugzilla.suse.com/1247154"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38387"
},
{
"cve": "CVE-2025-38389",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38389"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/gt: Fix timeline left held on VMA alloc error\n\nThe following error has been reported sporadically by CI when a test\nunbinds the i915 driver on a ring submission platform:\n\n\u003c4\u003e [239.330153] ------------[ cut here ]------------\n\u003c4\u003e [239.330166] i915 0000:00:02.0: [drm] drm_WARN_ON(dev_priv-\u003emm.shrink_count)\n\u003c4\u003e [239.330196] WARNING: CPU: 1 PID: 18570 at drivers/gpu/drm/i915/i915_gem.c:1309 i915_gem_cleanup_early+0x13e/0x150 [i915]\n...\n\u003c4\u003e [239.330640] RIP: 0010:i915_gem_cleanup_early+0x13e/0x150 [i915]\n...\n\u003c4\u003e [239.330942] Call Trace:\n\u003c4\u003e [239.330944] \u003cTASK\u003e\n\u003c4\u003e [239.330949] i915_driver_late_release+0x2b/0xa0 [i915]\n\u003c4\u003e [239.331202] i915_driver_release+0x86/0xa0 [i915]\n\u003c4\u003e [239.331482] devm_drm_dev_init_release+0x61/0x90\n\u003c4\u003e [239.331494] devm_action_release+0x15/0x30\n\u003c4\u003e [239.331504] release_nodes+0x3d/0x120\n\u003c4\u003e [239.331517] devres_release_all+0x96/0xd0\n\u003c4\u003e [239.331533] device_unbind_cleanup+0x12/0x80\n\u003c4\u003e [239.331543] device_release_driver_internal+0x23a/0x280\n\u003c4\u003e [239.331550] ? bus_find_device+0xa5/0xe0\n\u003c4\u003e [239.331563] device_driver_detach+0x14/0x20\n...\n\u003c4\u003e [357.719679] ---[ end trace 0000000000000000 ]---\n\nIf the test also unloads the i915 module then that\u0027s followed with:\n\n\u003c3\u003e [357.787478] =============================================================================\n\u003c3\u003e [357.788006] BUG i915_vma (Tainted: G U W N ): Objects remaining on __kmem_cache_shutdown()\n\u003c3\u003e [357.788031] -----------------------------------------------------------------------------\n\u003c3\u003e [357.788204] Object 0xffff888109e7f480 @offset=29824\n\u003c3\u003e [357.788670] Allocated in i915_vma_instance+0xee/0xc10 [i915] age=292729 cpu=4 pid=2244\n\u003c4\u003e [357.788994] i915_vma_instance+0xee/0xc10 [i915]\n\u003c4\u003e [357.789290] init_status_page+0x7b/0x420 [i915]\n\u003c4\u003e [357.789532] intel_engines_init+0x1d8/0x980 [i915]\n\u003c4\u003e [357.789772] intel_gt_init+0x175/0x450 [i915]\n\u003c4\u003e [357.790014] i915_gem_init+0x113/0x340 [i915]\n\u003c4\u003e [357.790281] i915_driver_probe+0x847/0xed0 [i915]\n\u003c4\u003e [357.790504] i915_pci_probe+0xe6/0x220 [i915]\n...\n\nCloser analysis of CI results history has revealed a dependency of the\nerror on a few IGT tests, namely:\n- igt@api_intel_allocator@fork-simple-stress-signal,\n- igt@api_intel_allocator@two-level-inception-interruptible,\n- igt@gem_linear_blits@interruptible,\n- igt@prime_mmap_coherency@ioctl-errors,\nwhich invisibly trigger the issue, then exhibited with first driver unbind\nattempt.\n\nAll of the above tests perform actions which are actively interrupted with\nsignals. Further debugging has allowed to narrow that scope down to\nDRM_IOCTL_I915_GEM_EXECBUFFER2, and ring_context_alloc(), specific to ring\nsubmission, in particular.\n\nIf successful then that function, or its execlists or GuC submission\nequivalent, is supposed to be called only once per GEM context engine,\nfollowed by raise of a flag that prevents the function from being called\nagain. The function is expected to unwind its internal errors itself, so\nit may be safely called once more after it returns an error.\n\nIn case of ring submission, the function first gets a reference to the\nengine\u0027s legacy timeline and then allocates a VMA. If the VMA allocation\nfails, e.g. when i915_vma_instance() called from inside is interrupted\nwith a signal, then ring_context_alloc() fails, leaving the timeline held\nreferenced. On next I915_GEM_EXECBUFFER2 IOCTL, another reference to the\ntimeline is got, and only that last one is put on successful completion.\nAs a consequence, the legacy timeline, with its underlying engine status\npage\u0027s VMA object, is still held and not released on driver unbind.\n\nGet the legacy timeline only after successful allocation of the context\nengine\u0027s VMA.\n\nv2: Add a note on other submission methods (Krzysztof Karas):\n Both execlists and GuC submission use lrc_alloc() which seems free\n from a similar issue.\n\n(cherry picked from commit cc43422b3cc79eacff4c5a8ba0d224688ca9dd4f)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38389",
"url": "https://www.suse.com/security/cve/CVE-2025-38389"
},
{
"category": "external",
"summary": "SUSE Bug 1247153 for CVE-2025-38389",
"url": "https://bugzilla.suse.com/1247153"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38389"
},
{
"cve": "CVE-2025-38390",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38390"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_ffa: Fix memory leak by freeing notifier callback node\n\nCommit e0573444edbf (\"firmware: arm_ffa: Add interfaces to request\nnotification callbacks\") adds support for notifier callbacks by allocating\nand inserting a callback node into a hashtable during registration of\nnotifiers. However, during unregistration, the code only removes the\nnode from the hashtable without freeing the associated memory, resulting\nin a memory leak.\n\nResolve the memory leak issue by ensuring the allocated notifier callback\nnode is properly freed after it is removed from the hashtable entry.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38390",
"url": "https://www.suse.com/security/cve/CVE-2025-38390"
},
{
"category": "external",
"summary": "SUSE Bug 1247088 for CVE-2025-38390",
"url": "https://bugzilla.suse.com/1247088"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38390"
},
{
"cve": "CVE-2025-38391",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38391"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: altmodes/displayport: do not index invalid pin_assignments\n\nA poorly implemented DisplayPort Alt Mode port partner can indicate\nthat its pin assignment capabilities are greater than the maximum\nvalue, DP_PIN_ASSIGN_F. In this case, calls to pin_assignment_show\nwill cause a BRK exception due to an out of bounds array access.\n\nPrevent for loop in pin_assignment_show from accessing\ninvalid values in pin_assignments by adding DP_PIN_ASSIGN_MAX\nvalue in typec_dp.h and using i \u003c DP_PIN_ASSIGN_MAX as a loop\ncondition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38391",
"url": "https://www.suse.com/security/cve/CVE-2025-38391"
},
{
"category": "external",
"summary": "SUSE Bug 1247181 for CVE-2025-38391",
"url": "https://bugzilla.suse.com/1247181"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38391"
},
{
"cve": "CVE-2025-38392",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38392"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: convert control queue mutex to a spinlock\n\nWith VIRTCHNL2_CAP_MACFILTER enabled, the following warning is generated\non module load:\n\n[ 324.701677] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:578\n[ 324.701684] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1582, name: NetworkManager\n[ 324.701689] preempt_count: 201, expected: 0\n[ 324.701693] RCU nest depth: 0, expected: 0\n[ 324.701697] 2 locks held by NetworkManager/1582:\n[ 324.701702] #0: ffffffff9f7be770 (rtnl_mutex){....}-{3:3}, at: rtnl_newlink+0x791/0x21e0\n[ 324.701730] #1: ff1100216c380368 (_xmit_ETHER){....}-{2:2}, at: __dev_open+0x3f0/0x870\n[ 324.701749] Preemption disabled at:\n[ 324.701752] [\u003cffffffff9cd23b9d\u003e] __dev_open+0x3dd/0x870\n[ 324.701765] CPU: 30 UID: 0 PID: 1582 Comm: NetworkManager Not tainted 6.15.0-rc5+ #2 PREEMPT(voluntary)\n[ 324.701771] Hardware name: Intel Corporation M50FCP2SBSTD/M50FCP2SBSTD, BIOS SE5C741.86B.01.01.0001.2211140926 11/14/2022\n[ 324.701774] Call Trace:\n[ 324.701777] \u003cTASK\u003e\n[ 324.701779] dump_stack_lvl+0x5d/0x80\n[ 324.701788] ? __dev_open+0x3dd/0x870\n[ 324.701793] __might_resched.cold+0x1ef/0x23d\n\u003c..\u003e\n[ 324.701818] __mutex_lock+0x113/0x1b80\n\u003c..\u003e\n[ 324.701917] idpf_ctlq_clean_sq+0xad/0x4b0 [idpf]\n[ 324.701935] ? kasan_save_track+0x14/0x30\n[ 324.701941] idpf_mb_clean+0x143/0x380 [idpf]\n\u003c..\u003e\n[ 324.701991] idpf_send_mb_msg+0x111/0x720 [idpf]\n[ 324.702009] idpf_vc_xn_exec+0x4cc/0x990 [idpf]\n[ 324.702021] ? rcu_is_watching+0x12/0xc0\n[ 324.702035] idpf_add_del_mac_filters+0x3ed/0xb50 [idpf]\n\u003c..\u003e\n[ 324.702122] __hw_addr_sync_dev+0x1cf/0x300\n[ 324.702126] ? find_held_lock+0x32/0x90\n[ 324.702134] idpf_set_rx_mode+0x317/0x390 [idpf]\n[ 324.702152] __dev_open+0x3f8/0x870\n[ 324.702159] ? __pfx___dev_open+0x10/0x10\n[ 324.702174] __dev_change_flags+0x443/0x650\n\u003c..\u003e\n[ 324.702208] netif_change_flags+0x80/0x160\n[ 324.702218] do_setlink.isra.0+0x16a0/0x3960\n\u003c..\u003e\n[ 324.702349] rtnl_newlink+0x12fd/0x21e0\n\nThe sequence is as follows:\n\trtnl_newlink()-\u003e\n\t__dev_change_flags()-\u003e\n\t__dev_open()-\u003e\n\tdev_set_rx_mode() - \u003e # disables BH and grabs \"dev-\u003eaddr_list_lock\"\n\tidpf_set_rx_mode() -\u003e # proceed only if VIRTCHNL2_CAP_MACFILTER is ON\n\t__dev_uc_sync() -\u003e\n\tidpf_add_mac_filter -\u003e\n\tidpf_add_del_mac_filters -\u003e\n\tidpf_send_mb_msg() -\u003e\n\tidpf_mb_clean() -\u003e\n\tidpf_ctlq_clean_sq() # mutex_lock(cq_lock)\n\nFix by converting cq_lock to a spinlock. All operations under the new\nlock are safe except freeing the DMA memory, which may use vunmap(). Fix\nby requesting a contiguous physical memory for the DMA mapping.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38392",
"url": "https://www.suse.com/security/cve/CVE-2025-38392"
},
{
"category": "external",
"summary": "SUSE Bug 1247169 for CVE-2025-38392",
"url": "https://bugzilla.suse.com/1247169"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38392"
},
{
"cve": "CVE-2025-38393",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38393"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN\n\nWe found a few different systems hung up in writeback waiting on the same\npage lock, and one task waiting on the NFS_LAYOUT_DRAIN bit in\npnfs_update_layout(), however the pnfs_layout_hdr\u0027s plh_outstanding count\nwas zero.\n\nIt seems most likely that this is another race between the waiter and waker\nsimilar to commit ed0172af5d6f (\"SUNRPC: Fix a race to wake a sync task\").\nFix it up by applying the advised barrier.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38393",
"url": "https://www.suse.com/security/cve/CVE-2025-38393"
},
{
"category": "external",
"summary": "SUSE Bug 1247170 for CVE-2025-38393",
"url": "https://bugzilla.suse.com/1247170"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38393"
},
{
"cve": "CVE-2025-38395",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38395"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: gpio: Fix the out-of-bounds access to drvdata::gpiods\n\ndrvdata::gpiods is supposed to hold an array of \u0027gpio_desc\u0027 pointers. But\nthe memory is allocated for only one pointer. This will lead to\nout-of-bounds access later in the code if \u0027config::ngpios\u0027 is \u003e 1. So\nfix the code to allocate enough memory to hold \u0027config::ngpios\u0027 of GPIO\ndescriptors.\n\nWhile at it, also move the check for memory allocation failure to be below\nthe allocation to make it more readable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38395",
"url": "https://www.suse.com/security/cve/CVE-2025-38395"
},
{
"category": "external",
"summary": "SUSE Bug 1247171 for CVE-2025-38395",
"url": "https://bugzilla.suse.com/1247171"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38395"
},
{
"cve": "CVE-2025-38396",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38396"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass\n\nExport anon_inode_make_secure_inode() to allow KVM guest_memfd to create\nanonymous inodes with proper security context. This replaces the current\npattern of calling alloc_anon_inode() followed by\ninode_init_security_anon() for creating security context manually.\n\nThis change also fixes a security regression in secretmem where the\nS_PRIVATE flag was not cleared after alloc_anon_inode(), causing\nLSM/SELinux checks to be bypassed for secretmem file descriptors.\n\nAs guest_memfd currently resides in the KVM module, we need to export this\nsymbol for use outside the core kernel. In the future, guest_memfd might be\nmoved to core-mm, at which point the symbols no longer would have to be\nexported. When/if that happens is still unclear.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38396",
"url": "https://www.suse.com/security/cve/CVE-2025-38396"
},
{
"category": "external",
"summary": "SUSE Bug 1247156 for CVE-2025-38396",
"url": "https://bugzilla.suse.com/1247156"
},
{
"category": "external",
"summary": "SUSE Bug 1247158 for CVE-2025-38396",
"url": "https://bugzilla.suse.com/1247158"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38396"
},
{
"cve": "CVE-2025-38397",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38397"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-multipath: fix suspicious RCU usage warning\n\nWhen I run the NVME over TCP test in virtme-ng, I get the following\n\"suspicious RCU usage\" warning in nvme_mpath_add_sysfs_link():\n\n\u0027\u0027\u0027\n[ 5.024557][ T44] nvmet: Created nvm controller 1 for subsystem nqn.2025-06.org.nvmexpress.mptcp for NQN nqn.2014-08.org.nvmexpress:uuid:f7f6b5e0-ff97-4894-98ac-c85309e0bc77.\n[ 5.027401][ T183] nvme nvme0: creating 2 I/O queues.\n[ 5.029017][ T183] nvme nvme0: mapped 2/0/0 default/read/poll queues.\n[ 5.032587][ T183] nvme nvme0: new ctrl: NQN \"nqn.2025-06.org.nvmexpress.mptcp\", addr 127.0.0.1:4420, hostnqn: nqn.2014-08.org.nvmexpress:uuid:f7f6b5e0-ff97-4894-98ac-c85309e0bc77\n[ 5.042214][ T25]\n[ 5.042440][ T25] =============================\n[ 5.042579][ T25] WARNING: suspicious RCU usage\n[ 5.042705][ T25] 6.16.0-rc3+ #23 Not tainted\n[ 5.042812][ T25] -----------------------------\n[ 5.042934][ T25] drivers/nvme/host/multipath.c:1203 RCU-list traversed in non-reader section!!\n[ 5.043111][ T25]\n[ 5.043111][ T25] other info that might help us debug this:\n[ 5.043111][ T25]\n[ 5.043341][ T25]\n[ 5.043341][ T25] rcu_scheduler_active = 2, debug_locks = 1\n[ 5.043502][ T25] 3 locks held by kworker/u9:0/25:\n[ 5.043615][ T25] #0: ffff888008730948 ((wq_completion)async){+.+.}-{0:0}, at: process_one_work+0x7ed/0x1350\n[ 5.043830][ T25] #1: ffffc900001afd40 ((work_completion)(\u0026entry-\u003ework)){+.+.}-{0:0}, at: process_one_work+0xcf3/0x1350\n[ 5.044084][ T25] #2: ffff888013ee0020 (\u0026head-\u003esrcu){.+.+}-{0:0}, at: nvme_mpath_add_sysfs_link.part.0+0xb4/0x3a0\n[ 5.044300][ T25]\n[ 5.044300][ T25] stack backtrace:\n[ 5.044439][ T25] CPU: 0 UID: 0 PID: 25 Comm: kworker/u9:0 Not tainted 6.16.0-rc3+ #23 PREEMPT(full)\n[ 5.044441][ T25] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011\n[ 5.044442][ T25] Workqueue: async async_run_entry_fn\n[ 5.044445][ T25] Call Trace:\n[ 5.044446][ T25] \u003cTASK\u003e\n[ 5.044449][ T25] dump_stack_lvl+0x6f/0xb0\n[ 5.044453][ T25] lockdep_rcu_suspicious.cold+0x4f/0xb1\n[ 5.044457][ T25] nvme_mpath_add_sysfs_link.part.0+0x2fb/0x3a0\n[ 5.044459][ T25] ? queue_work_on+0x90/0xf0\n[ 5.044461][ T25] ? lockdep_hardirqs_on+0x78/0x110\n[ 5.044466][ T25] nvme_mpath_set_live+0x1e9/0x4f0\n[ 5.044470][ T25] nvme_mpath_add_disk+0x240/0x2f0\n[ 5.044472][ T25] ? __pfx_nvme_mpath_add_disk+0x10/0x10\n[ 5.044475][ T25] ? add_disk_fwnode+0x361/0x580\n[ 5.044480][ T25] nvme_alloc_ns+0x81c/0x17c0\n[ 5.044483][ T25] ? kasan_quarantine_put+0x104/0x240\n[ 5.044487][ T25] ? __pfx_nvme_alloc_ns+0x10/0x10\n[ 5.044495][ T25] ? __pfx_nvme_find_get_ns+0x10/0x10\n[ 5.044496][ T25] ? rcu_read_lock_any_held+0x45/0xa0\n[ 5.044498][ T25] ? validate_chain+0x232/0x4f0\n[ 5.044503][ T25] nvme_scan_ns+0x4c8/0x810\n[ 5.044506][ T25] ? __pfx_nvme_scan_ns+0x10/0x10\n[ 5.044508][ T25] ? find_held_lock+0x2b/0x80\n[ 5.044512][ T25] ? ktime_get+0x16d/0x220\n[ 5.044517][ T25] ? kvm_clock_get_cycles+0x18/0x30\n[ 5.044520][ T25] ? __pfx_nvme_scan_ns_async+0x10/0x10\n[ 5.044522][ T25] async_run_entry_fn+0x97/0x560\n[ 5.044523][ T25] ? rcu_is_watching+0x12/0xc0\n[ 5.044526][ T25] process_one_work+0xd3c/0x1350\n[ 5.044532][ T25] ? __pfx_process_one_work+0x10/0x10\n[ 5.044536][ T25] ? assign_work+0x16c/0x240\n[ 5.044539][ T25] worker_thread+0x4da/0xd50\n[ 5.044545][ T25] ? __pfx_worker_thread+0x10/0x10\n[ 5.044546][ T25] kthread+0x356/0x5c0\n[ 5.044548][ T25] ? __pfx_kthread+0x10/0x10\n[ 5.044549][ T25] ? ret_from_fork+0x1b/0x2e0\n[ 5.044552][ T25] ? __lock_release.isra.0+0x5d/0x180\n[ 5.044553][ T25] ? ret_from_fork+0x1b/0x2e0\n[ 5.044555][ T25] ? rcu_is_watching+0x12/0xc0\n[ 5.044557][ T25] ? __pfx_kthread+0x10/0x10\n[ 5.04\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38397",
"url": "https://www.suse.com/security/cve/CVE-2025-38397"
},
{
"category": "external",
"summary": "SUSE Bug 1247163 for CVE-2025-38397",
"url": "https://bugzilla.suse.com/1247163"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38397"
},
{
"cve": "CVE-2025-38399",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38399"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port()\n\nThe function core_scsi3_decode_spec_i_port(), in its error code path,\nunconditionally calls core_scsi3_lunacl_undepend_item() passing the\ndest_se_deve pointer, which may be NULL.\n\nThis can lead to a NULL pointer dereference if dest_se_deve remains\nunset.\n\nSPC-3 PR SPEC_I_PT: Unable to locate dest_tpg\nUnable to handle kernel paging request at virtual address dfff800000000012\nCall trace:\n core_scsi3_lunacl_undepend_item+0x2c/0xf0 [target_core_mod] (P)\n core_scsi3_decode_spec_i_port+0x120c/0x1c30 [target_core_mod]\n core_scsi3_emulate_pro_register+0x6b8/0xcd8 [target_core_mod]\n target_scsi3_emulate_pr_out+0x56c/0x840 [target_core_mod]\n\nFix this by adding a NULL check before calling\ncore_scsi3_lunacl_undepend_item()",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38399",
"url": "https://www.suse.com/security/cve/CVE-2025-38399"
},
{
"category": "external",
"summary": "SUSE Bug 1247097 for CVE-2025-38399",
"url": "https://bugzilla.suse.com/1247097"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38399"
},
{
"cve": "CVE-2025-38400",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38400"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails.\n\nsyzbot reported a warning below [1] following a fault injection in\nnfs_fs_proc_net_init(). [0]\n\nWhen nfs_fs_proc_net_init() fails, /proc/net/rpc/nfs is not removed.\n\nLater, rpc_proc_exit() tries to remove /proc/net/rpc, and the warning\nis logged as the directory is not empty.\n\nLet\u0027s handle the error of nfs_fs_proc_net_init() properly.\n\n[0]:\nFAULT_INJECTION: forcing a failure.\nname failslab, interval 1, probability 0, space 0, times 0\nCPU: 1 UID: 0 PID: 6120 Comm: syz.2.27 Not tainted 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl (lib/dump_stack.c:123)\n should_fail_ex (lib/fault-inject.c:73 lib/fault-inject.c:174)\n should_failslab (mm/failslab.c:46)\n kmem_cache_alloc_noprof (mm/slub.c:4178 mm/slub.c:4204)\n __proc_create (fs/proc/generic.c:427)\n proc_create_reg (fs/proc/generic.c:554)\n proc_create_net_data (fs/proc/proc_net.c:120)\n nfs_fs_proc_net_init (fs/nfs/client.c:1409)\n nfs_net_init (fs/nfs/inode.c:2600)\n ops_init (net/core/net_namespace.c:138)\n setup_net (net/core/net_namespace.c:443)\n copy_net_ns (net/core/net_namespace.c:576)\n create_new_namespaces (kernel/nsproxy.c:110)\n unshare_nsproxy_namespaces (kernel/nsproxy.c:218 (discriminator 4))\n ksys_unshare (kernel/fork.c:3123)\n __x64_sys_unshare (kernel/fork.c:3190)\n do_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n \u003c/TASK\u003e\n\n[1]:\nremove_proc_entry: removing non-empty directory \u0027net/rpc\u0027, leaking at least \u0027nfs\u0027\n WARNING: CPU: 1 PID: 6120 at fs/proc/generic.c:727 remove_proc_entry+0x45e/0x530 fs/proc/generic.c:727\nModules linked in:\nCPU: 1 UID: 0 PID: 6120 Comm: syz.2.27 Not tainted 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\n RIP: 0010:remove_proc_entry+0x45e/0x530 fs/proc/generic.c:727\nCode: 3c 02 00 0f 85 85 00 00 00 48 8b 93 d8 00 00 00 4d 89 f0 4c 89 e9 48 c7 c6 40 ba a2 8b 48 c7 c7 60 b9 a2 8b e8 33 81 1d ff 90 \u003c0f\u003e 0b 90 90 e9 5f fe ff ff e8 04 69 5e ff 90 48 b8 00 00 00 00 00\nRSP: 0018:ffffc90003637b08 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffff88805f534140 RCX: ffffffff817a92c8\nRDX: ffff88807da99e00 RSI: ffffffff817a92d5 RDI: 0000000000000001\nRBP: ffff888033431ac0 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000001 R12: ffff888033431a00\nR13: ffff888033431ae4 R14: ffff888033184724 R15: dffffc0000000000\nFS: 0000555580328500(0000) GS:ffff888124a62000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f71733743e0 CR3: 000000007f618000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n sunrpc_exit_net+0x46/0x90 net/sunrpc/sunrpc_syms.c:76\n ops_exit_list net/core/net_namespace.c:200 [inline]\n ops_undo_list+0x2eb/0xab0 net/core/net_namespace.c:253\n setup_net+0x2e1/0x510 net/core/net_namespace.c:457\n copy_net_ns+0x2a6/0x5f0 net/core/net_namespace.c:574\n create_new_namespaces+0x3ea/0xa90 kernel/nsproxy.c:110\n unshare_nsproxy_namespaces+0xc0/0x1f0 kernel/nsproxy.c:218\n ksys_unshare+0x45b/0xa40 kernel/fork.c:3121\n __do_sys_unshare kernel/fork.c:3192 [inline]\n __se_sys_unshare kernel/fork.c:3190 [inline]\n __x64_sys_unshare+0x31/0x40 kernel/fork.c:3190\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x490 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fa1a6b8e929\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38400",
"url": "https://www.suse.com/security/cve/CVE-2025-38400"
},
{
"category": "external",
"summary": "SUSE Bug 1247123 for CVE-2025-38400",
"url": "https://bugzilla.suse.com/1247123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38400"
},
{
"cve": "CVE-2025-38401",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38401"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtk-sd: Prevent memory corruption from DMA map failure\n\nIf msdc_prepare_data() fails to map the DMA region, the request is\nnot prepared for data receiving, but msdc_start_data() proceeds\nthe DMA with previous setting.\nSince this will lead a memory corruption, we have to stop the\nrequest operation soon after the msdc_prepare_data() fails to\nprepare it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38401",
"url": "https://www.suse.com/security/cve/CVE-2025-38401"
},
{
"category": "external",
"summary": "SUSE Bug 1247125 for CVE-2025-38401",
"url": "https://bugzilla.suse.com/1247125"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38401"
},
{
"cve": "CVE-2025-38402",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38402"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: return 0 size for RSS key if not supported\n\nReturning -EOPNOTSUPP from function returning u32 is leading to\ncast and invalid size value as a result.\n\n-EOPNOTSUPP as a size probably will lead to allocation fail.\n\nCommand: ethtool -x eth0\nIt is visible on all devices that don\u0027t have RSS caps set.\n\n[ 136.615917] Call Trace:\n[ 136.615921] \u003cTASK\u003e\n[ 136.615927] ? __warn+0x89/0x130\n[ 136.615942] ? __alloc_frozen_pages_noprof+0x322/0x330\n[ 136.615953] ? report_bug+0x164/0x190\n[ 136.615968] ? handle_bug+0x58/0x90\n[ 136.615979] ? exc_invalid_op+0x17/0x70\n[ 136.615987] ? asm_exc_invalid_op+0x1a/0x20\n[ 136.616001] ? rss_prepare_get.constprop.0+0xb9/0x170\n[ 136.616016] ? __alloc_frozen_pages_noprof+0x322/0x330\n[ 136.616028] __alloc_pages_noprof+0xe/0x20\n[ 136.616038] ___kmalloc_large_node+0x80/0x110\n[ 136.616072] __kmalloc_large_node_noprof+0x1d/0xa0\n[ 136.616081] __kmalloc_noprof+0x32c/0x4c0\n[ 136.616098] ? rss_prepare_get.constprop.0+0xb9/0x170\n[ 136.616105] rss_prepare_get.constprop.0+0xb9/0x170\n[ 136.616114] ethnl_default_doit+0x107/0x3d0\n[ 136.616131] genl_family_rcv_msg_doit+0x100/0x160\n[ 136.616147] genl_rcv_msg+0x1b8/0x2c0\n[ 136.616156] ? __pfx_ethnl_default_doit+0x10/0x10\n[ 136.616168] ? __pfx_genl_rcv_msg+0x10/0x10\n[ 136.616176] netlink_rcv_skb+0x58/0x110\n[ 136.616186] genl_rcv+0x28/0x40\n[ 136.616195] netlink_unicast+0x19b/0x290\n[ 136.616206] netlink_sendmsg+0x222/0x490\n[ 136.616215] __sys_sendto+0x1fd/0x210\n[ 136.616233] __x64_sys_sendto+0x24/0x30\n[ 136.616242] do_syscall_64+0x82/0x160\n[ 136.616252] ? __sys_recvmsg+0x83/0xe0\n[ 136.616265] ? syscall_exit_to_user_mode+0x10/0x210\n[ 136.616275] ? do_syscall_64+0x8e/0x160\n[ 136.616282] ? __count_memcg_events+0xa1/0x130\n[ 136.616295] ? count_memcg_events.constprop.0+0x1a/0x30\n[ 136.616306] ? handle_mm_fault+0xae/0x2d0\n[ 136.616319] ? do_user_addr_fault+0x379/0x670\n[ 136.616328] ? clear_bhb_loop+0x45/0xa0\n[ 136.616340] ? clear_bhb_loop+0x45/0xa0\n[ 136.616349] ? clear_bhb_loop+0x45/0xa0\n[ 136.616359] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 136.616369] RIP: 0033:0x7fd30ba7b047\n[ 136.616376] Code: 0c 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 80 3d bd d5 0c 00 00 41 89 ca 74 10 b8 2c 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 71 c3 55 48 83 ec 30 44 89 4c 24 2c 4c 89 44\n[ 136.616381] RSP: 002b:00007ffde1796d68 EFLAGS: 00000202 ORIG_RAX: 000000000000002c\n[ 136.616388] RAX: ffffffffffffffda RBX: 000055d7bd89f2a0 RCX: 00007fd30ba7b047\n[ 136.616392] RDX: 0000000000000028 RSI: 000055d7bd89f3b0 RDI: 0000000000000003\n[ 136.616396] RBP: 00007ffde1796e10 R08: 00007fd30bb4e200 R09: 000000000000000c\n[ 136.616399] R10: 0000000000000000 R11: 0000000000000202 R12: 000055d7bd89f340\n[ 136.616403] R13: 000055d7bd89f3b0 R14: 000055d78943f200 R15: 0000000000000000",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38402",
"url": "https://www.suse.com/security/cve/CVE-2025-38402"
},
{
"category": "external",
"summary": "SUSE Bug 1247262 for CVE-2025-38402",
"url": "https://bugzilla.suse.com/1247262"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38402"
},
{
"cve": "CVE-2025-38403",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38403"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/vmci: Clear the vmci transport packet properly when initializing it\n\nIn vmci_transport_packet_init memset the vmci_transport_packet before\npopulating the fields to avoid any uninitialised data being left in the\nstructure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38403",
"url": "https://www.suse.com/security/cve/CVE-2025-38403"
},
{
"category": "external",
"summary": "SUSE Bug 1247141 for CVE-2025-38403",
"url": "https://bugzilla.suse.com/1247141"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38403"
},
{
"cve": "CVE-2025-38404",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38404"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: displayport: Fix potential deadlock\n\nThe deadlock can occur due to a recursive lock acquisition of\n`cros_typec_altmode_data::mutex`.\nThe call chain is as follows:\n1. cros_typec_altmode_work() acquires the mutex\n2. typec_altmode_vdm() -\u003e dp_altmode_vdm() -\u003e\n3. typec_altmode_exit() -\u003e cros_typec_altmode_exit()\n4. cros_typec_altmode_exit() attempts to acquire the mutex again\n\nTo prevent this, defer the `typec_altmode_exit()` call by scheduling\nit rather than calling it directly from within the mutex-protected\ncontext.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38404",
"url": "https://www.suse.com/security/cve/CVE-2025-38404"
},
{
"category": "external",
"summary": "SUSE Bug 1247271 for CVE-2025-38404",
"url": "https://bugzilla.suse.com/1247271"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38404"
},
{
"cve": "CVE-2025-38405",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38405"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: fix memory leak of bio integrity\n\nIf nvmet receives commands with metadata there is a continuous memory\nleak of kmalloc-128 slab or more precisely bio-\u003ebi_integrity.\n\nSince commit bf4c89fc8797 (\"block: don\u0027t call bio_uninit from bio_endio\")\neach user of bio_init has to use bio_uninit as well. Otherwise the bio\nintegrity is not getting free. Nvmet uses bio_init for inline bios.\n\nUninit the inline bio to complete deallocation of integrity in bio.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38405",
"url": "https://www.suse.com/security/cve/CVE-2025-38405"
},
{
"category": "external",
"summary": "SUSE Bug 1247270 for CVE-2025-38405",
"url": "https://bugzilla.suse.com/1247270"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "low"
}
],
"title": "CVE-2025-38405"
},
{
"cve": "CVE-2025-38406",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38406"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath6kl: remove WARN on bad firmware input\n\nIf the firmware gives bad input, that\u0027s nothing to do with\nthe driver\u0027s stack at this point etc., so the WARN_ON()\ndoesn\u0027t add any value. Additionally, this is one of the\ntop syzbot reports now. Just print a message, and as an\nadded bonus, print the sizes too.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38406",
"url": "https://www.suse.com/security/cve/CVE-2025-38406"
},
{
"category": "external",
"summary": "SUSE Bug 1247210 for CVE-2025-38406",
"url": "https://bugzilla.suse.com/1247210"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38406"
},
{
"cve": "CVE-2025-38408",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38408"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngenirq/irq_sim: Initialize work context pointers properly\n\nInitialize `ops` member\u0027s pointers properly by using kzalloc() instead of\nkmalloc() when allocating the simulation work context. Otherwise the\npointers contain random content leading to invalid dereferencing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38408",
"url": "https://www.suse.com/security/cve/CVE-2025-38408"
},
{
"category": "external",
"summary": "SUSE Bug 1247126 for CVE-2025-38408",
"url": "https://bugzilla.suse.com/1247126"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38408"
},
{
"cve": "CVE-2025-38409",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38409"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: Fix another leak in the submit error path\n\nput_unused_fd() doesn\u0027t free the installed file, if we\u0027ve already done\nfd_install(). So we need to also free the sync_file.\n\nPatchwork: https://patchwork.freedesktop.org/patch/653583/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38409",
"url": "https://www.suse.com/security/cve/CVE-2025-38409"
},
{
"category": "external",
"summary": "SUSE Bug 1247285 for CVE-2025-38409",
"url": "https://bugzilla.suse.com/1247285"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "low"
}
],
"title": "CVE-2025-38409"
},
{
"cve": "CVE-2025-38410",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38410"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: Fix a fence leak in submit error path\n\nIn error paths, we could unref the submit without calling\ndrm_sched_entity_push_job(), so msm_job_free() will never get\ncalled. Since drm_sched_job_cleanup() will NULL out the\ns_fence, we can use that to detect this case.\n\nPatchwork: https://patchwork.freedesktop.org/patch/653584/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38410",
"url": "https://www.suse.com/security/cve/CVE-2025-38410"
},
{
"category": "external",
"summary": "SUSE Bug 1247128 for CVE-2025-38410",
"url": "https://bugzilla.suse.com/1247128"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38410"
},
{
"cve": "CVE-2025-38412",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38412"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks\n\nAfter retrieving WMI data blocks in sysfs callbacks, check for the\nvalidity of them before dereferencing their content.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38412",
"url": "https://www.suse.com/security/cve/CVE-2025-38412"
},
{
"category": "external",
"summary": "SUSE Bug 1247132 for CVE-2025-38412",
"url": "https://bugzilla.suse.com/1247132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38412"
},
{
"cve": "CVE-2025-38413",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38413"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-net: xsk: rx: fix the frame\u0027s length check\n\nWhen calling buf_to_xdp, the len argument is the frame data\u0027s length\nwithout virtio header\u0027s length (vi-\u003ehdr_len). We check that len with\n\n\txsk_pool_get_rx_frame_size() + vi-\u003ehdr_len\n\nto ensure the provided len does not larger than the allocated chunk\nsize. The additional vi-\u003ehdr_len is because in virtnet_add_recvbuf_xsk,\nwe use part of XDP_PACKET_HEADROOM for virtio header and ask the vhost\nto start placing data from\n\n\thard_start + XDP_PACKET_HEADROOM - vi-\u003ehdr_len\nnot\n\thard_start + XDP_PACKET_HEADROOM\n\nBut the first buffer has virtio_header, so the maximum frame\u0027s length in\nthe first buffer can only be\n\n\txsk_pool_get_rx_frame_size()\nnot\n\txsk_pool_get_rx_frame_size() + vi-\u003ehdr_len\n\nlike in the current check.\n\nThis commit adds an additional argument to buf_to_xdp differentiate\nbetween the first buffer and other ones to correctly calculate the maximum\nframe\u0027s length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38413",
"url": "https://www.suse.com/security/cve/CVE-2025-38413"
},
{
"category": "external",
"summary": "SUSE Bug 1247131 for CVE-2025-38413",
"url": "https://bugzilla.suse.com/1247131"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38413"
},
{
"cve": "CVE-2025-38414",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38414"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850\n\nGCC_GCC_PCIE_HOT_RST is wrongly defined for WCN7850, causing kernel crash\non some specific platforms.\n\nSince this register is divergent for WCN7850 and QCN9274, move it to\nregister table to allow different definitions. Then correct the register\naddress for WCN7850 to fix this issue.\n\nNote IPQ5332 is not affected as it is not PCIe based device.\n\nTested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38414",
"url": "https://www.suse.com/security/cve/CVE-2025-38414"
},
{
"category": "external",
"summary": "SUSE Bug 1247145 for CVE-2025-38414",
"url": "https://bugzilla.suse.com/1247145"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38414"
},
{
"cve": "CVE-2025-38415",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38415"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nSquashfs: check return result of sb_min_blocksize\n\nSyzkaller reports an \"UBSAN: shift-out-of-bounds in squashfs_bio_read\" bug.\n\nSyzkaller forks multiple processes which after mounting the Squashfs\nfilesystem, issues an ioctl(\"/dev/loop0\", LOOP_SET_BLOCK_SIZE, 0x8000). \nNow if this ioctl occurs at the same time another process is in the\nprocess of mounting a Squashfs filesystem on /dev/loop0, the failure\noccurs. When this happens the following code in squashfs_fill_super()\nfails.\n\n----\nmsblk-\u003edevblksize = sb_min_blocksize(sb, SQUASHFS_DEVBLK_SIZE);\nmsblk-\u003edevblksize_log2 = ffz(~msblk-\u003edevblksize);\n----\n\nsb_min_blocksize() returns 0, which means msblk-\u003edevblksize is set to 0.\n\nAs a result, ffz(~msblk-\u003edevblksize) returns 64, and msblk-\u003edevblksize_log2\nis set to 64.\n\nThis subsequently causes the\n\nUBSAN: shift-out-of-bounds in fs/squashfs/block.c:195:36\nshift exponent 64 is too large for 64-bit type \u0027u64\u0027 (aka\n\u0027unsigned long long\u0027)\n\nThis commit adds a check for a 0 return by sb_min_blocksize().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38415",
"url": "https://www.suse.com/security/cve/CVE-2025-38415"
},
{
"category": "external",
"summary": "SUSE Bug 1247147 for CVE-2025-38415",
"url": "https://bugzilla.suse.com/1247147"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38415"
},
{
"cve": "CVE-2025-38416",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38416"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFC: nci: uart: Set tty-\u003edisc_data only in success path\n\nSetting tty-\u003edisc_data before opening the NCI device means we need to\nclean it up on error paths. This also opens some short window if device\nstarts sending data, even before NCIUARTSETDRIVER IOCTL succeeded\n(broken hardware?). Close the window by exposing tty-\u003edisc_data only on\nthe success path, when opening of the NCI device and try_module_get()\nsucceeds.\n\nThe code differs in error path in one aspect: tty-\u003edisc_data won\u0027t be\never assigned thus NULL-ified. This however should not be relevant\ndifference, because of \"tty-\u003edisc_data=NULL\" in nci_uart_tty_open().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38416",
"url": "https://www.suse.com/security/cve/CVE-2025-38416"
},
{
"category": "external",
"summary": "SUSE Bug 1247151 for CVE-2025-38416",
"url": "https://bugzilla.suse.com/1247151"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38416"
},
{
"cve": "CVE-2025-38417",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38417"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix eswitch code memory leak in reset scenario\n\nAdd simple eswitch mode checker in attaching VF procedure and allocate\nrequired port representor memory structures only in switchdev mode.\nThe reset flows triggers VF (if present) detach/attach procedure.\nIt might involve VF port representor(s) re-creation if the device is\nconfigured is switchdev mode (not legacy one).\nThe memory was blindly allocated in current implementation,\nregardless of the mode and not freed if in legacy mode.\n\nKmemeleak trace:\nunreferenced object (percpu) 0x7e3bce5b888458 (size 40):\n comm \"bash\", pid 1784, jiffies 4295743894\n hex dump (first 32 bytes on cpu 45):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc 0):\n pcpu_alloc_noprof+0x4c4/0x7c0\n ice_repr_create+0x66/0x130 [ice]\n ice_repr_create_vf+0x22/0x70 [ice]\n ice_eswitch_attach_vf+0x1b/0xa0 [ice]\n ice_reset_all_vfs+0x1dd/0x2f0 [ice]\n ice_pci_err_resume+0x3b/0xb0 [ice]\n pci_reset_function+0x8f/0x120\n reset_store+0x56/0xa0\n kernfs_fop_write_iter+0x120/0x1b0\n vfs_write+0x31c/0x430\n ksys_write+0x61/0xd0\n do_syscall_64+0x5b/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nTesting hints (ethX is PF netdev):\n- create at least one VF\n echo 1 \u003e /sys/class/net/ethX/device/sriov_numvfs\n- trigger the reset\n echo 1 \u003e /sys/class/net/ethX/device/reset",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38417",
"url": "https://www.suse.com/security/cve/CVE-2025-38417"
},
{
"category": "external",
"summary": "SUSE Bug 1247282 for CVE-2025-38417",
"url": "https://bugzilla.suse.com/1247282"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "low"
}
],
"title": "CVE-2025-38417"
},
{
"cve": "CVE-2025-38418",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38418"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: core: Release rproc-\u003eclean_table after rproc_attach() fails\n\nWhen rproc-\u003estate = RPROC_DETACHED is attached to remote processor\nthrough rproc_attach(), if rproc_handle_resources() returns failure,\nthen the clean table should be released, otherwise the following\nmemory leak will occur.\n\nunreferenced object 0xffff000086a99800 (size 1024):\ncomm \"kworker/u12:3\", pid 59, jiffies 4294893670 (age 121.140s)\nhex dump (first 32 bytes):\n00 00 00 00 00 80 00 00 00 00 00 00 00 00 10 00 ............\n00 00 00 00 00 00 08 00 00 00 00 00 00 00 00 00 ............\nbacktrace:\n [\u003c000000008bbe4ca8\u003e] slab_post_alloc_hook+0x98/0x3fc\n [\u003c000000003b8a272b\u003e] __kmem_cache_alloc_node+0x13c/0x230\n [\u003c000000007a507c51\u003e] __kmalloc_node_track_caller+0x5c/0x260\n [\u003c0000000037818dae\u003e] kmemdup+0x34/0x60\n [\u003c00000000610f7f57\u003e] rproc_boot+0x35c/0x56c\n [\u003c0000000065f8871a\u003e] rproc_add+0x124/0x17c\n [\u003c00000000497416ee\u003e] imx_rproc_probe+0x4ec/0x5d4\n [\u003c000000003bcaa37d\u003e] platform_probe+0x68/0xd8\n [\u003c00000000771577f9\u003e] really_probe+0x110/0x27c\n [\u003c00000000531fea59\u003e] __driver_probe_device+0x78/0x12c\n [\u003c0000000080036a04\u003e] driver_probe_device+0x3c/0x118\n [\u003c000000007e0bddcb\u003e] __device_attach_driver+0xb8/0xf8\n [\u003c000000000cf1fa33\u003e] bus_for_each_drv+0x84/0xe4\n [\u003c000000001a53b53e\u003e] __device_attach+0xfc/0x18c\n [\u003c00000000d1a2a32c\u003e] device_initial_probe+0x14/0x20\n [\u003c00000000d8f8b7ae\u003e] bus_probe_device+0xb0/0xb4\n unreferenced object 0xffff0000864c9690 (size 16):",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38418",
"url": "https://www.suse.com/security/cve/CVE-2025-38418"
},
{
"category": "external",
"summary": "SUSE Bug 1247137 for CVE-2025-38418",
"url": "https://bugzilla.suse.com/1247137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38418"
},
{
"cve": "CVE-2025-38419",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38419"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach()\n\nWhen rproc-\u003estate = RPROC_DETACHED and rproc_attach() is used\nto attach to the remote processor, if rproc_handle_resources()\nreturns a failure, the resources allocated by imx_rproc_prepare()\nshould be released, otherwise the following memory leak will occur.\n\nSince almost the same thing is done in imx_rproc_prepare() and\nrproc_resource_cleanup(), Function rproc_resource_cleanup() is able\nto deal with empty lists so it is better to fix the \"goto\" statements\nin rproc_attach(). replace the \"unprepare_device\" goto statement with\n\"clean_up_resources\" and get rid of the \"unprepare_device\" label.\n\nunreferenced object 0xffff0000861c5d00 (size 128):\ncomm \"kworker/u12:3\", pid 59, jiffies 4294893509 (age 149.220s)\nhex dump (first 32 bytes):\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n00 00 02 88 00 00 00 00 00 00 10 00 00 00 00 00 ............\nbacktrace:\n [\u003c00000000f949fe18\u003e] slab_post_alloc_hook+0x98/0x37c\n [\u003c00000000adbfb3e7\u003e] __kmem_cache_alloc_node+0x138/0x2e0\n [\u003c00000000521c0345\u003e] kmalloc_trace+0x40/0x158\n [\u003c000000004e330a49\u003e] rproc_mem_entry_init+0x60/0xf8\n [\u003c000000002815755e\u003e] imx_rproc_prepare+0xe0/0x180\n [\u003c0000000003f61b4e\u003e] rproc_boot+0x2ec/0x528\n [\u003c00000000e7e994ac\u003e] rproc_add+0x124/0x17c\n [\u003c0000000048594076\u003e] imx_rproc_probe+0x4ec/0x5d4\n [\u003c00000000efc298a1\u003e] platform_probe+0x68/0xd8\n [\u003c00000000110be6fe\u003e] really_probe+0x110/0x27c\n [\u003c00000000e245c0ae\u003e] __driver_probe_device+0x78/0x12c\n [\u003c00000000f61f6f5e\u003e] driver_probe_device+0x3c/0x118\n [\u003c00000000a7874938\u003e] __device_attach_driver+0xb8/0xf8\n [\u003c0000000065319e69\u003e] bus_for_each_drv+0x84/0xe4\n [\u003c00000000db3eb243\u003e] __device_attach+0xfc/0x18c\n [\u003c0000000072e4e1a4\u003e] device_initial_probe+0x14/0x20",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38419",
"url": "https://www.suse.com/security/cve/CVE-2025-38419"
},
{
"category": "external",
"summary": "SUSE Bug 1247136 for CVE-2025-38419",
"url": "https://bugzilla.suse.com/1247136"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38419"
},
{
"cve": "CVE-2025-38420",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38420"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: carl9170: do not ping device which has failed to load firmware\n\nSyzkaller reports [1, 2] crashes caused by an attempts to ping\nthe device which has failed to load firmware. Since such a device\ndoesn\u0027t pass \u0027ieee80211_register_hw()\u0027, an internal workqueue\nmanaged by \u0027ieee80211_queue_work()\u0027 is not yet created and an\nattempt to queue work on it causes null-ptr-deref.\n\n[1] https://syzkaller.appspot.com/bug?extid=9a4aec827829942045ff\n[2] https://syzkaller.appspot.com/bug?extid=0d8afba53e8fb2633217",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38420",
"url": "https://www.suse.com/security/cve/CVE-2025-38420"
},
{
"category": "external",
"summary": "SUSE Bug 1247279 for CVE-2025-38420",
"url": "https://bugzilla.suse.com/1247279"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38420"
},
{
"cve": "CVE-2025-38421",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38421"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86/amd: pmf: Use device managed allocations\n\nIf setting up smart PC fails for any reason then this can lead to\na double free when unloading amd-pmf. This is because dev-\u003ebuf was\nfreed but never set to NULL and is again freed in amd_pmf_remove().\n\nTo avoid subtle allocation bugs in failures leading to a double free\nchange all allocations into device managed allocations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38421",
"url": "https://www.suse.com/security/cve/CVE-2025-38421"
},
{
"category": "external",
"summary": "SUSE Bug 1247130 for CVE-2025-38421",
"url": "https://bugzilla.suse.com/1247130"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38421"
},
{
"cve": "CVE-2025-38424",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38424"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix sample vs do_exit()\n\nBaisheng Gao reported an ARM64 crash, which Mark decoded as being a\nsynchronous external abort -- most likely due to trying to access\nMMIO in bad ways.\n\nThe crash further shows perf trying to do a user stack sample while in\nexit_mmap()\u0027s tlb_finish_mmu() -- i.e. while tearing down the address\nspace it is trying to access.\n\nIt turns out that we stop perf after we tear down the userspace mm; a\nreceipie for disaster, since perf likes to access userspace for\nvarious reasons.\n\nFlip this order by moving up where we stop perf in do_exit().\n\nAdditionally, harden PERF_SAMPLE_CALLCHAIN and PERF_SAMPLE_STACK_USER\nto abort when the current task does not have an mm (exit_mm() makes\nsure to set current-\u003emm = NULL; before commencing with the actual\nteardown). Such that CPU wide events don\u0027t trip on this same problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38424",
"url": "https://www.suse.com/security/cve/CVE-2025-38424"
},
{
"category": "external",
"summary": "SUSE Bug 1247293 for CVE-2025-38424",
"url": "https://bugzilla.suse.com/1247293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38424"
},
{
"cve": "CVE-2025-38425",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38425"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: tegra: check msg length in SMBUS block read\n\nFor SMBUS block read, do not continue to read if the message length\npassed from the device is \u00270\u0027 or greater than the maximum allowed bytes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38425",
"url": "https://www.suse.com/security/cve/CVE-2025-38425"
},
{
"category": "external",
"summary": "SUSE Bug 1247251 for CVE-2025-38425",
"url": "https://bugzilla.suse.com/1247251"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38425"
},
{
"cve": "CVE-2025-38426",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38426"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Add basic validation for RAS header\n\nIf RAS header read from EEPROM is corrupted, it could result in trying\nto allocate huge memory for reading the records. Add some validation to\nheader fields.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38426",
"url": "https://www.suse.com/security/cve/CVE-2025-38426"
},
{
"category": "external",
"summary": "SUSE Bug 1247252 for CVE-2025-38426",
"url": "https://bugzilla.suse.com/1247252"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38426"
},
{
"cve": "CVE-2025-38427",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38427"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvideo: screen_info: Relocate framebuffers behind PCI bridges\n\nApply PCI host-bridge window offsets to screen_info framebuffers. Fixes\ninvalid access to I/O memory.\n\nResources behind a PCI host bridge can be relocated by a certain offset\nin the kernel\u0027s CPU address range used for I/O. The framebuffer memory\nrange stored in screen_info refers to the CPU addresses as seen during\nboot (where the offset is 0). During boot up, firmware may assign a\ndifferent memory offset to the PCI host bridge and thereby relocating\nthe framebuffer address of the PCI graphics device as seen by the kernel.\nThe information in screen_info must be updated as well.\n\nThe helper pcibios_bus_to_resource() performs the relocation of the\nscreen_info\u0027s framebuffer resource (given in PCI bus addresses). The\nresult matches the I/O-memory resource of the PCI graphics device (given\nin CPU addresses). As before, we store away the information necessary to\nlater update the information in screen_info itself.\n\nCommit 78aa89d1dfba (\"firmware/sysfb: Update screen_info for relocated\nEFI framebuffers\") added the code for updating screen_info. It is based\non similar functionality that pre-existed in efifb. Efifb uses a pointer\nto the PCI resource, while the newer code does a memcpy of the region.\nHence efifb sees any updates to the PCI resource and avoids the issue.\n\nv3:\n- Only use struct pci_bus_region for PCI bus addresses (Bjorn)\n- Clarify address semantics in commit messages and comments (Bjorn)\nv2:\n- Fixed tags (Takashi, Ivan)\n- Updated information on efifb",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38427",
"url": "https://www.suse.com/security/cve/CVE-2025-38427"
},
{
"category": "external",
"summary": "SUSE Bug 1247152 for CVE-2025-38427",
"url": "https://bugzilla.suse.com/1247152"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38427"
},
{
"cve": "CVE-2025-38428",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38428"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: ims-pcu - check record size in ims_pcu_flash_firmware()\n\nThe \"len\" variable comes from the firmware and we generally do\ntrust firmware, but it\u0027s always better to double check. If the \"len\"\nis too large it could result in memory corruption when we do\n\"memcpy(fragment-\u003edata, rec-\u003edata, len);\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38428",
"url": "https://www.suse.com/security/cve/CVE-2025-38428"
},
{
"category": "external",
"summary": "SUSE Bug 1247150 for CVE-2025-38428",
"url": "https://bugzilla.suse.com/1247150"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38428"
},
{
"cve": "CVE-2025-38429",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38429"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: mhi: ep: Update read pointer only after buffer is written\n\nInside mhi_ep_ring_add_element, the read pointer (rd_offset) is updated\nbefore the buffer is written, potentially causing race conditions where\nthe host sees an updated read pointer before the buffer is actually\nwritten. Updating rd_offset prematurely can lead to the host accessing\nan uninitialized or incomplete element, resulting in data corruption.\n\nInvoke the buffer write before updating rd_offset to ensure the element\nis fully written before signaling its availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38429",
"url": "https://www.suse.com/security/cve/CVE-2025-38429"
},
{
"category": "external",
"summary": "SUSE Bug 1247253 for CVE-2025-38429",
"url": "https://bugzilla.suse.com/1247253"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38429"
},
{
"cve": "CVE-2025-38430",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38430"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: nfsd4_spo_must_allow() must check this is a v4 compound request\n\nIf the request being processed is not a v4 compound request, then\nexamining the cstate can have undefined results.\n\nThis patch adds a check that the rpc procedure being executed\n(rq_procinfo) is the NFSPROC4_COMPOUND procedure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38430",
"url": "https://www.suse.com/security/cve/CVE-2025-38430"
},
{
"category": "external",
"summary": "SUSE Bug 1247160 for CVE-2025-38430",
"url": "https://bugzilla.suse.com/1247160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38430"
},
{
"cve": "CVE-2025-38436",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38436"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/scheduler: signal scheduled fence when kill job\n\nWhen an entity from application B is killed, drm_sched_entity_kill()\nremoves all jobs belonging to that entity through\ndrm_sched_entity_kill_jobs_work(). If application A\u0027s job depends on a\nscheduled fence from application B\u0027s job, and that fence is not properly\nsignaled during the killing process, application A\u0027s dependency cannot be\ncleared.\n\nThis leads to application A hanging indefinitely while waiting for a\ndependency that will never be resolved. Fix this issue by ensuring that\nscheduled fences are properly signaled when an entity is killed, allowing\ndependent applications to continue execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38436",
"url": "https://www.suse.com/security/cve/CVE-2025-38436"
},
{
"category": "external",
"summary": "SUSE Bug 1247227 for CVE-2025-38436",
"url": "https://bugzilla.suse.com/1247227"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38436"
},
{
"cve": "CVE-2025-38438",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38438"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak.\n\nsof_pdata-\u003etplg_filename can have address allocated by kstrdup()\nand can be overwritten. Memory leak was detected with kmemleak:\n\nunreferenced object 0xffff88812391ff60 (size 16):\n comm \"kworker/4:1\", pid 161, jiffies 4294802931\n hex dump (first 16 bytes):\n 73 6f 66 2d 68 64 61 2d 67 65 6e 65 72 69 63 00 sof-hda-generic.\n backtrace (crc 4bf1675c):\n __kmalloc_node_track_caller_noprof+0x49c/0x6b0\n kstrdup+0x46/0xc0\n hda_machine_select.cold+0x1de/0x12cf [snd_sof_intel_hda_generic]\n sof_init_environment+0x16f/0xb50 [snd_sof]\n sof_probe_continue+0x45/0x7c0 [snd_sof]\n sof_probe_work+0x1e/0x40 [snd_sof]\n process_one_work+0x894/0x14b0\n worker_thread+0x5e5/0xfb0\n kthread+0x39d/0x760\n ret_from_fork+0x31/0x70\n ret_from_fork_asm+0x1a/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38438",
"url": "https://www.suse.com/security/cve/CVE-2025-38438"
},
{
"category": "external",
"summary": "SUSE Bug 1247157 for CVE-2025-38438",
"url": "https://bugzilla.suse.com/1247157"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38438"
},
{
"cve": "CVE-2025-38439",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38439"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Set DMA unmap len correctly for XDP_REDIRECT\n\nWhen transmitting an XDP_REDIRECT packet, call dma_unmap_len_set()\nwith the proper length instead of 0. This bug triggers this warning\non a system with IOMMU enabled:\n\nWARNING: CPU: 36 PID: 0 at drivers/iommu/dma-iommu.c:842 __iommu_dma_unmap+0x159/0x170\nRIP: 0010:__iommu_dma_unmap+0x159/0x170\nCode: a8 00 00 00 00 48 c7 45 b0 00 00 00 00 48 c7 45 c8 00 00 00 00 48 c7 45 a0 ff ff ff ff 4c 89 45\nb8 4c 89 45 c0 e9 77 ff ff ff \u003c0f\u003e 0b e9 60 ff ff ff e8 8b bf 6a 00 66 66 2e 0f 1f 84 00 00 00 00\nRSP: 0018:ff22d31181150c88 EFLAGS: 00010206\nRAX: 0000000000002000 RBX: 00000000e13a0000 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ff22d31181150cf0 R08: ff22d31181150ca8 R09: 0000000000000000\nR10: 0000000000000000 R11: ff22d311d36c9d80 R12: 0000000000001000\nR13: ff13544d10645010 R14: ff22d31181150c90 R15: ff13544d0b2bac00\nFS: 0000000000000000(0000) GS:ff13550908a00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00005be909dacff8 CR3: 0008000173408003 CR4: 0000000000f71ef0\nPKRU: 55555554\nCall Trace:\n\u003cIRQ\u003e\n? show_regs+0x6d/0x80\n? __warn+0x89/0x160\n? __iommu_dma_unmap+0x159/0x170\n? report_bug+0x17e/0x1b0\n? handle_bug+0x46/0x90\n? exc_invalid_op+0x18/0x80\n? asm_exc_invalid_op+0x1b/0x20\n? __iommu_dma_unmap+0x159/0x170\n? __iommu_dma_unmap+0xb3/0x170\niommu_dma_unmap_page+0x4f/0x100\ndma_unmap_page_attrs+0x52/0x220\n? srso_alias_return_thunk+0x5/0xfbef5\n? xdp_return_frame+0x2e/0xd0\nbnxt_tx_int_xdp+0xdf/0x440 [bnxt_en]\n__bnxt_poll_work_done+0x81/0x1e0 [bnxt_en]\nbnxt_poll+0xd3/0x1e0 [bnxt_en]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38439",
"url": "https://www.suse.com/security/cve/CVE-2025-38439"
},
{
"category": "external",
"summary": "SUSE Bug 1247155 for CVE-2025-38439",
"url": "https://bugzilla.suse.com/1247155"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "low"
}
],
"title": "CVE-2025-38439"
},
{
"cve": "CVE-2025-38440",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38440"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix race between DIM disable and net_dim()\n\nThere\u0027s a race between disabling DIM and NAPI callbacks using the dim\npointer on the RQ or SQ.\n\nIf NAPI checks the DIM state bit and sees it still set, it assumes\n`rq-\u003edim` or `sq-\u003edim` is valid. But if DIM gets disabled right after\nthat check, the pointer might already be set to NULL, leading to a NULL\npointer dereference in net_dim().\n\nFix this by calling `synchronize_net()` before freeing the DIM context.\nThis ensures all in-progress NAPI callbacks are finished before the\npointer is cleared.\n\nKernel log:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n...\nRIP: 0010:net_dim+0x23/0x190\n...\nCall Trace:\n \u003cTASK\u003e\n ? __die+0x20/0x60\n ? page_fault_oops+0x150/0x3e0\n ? common_interrupt+0xf/0xa0\n ? sysvec_call_function_single+0xb/0x90\n ? exc_page_fault+0x74/0x130\n ? asm_exc_page_fault+0x22/0x30\n ? net_dim+0x23/0x190\n ? mlx5e_poll_ico_cq+0x41/0x6f0 [mlx5_core]\n ? sysvec_apic_timer_interrupt+0xb/0x90\n mlx5e_handle_rx_dim+0x92/0xd0 [mlx5_core]\n mlx5e_napi_poll+0x2cd/0xac0 [mlx5_core]\n ? mlx5e_poll_ico_cq+0xe5/0x6f0 [mlx5_core]\n busy_poll_stop+0xa2/0x200\n ? mlx5e_napi_poll+0x1d9/0xac0 [mlx5_core]\n ? mlx5e_trigger_irq+0x130/0x130 [mlx5_core]\n __napi_busy_loop+0x345/0x3b0\n ? sysvec_call_function_single+0xb/0x90\n ? asm_sysvec_call_function_single+0x16/0x20\n ? sysvec_apic_timer_interrupt+0xb/0x90\n ? pcpu_free_area+0x1e4/0x2e0\n napi_busy_loop+0x11/0x20\n xsk_recvmsg+0x10c/0x130\n sock_recvmsg+0x44/0x70\n __sys_recvfrom+0xbc/0x130\n ? __schedule+0x398/0x890\n __x64_sys_recvfrom+0x20/0x30\n do_syscall_64+0x4c/0x100\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n...\n---[ end trace 0000000000000000 ]---\n...\n---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38440",
"url": "https://www.suse.com/security/cve/CVE-2025-38440"
},
{
"category": "external",
"summary": "SUSE Bug 1247290 for CVE-2025-38440",
"url": "https://bugzilla.suse.com/1247290"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38440"
},
{
"cve": "CVE-2025-38441",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38441"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto()\n\nsyzbot found a potential access to uninit-value in nf_flow_pppoe_proto()\n\nBlamed commit forgot the Ethernet header.\n\nBUG: KMSAN: uninit-value in nf_flow_offload_inet_hook+0x7e4/0x940 net/netfilter/nf_flow_table_inet.c:27\n nf_flow_offload_inet_hook+0x7e4/0x940 net/netfilter/nf_flow_table_inet.c:27\n nf_hook_entry_hookfn include/linux/netfilter.h:157 [inline]\n nf_hook_slow+0xe1/0x3d0 net/netfilter/core.c:623\n nf_hook_ingress include/linux/netfilter_netdev.h:34 [inline]\n nf_ingress net/core/dev.c:5742 [inline]\n __netif_receive_skb_core+0x4aff/0x70c0 net/core/dev.c:5837\n __netif_receive_skb_one_core net/core/dev.c:5975 [inline]\n __netif_receive_skb+0xcc/0xac0 net/core/dev.c:6090\n netif_receive_skb_internal net/core/dev.c:6176 [inline]\n netif_receive_skb+0x57/0x630 net/core/dev.c:6235\n tun_rx_batched+0x1df/0x980 drivers/net/tun.c:1485\n tun_get_user+0x4ee0/0x6b40 drivers/net/tun.c:1938\n tun_chr_write_iter+0x3e9/0x5c0 drivers/net/tun.c:1984\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0xb4b/0x1580 fs/read_write.c:686\n ksys_write fs/read_write.c:738 [inline]\n __do_sys_write fs/read_write.c:749 [inline]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38441",
"url": "https://www.suse.com/security/cve/CVE-2025-38441"
},
{
"category": "external",
"summary": "SUSE Bug 1247167 for CVE-2025-38441",
"url": "https://bugzilla.suse.com/1247167"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38441"
},
{
"cve": "CVE-2025-38443",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38443"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: fix uaf in nbd_genl_connect() error path\n\nThere is a use-after-free issue in nbd:\n\nblock nbd6: Receive control failed (result -104)\nblock nbd6: shutting down sockets\n==================================================================\nBUG: KASAN: slab-use-after-free in recv_work+0x694/0xa80 drivers/block/nbd.c:1022\nWrite of size 4 at addr ffff8880295de478 by task kworker/u33:0/67\n\nCPU: 2 UID: 0 PID: 67 Comm: kworker/u33:0 Not tainted 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(full)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nWorkqueue: nbd6-recv recv_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xc3/0x670 mm/kasan/report.c:521\n kasan_report+0xe0/0x110 mm/kasan/report.c:634\n check_region_inline mm/kasan/generic.c:183 [inline]\n kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189\n instrument_atomic_read_write include/linux/instrumented.h:96 [inline]\n atomic_dec include/linux/atomic/atomic-instrumented.h:592 [inline]\n recv_work+0x694/0xa80 drivers/block/nbd.c:1022\n process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238\n process_scheduled_works kernel/workqueue.c:3319 [inline]\n worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400\n kthread+0x3c2/0x780 kernel/kthread.c:464\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nnbd_genl_connect() does not properly stop the device on certain\nerror paths after nbd_start_device() has been called. This causes\nthe error path to put nbd-\u003econfig while recv_work continue to use\nthe config after putting it, leading to use-after-free in recv_work.\n\nThis patch moves nbd_start_device() after the backend file creation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38443",
"url": "https://www.suse.com/security/cve/CVE-2025-38443"
},
{
"category": "external",
"summary": "SUSE Bug 1247164 for CVE-2025-38443",
"url": "https://bugzilla.suse.com/1247164"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38443"
},
{
"cve": "CVE-2025-38444",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38444"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nraid10: cleanup memleak at raid10_make_request\n\nIf raid10_read_request or raid10_write_request registers a new\nrequest and the REQ_NOWAIT flag is set, the code does not\nfree the malloc from the mempool.\n\nunreferenced object 0xffff8884802c3200 (size 192):\n comm \"fio\", pid 9197, jiffies 4298078271\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 88 41 02 00 00 00 00 00 .........A......\n 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc c1a049a2):\n __kmalloc+0x2bb/0x450\n mempool_alloc+0x11b/0x320\n raid10_make_request+0x19e/0x650 [raid10]\n md_handle_request+0x3b3/0x9e0\n __submit_bio+0x394/0x560\n __submit_bio_noacct+0x145/0x530\n submit_bio_noacct_nocheck+0x682/0x830\n __blkdev_direct_IO_async+0x4dc/0x6b0\n blkdev_read_iter+0x1e5/0x3b0\n __io_read+0x230/0x1110\n io_read+0x13/0x30\n io_issue_sqe+0x134/0x1180\n io_submit_sqes+0x48c/0xe90\n __do_sys_io_uring_enter+0x574/0x8b0\n do_syscall_64+0x5c/0xe0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nV4: changing backing tree to see if CKI tests will pass.\nThe patch code has not changed between any versions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38444",
"url": "https://www.suse.com/security/cve/CVE-2025-38444"
},
{
"category": "external",
"summary": "SUSE Bug 1247162 for CVE-2025-38444",
"url": "https://bugzilla.suse.com/1247162"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38444"
},
{
"cve": "CVE-2025-38445",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38445"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid1: Fix stack memory use after return in raid1_reshape\n\nIn the raid1_reshape function, newpool is\nallocated on the stack and assigned to conf-\u003er1bio_pool.\nThis results in conf-\u003er1bio_pool.wait.head pointing\nto a stack address.\nAccessing this address later can lead to a kernel panic.\n\nExample access path:\n\nraid1_reshape()\n{\n\t// newpool is on the stack\n\tmempool_t newpool, oldpool;\n\t// initialize newpool.wait.head to stack address\n\tmempool_init(\u0026newpool, ...);\n\tconf-\u003er1bio_pool = newpool;\n}\n\nraid1_read_request() or raid1_write_request()\n{\n\talloc_r1bio()\n\t{\n\t\tmempool_alloc()\n\t\t{\n\t\t\t// if pool-\u003ealloc fails\n\t\t\tremove_element()\n\t\t\t{\n\t\t\t\t--pool-\u003ecurr_nr;\n\t\t\t}\n\t\t}\n\t}\n}\n\nmempool_free()\n{\n\tif (pool-\u003ecurr_nr \u003c pool-\u003emin_nr) {\n\t\t// pool-\u003ewait.head is a stack address\n\t\t// wake_up() will try to access this invalid address\n\t\t// which leads to a kernel panic\n\t\treturn;\n\t\twake_up(\u0026pool-\u003ewait);\n\t}\n}\n\nFix:\nreinit conf-\u003er1bio_pool.wait after assigning newpool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38445",
"url": "https://www.suse.com/security/cve/CVE-2025-38445"
},
{
"category": "external",
"summary": "SUSE Bug 1247229 for CVE-2025-38445",
"url": "https://bugzilla.suse.com/1247229"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38445"
},
{
"cve": "CVE-2025-38446",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38446"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: imx: Fix an out-of-bounds access in dispmix_csr_clk_dev_data\n\nWhen num_parents is 4, __clk_register() occurs an out-of-bounds\nwhen accessing parent_names member. Use ARRAY_SIZE() instead of\nhardcode number here.\n\n BUG: KASAN: global-out-of-bounds in __clk_register+0x1844/0x20d8\n Read of size 8 at addr ffff800086988e78 by task kworker/u24:3/59\n Hardware name: NXP i.MX95 19X19 board (DT)\n Workqueue: events_unbound deferred_probe_work_func\n Call trace:\n dump_backtrace+0x94/0xec\n show_stack+0x18/0x24\n dump_stack_lvl+0x8c/0xcc\n print_report+0x398/0x5fc\n kasan_report+0xd4/0x114\n __asan_report_load8_noabort+0x20/0x2c\n __clk_register+0x1844/0x20d8\n clk_hw_register+0x44/0x110\n __clk_hw_register_mux+0x284/0x3a8\n imx95_bc_probe+0x4f4/0xa70",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38446",
"url": "https://www.suse.com/security/cve/CVE-2025-38446"
},
{
"category": "external",
"summary": "SUSE Bug 1247231 for CVE-2025-38446",
"url": "https://bugzilla.suse.com/1247231"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38446"
},
{
"cve": "CVE-2025-38448",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38448"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: u_serial: Fix race condition in TTY wakeup\n\nA race condition occurs when gs_start_io() calls either gs_start_rx() or\ngs_start_tx(), as those functions briefly drop the port_lock for\nusb_ep_queue(). This allows gs_close() and gserial_disconnect() to clear\nport.tty and port_usb, respectively.\n\nUse the null-safe TTY Port helper function to wake up TTY.\n\nExample\n CPU1:\t\t\t CPU2:\n gserial_connect() // lock\n \t\t\t gs_close() // await lock\n gs_start_rx() // unlock\n usb_ep_queue()\n \t\t\t gs_close() // lock, reset port.tty and unlock\n gs_start_rx() // lock\n tty_wakeup() // NPE",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38448",
"url": "https://www.suse.com/security/cve/CVE-2025-38448"
},
{
"category": "external",
"summary": "SUSE Bug 1247233 for CVE-2025-38448",
"url": "https://bugzilla.suse.com/1247233"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38448"
},
{
"cve": "CVE-2025-38449",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38449"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gem: Acquire references on GEM handles for framebuffers\n\nA GEM handle can be released while the GEM buffer object is attached\nto a DRM framebuffer. This leads to the release of the dma-buf backing\nthe buffer object, if any. [1] Trying to use the framebuffer in further\nmode-setting operations leads to a segmentation fault. Most easily\nhappens with driver that use shadow planes for vmap-ing the dma-buf\nduring a page flip. An example is shown below.\n\n[ 156.791968] ------------[ cut here ]------------\n[ 156.796830] WARNING: CPU: 2 PID: 2255 at drivers/dma-buf/dma-buf.c:1527 dma_buf_vmap+0x224/0x430\n[...]\n[ 156.942028] RIP: 0010:dma_buf_vmap+0x224/0x430\n[ 157.043420] Call Trace:\n[ 157.045898] \u003cTASK\u003e\n[ 157.048030] ? show_trace_log_lvl+0x1af/0x2c0\n[ 157.052436] ? show_trace_log_lvl+0x1af/0x2c0\n[ 157.056836] ? show_trace_log_lvl+0x1af/0x2c0\n[ 157.061253] ? drm_gem_shmem_vmap+0x74/0x710\n[ 157.065567] ? dma_buf_vmap+0x224/0x430\n[ 157.069446] ? __warn.cold+0x58/0xe4\n[ 157.073061] ? dma_buf_vmap+0x224/0x430\n[ 157.077111] ? report_bug+0x1dd/0x390\n[ 157.080842] ? handle_bug+0x5e/0xa0\n[ 157.084389] ? exc_invalid_op+0x14/0x50\n[ 157.088291] ? asm_exc_invalid_op+0x16/0x20\n[ 157.092548] ? dma_buf_vmap+0x224/0x430\n[ 157.096663] ? dma_resv_get_singleton+0x6d/0x230\n[ 157.101341] ? __pfx_dma_buf_vmap+0x10/0x10\n[ 157.105588] ? __pfx_dma_resv_get_singleton+0x10/0x10\n[ 157.110697] drm_gem_shmem_vmap+0x74/0x710\n[ 157.114866] drm_gem_vmap+0xa9/0x1b0\n[ 157.118763] drm_gem_vmap_unlocked+0x46/0xa0\n[ 157.123086] drm_gem_fb_vmap+0xab/0x300\n[ 157.126979] drm_atomic_helper_prepare_planes.part.0+0x487/0xb10\n[ 157.133032] ? lockdep_init_map_type+0x19d/0x880\n[ 157.137701] drm_atomic_helper_commit+0x13d/0x2e0\n[ 157.142671] ? drm_atomic_nonblocking_commit+0xa0/0x180\n[ 157.147988] drm_mode_atomic_ioctl+0x766/0xe40\n[...]\n[ 157.346424] ---[ end trace 0000000000000000 ]---\n\nAcquiring GEM handles for the framebuffer\u0027s GEM buffer objects prevents\nthis from happening. The framebuffer\u0027s cleanup later puts the handle\nreferences.\n\nCommit 1a148af06000 (\"drm/gem-shmem: Use dma_buf from GEM object\ninstance\") triggers the segmentation fault easily by using the dma-buf\nfield more widely. The underlying issue with reference counting has\nbeen present before.\n\nv2:\n- acquire the handle instead of the BO (Christian)\n- fix comment style (Christian)\n- drop the Fixes tag (Christian)\n- rename err_ gotos\n- add missing Link tag",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38449",
"url": "https://www.suse.com/security/cve/CVE-2025-38449"
},
{
"category": "external",
"summary": "SUSE Bug 1247255 for CVE-2025-38449",
"url": "https://bugzilla.suse.com/1247255"
},
{
"category": "external",
"summary": "SUSE Bug 1247258 for CVE-2025-38449",
"url": "https://bugzilla.suse.com/1247258"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38449"
},
{
"cve": "CVE-2025-38450",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38450"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7925: prevent NULL pointer dereference in mt7925_sta_set_decap_offload()\n\nAdd a NULL check for msta-\u003evif before accessing its members to prevent\na kernel panic in AP mode deployment. This also fix the issue reported\nin [1].\n\nThe crash occurs when this function is triggered before the station is\nfully initialized. The call trace shows a page fault at\nmt7925_sta_set_decap_offload() due to accessing resources when msta-\u003evif\nis NULL.\n\nFix this by adding an early return if msta-\u003evif is NULL and also check\nwcid.sta is ready. This ensures we only proceed with decap offload\nconfiguration when the station\u0027s state is properly initialized.\n\n[14739.655703] Unable to handle kernel paging request at virtual address ffffffffffffffa0\n[14739.811820] CPU: 0 UID: 0 PID: 895854 Comm: hostapd Tainted: G\n[14739.821394] Tainted: [C]=CRAP, [O]=OOT_MODULE\n[14739.825746] Hardware name: Raspberry Pi 4 Model B Rev 1.1 (DT)\n[14739.831577] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[14739.838538] pc : mt7925_sta_set_decap_offload+0xc0/0x1b8 [mt7925_common]\n[14739.845271] lr : mt7925_sta_set_decap_offload+0x58/0x1b8 [mt7925_common]\n[14739.851985] sp : ffffffc085efb500\n[14739.855295] x29: ffffffc085efb500 x28: 0000000000000000 x27: ffffff807803a158\n[14739.862436] x26: ffffff8041ececb8 x25: 0000000000000001 x24: 0000000000000001\n[14739.869577] x23: 0000000000000001 x22: 0000000000000008 x21: ffffff8041ecea88\n[14739.876715] x20: ffffff8041c19ca0 x19: ffffff8078031fe0 x18: 0000000000000000\n[14739.883853] x17: 0000000000000000 x16: ffffffe2aeac1110 x15: 000000559da48080\n[14739.890991] x14: 0000000000000001 x13: 0000000000000000 x12: 0000000000000000\n[14739.898130] x11: 0a10020001008e88 x10: 0000000000001a50 x9 : ffffffe26457bfa0\n[14739.905269] x8 : ffffff8042013bb0 x7 : ffffff807fb6cbf8 x6 : dead000000000100\n[14739.912407] x5 : dead000000000122 x4 : ffffff80780326c8 x3 : 0000000000000000\n[14739.919546] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffffff8041ececb8\n[14739.926686] Call trace:\n[14739.929130] mt7925_sta_set_decap_offload+0xc0/0x1b8 [mt7925_common]\n[14739.935505] ieee80211_check_fast_rx+0x19c/0x510 [mac80211]\n[14739.941344] _sta_info_move_state+0xe4/0x510 [mac80211]\n[14739.946860] sta_info_move_state+0x1c/0x30 [mac80211]\n[14739.952116] sta_apply_auth_flags.constprop.0+0x90/0x1b0 [mac80211]\n[14739.958708] sta_apply_parameters+0x234/0x5e0 [mac80211]\n[14739.964332] ieee80211_add_station+0xdc/0x190 [mac80211]\n[14739.969950] nl80211_new_station+0x46c/0x670 [cfg80211]\n[14739.975516] genl_family_rcv_msg_doit+0xdc/0x150\n[14739.980158] genl_rcv_msg+0x218/0x298\n[14739.983830] netlink_rcv_skb+0x64/0x138\n[14739.987670] genl_rcv+0x40/0x60\n[14739.990816] netlink_unicast+0x314/0x380\n[14739.994742] netlink_sendmsg+0x198/0x3f0\n[14739.998664] __sock_sendmsg+0x64/0xc0\n[14740.002324] ____sys_sendmsg+0x260/0x298\n[14740.006242] ___sys_sendmsg+0xb4/0x110",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38450",
"url": "https://www.suse.com/security/cve/CVE-2025-38450"
},
{
"category": "external",
"summary": "SUSE Bug 1247376 for CVE-2025-38450",
"url": "https://bugzilla.suse.com/1247376"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38450"
},
{
"cve": "CVE-2025-38451",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38451"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/md-bitmap: fix GPF in bitmap_get_stats()\n\nThe commit message of commit 6ec1f0239485 (\"md/md-bitmap: fix stats\ncollection for external bitmaps\") states:\n\n Remove the external bitmap check as the statistics should be\n available regardless of bitmap storage location.\n\n Return -EINVAL only for invalid bitmap with no storage (neither in\n superblock nor in external file).\n\nBut, the code does not adhere to the above, as it does only check for\na valid super-block for \"internal\" bitmaps. Hence, we observe:\n\nOops: GPF, probably for non-canonical address 0x1cd66f1f40000028\nRIP: 0010:bitmap_get_stats+0x45/0xd0\nCall Trace:\n\n seq_read_iter+0x2b9/0x46a\n seq_read+0x12f/0x180\n proc_reg_read+0x57/0xb0\n vfs_read+0xf6/0x380\n ksys_read+0x6d/0xf0\n do_syscall_64+0x8c/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nWe fix this by checking the existence of a super-block for both the\ninternal and external case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38451",
"url": "https://www.suse.com/security/cve/CVE-2025-38451"
},
{
"category": "external",
"summary": "SUSE Bug 1247102 for CVE-2025-38451",
"url": "https://bugzilla.suse.com/1247102"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38451"
},
{
"cve": "CVE-2025-38453",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38453"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/msg_ring: ensure io_kiocb freeing is deferred for RCU\n\nsyzbot reports that defer/local task_work adding via msg_ring can hit\na request that has been freed:\n\nCPU: 1 UID: 0 PID: 19356 Comm: iou-wrk-19354 Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xd2/0x2b0 mm/kasan/report.c:521\n kasan_report+0x118/0x150 mm/kasan/report.c:634\n io_req_local_work_add io_uring/io_uring.c:1184 [inline]\n __io_req_task_work_add+0x589/0x950 io_uring/io_uring.c:1252\n io_msg_remote_post io_uring/msg_ring.c:103 [inline]\n io_msg_data_remote io_uring/msg_ring.c:133 [inline]\n __io_msg_ring_data+0x820/0xaa0 io_uring/msg_ring.c:151\n io_msg_ring_data io_uring/msg_ring.c:173 [inline]\n io_msg_ring+0x134/0xa00 io_uring/msg_ring.c:314\n __io_issue_sqe+0x17e/0x4b0 io_uring/io_uring.c:1739\n io_issue_sqe+0x165/0xfd0 io_uring/io_uring.c:1762\n io_wq_submit_work+0x6e9/0xb90 io_uring/io_uring.c:1874\n io_worker_handle_work+0x7cd/0x1180 io_uring/io-wq.c:642\n io_wq_worker+0x42f/0xeb0 io_uring/io-wq.c:696\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nwhich is supposed to be safe with how requests are allocated. But msg\nring requests alloc and free on their own, and hence must defer freeing\nto a sane time.\n\nAdd an rcu_head and use kfree_rcu() in both spots where requests are\nfreed. Only the one in io_msg_tw_complete() is strictly required as it\nhas been visible on the other ring, but use it consistently in the other\nspot as well.\n\nThis should not cause any other issues outside of KASAN rightfully\ncomplaining about it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38453",
"url": "https://www.suse.com/security/cve/CVE-2025-38453"
},
{
"category": "external",
"summary": "SUSE Bug 1247234 for CVE-2025-38453",
"url": "https://bugzilla.suse.com/1247234"
},
{
"category": "external",
"summary": "SUSE Bug 1247737 for CVE-2025-38453",
"url": "https://bugzilla.suse.com/1247737"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38453"
},
{
"cve": "CVE-2025-38454",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38454"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: ad1816a: Fix potential NULL pointer deref in snd_card_ad1816a_pnp()\n\nUse pr_warn() instead of dev_warn() when \u0027pdev\u0027 is NULL to avoid a\npotential NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38454",
"url": "https://www.suse.com/security/cve/CVE-2025-38454"
},
{
"category": "external",
"summary": "SUSE Bug 1247426 for CVE-2025-38454",
"url": "https://bugzilla.suse.com/1247426"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38454"
},
{
"cve": "CVE-2025-38455",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38455"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight\n\nReject migration of SEV{-ES} state if either the source or destination VM\nis actively creating a vCPU, i.e. if kvm_vm_ioctl_create_vcpu() is in the\nsection between incrementing created_vcpus and online_vcpus. The bulk of\nvCPU creation runs _outside_ of kvm-\u003elock to allow creating multiple vCPUs\nin parallel, and so sev_info.es_active can get toggled from false=\u003etrue in\nthe destination VM after (or during) svm_vcpu_create(), resulting in an\nSEV{-ES} VM effectively having a non-SEV{-ES} vCPU.\n\nThe issue manifests most visibly as a crash when trying to free a vCPU\u0027s\nNULL VMSA page in an SEV-ES VM, but any number of things can go wrong.\n\n BUG: unable to handle page fault for address: ffffebde00000000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0000 [#1] SMP KASAN NOPTI\n CPU: 227 UID: 0 PID: 64063 Comm: syz.5.60023 Tainted: G U O 6.15.0-smp-DEV #2 NONE\n Tainted: [U]=USER, [O]=OOT_MODULE\n Hardware name: Google, Inc. Arcadia_IT_80/Arcadia_IT_80, BIOS 12.52.0-0 10/28/2024\n RIP: 0010:constant_test_bit arch/x86/include/asm/bitops.h:206 [inline]\n RIP: 0010:arch_test_bit arch/x86/include/asm/bitops.h:238 [inline]\n RIP: 0010:_test_bit include/asm-generic/bitops/instrumented-non-atomic.h:142 [inline]\n RIP: 0010:PageHead include/linux/page-flags.h:866 [inline]\n RIP: 0010:___free_pages+0x3e/0x120 mm/page_alloc.c:5067\n Code: \u003c49\u003e f7 06 40 00 00 00 75 05 45 31 ff eb 0c 66 90 4c 89 f0 4c 39 f0\n RSP: 0018:ffff8984551978d0 EFLAGS: 00010246\n RAX: 0000777f80000001 RBX: 0000000000000000 RCX: ffffffff918aeb98\n RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffebde00000000\n RBP: 0000000000000000 R08: ffffebde00000007 R09: 1ffffd7bc0000000\n R10: dffffc0000000000 R11: fffff97bc0000001 R12: dffffc0000000000\n R13: ffff8983e19751a8 R14: ffffebde00000000 R15: 1ffffd7bc0000000\n FS: 0000000000000000(0000) GS:ffff89ee661d3000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: ffffebde00000000 CR3: 000000793ceaa000 CR4: 0000000000350ef0\n DR0: 0000000000000000 DR1: 0000000000000b5f DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n sev_free_vcpu+0x413/0x630 arch/x86/kvm/svm/sev.c:3169\n svm_vcpu_free+0x13a/0x2a0 arch/x86/kvm/svm/svm.c:1515\n kvm_arch_vcpu_destroy+0x6a/0x1d0 arch/x86/kvm/x86.c:12396\n kvm_vcpu_destroy virt/kvm/kvm_main.c:470 [inline]\n kvm_destroy_vcpus+0xd1/0x300 virt/kvm/kvm_main.c:490\n kvm_arch_destroy_vm+0x636/0x820 arch/x86/kvm/x86.c:12895\n kvm_put_kvm+0xb8e/0xfb0 virt/kvm/kvm_main.c:1310\n kvm_vm_release+0x48/0x60 virt/kvm/kvm_main.c:1369\n __fput+0x3e4/0x9e0 fs/file_table.c:465\n task_work_run+0x1a9/0x220 kernel/task_work.c:227\n exit_task_work include/linux/task_work.h:40 [inline]\n do_exit+0x7f0/0x25b0 kernel/exit.c:953\n do_group_exit+0x203/0x2d0 kernel/exit.c:1102\n get_signal+0x1357/0x1480 kernel/signal.c:3034\n arch_do_signal_or_restart+0x40/0x690 arch/x86/kernel/signal.c:337\n exit_to_user_mode_loop kernel/entry/common.c:111 [inline]\n exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]\n __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]\n syscall_exit_to_user_mode+0x67/0xb0 kernel/entry/common.c:218\n do_syscall_64+0x7c/0x150 arch/x86/entry/syscall_64.c:100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n RIP: 0033:0x7f87a898e969\n \u003c/TASK\u003e\n Modules linked in: gq(O)\n gsmi: Log Shutdown Reason 0x03\n CR2: ffffebde00000000\n ---[ end trace 0000000000000000 ]---\n\nDeliberately don\u0027t check for a NULL VMSA when freeing the vCPU, as crashing\nthe host is likely desirable due to the VMSA being consumed by hardware.\nE.g. if KVM manages to allow VMRUN on the vCPU, hardware may read/write a\nbogus VMSA page. Accessing P\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38455",
"url": "https://www.suse.com/security/cve/CVE-2025-38455"
},
{
"category": "external",
"summary": "SUSE Bug 1247101 for CVE-2025-38455",
"url": "https://bugzilla.suse.com/1247101"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38455"
},
{
"cve": "CVE-2025-38456",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38456"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmi:msghandler: Fix potential memory corruption in ipmi_create_user()\n\nThe \"intf\" list iterator is an invalid pointer if the correct\n\"intf-\u003eintf_num\" is not found. Calling atomic_dec(\u0026intf-\u003enr_users) on\nand invalid pointer will lead to memory corruption.\n\nWe don\u0027t really need to call atomic_dec() if we haven\u0027t called\natomic_add_return() so update the if (intf-\u003ein_shutdown) path as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38456",
"url": "https://www.suse.com/security/cve/CVE-2025-38456"
},
{
"category": "external",
"summary": "SUSE Bug 1247099 for CVE-2025-38456",
"url": "https://bugzilla.suse.com/1247099"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38456"
},
{
"cve": "CVE-2025-38457",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38457"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Abort __tc_modify_qdisc if parent class does not exist\n\nLion\u0027s patch [1] revealed an ancient bug in the qdisc API.\nWhenever a user creates/modifies a qdisc specifying as a parent another\nqdisc, the qdisc API will, during grafting, detect that the user is\nnot trying to attach to a class and reject. However grafting is\nperformed after qdisc_create (and thus the qdiscs\u0027 init callback) is\nexecuted. In qdiscs that eventually call qdisc_tree_reduce_backlog\nduring init or change (such as fq, hhf, choke, etc), an issue\narises. For example, executing the following commands:\n\nsudo tc qdisc add dev lo root handle a: htb default 2\nsudo tc qdisc add dev lo parent a: handle beef fq\n\nQdiscs such as fq, hhf, choke, etc unconditionally invoke\nqdisc_tree_reduce_backlog() in their control path init() or change() which\nthen causes a failure to find the child class; however, that does not stop\nthe unconditional invocation of the assumed child qdisc\u0027s qlen_notify with\na null class. All these qdiscs make the assumption that class is non-null.\n\nThe solution is ensure that qdisc_leaf() which looks up the parent\nclass, and is invoked prior to qdisc_create(), should return failure on\nnot finding the class.\nIn this patch, we leverage qdisc_leaf to return ERR_PTRs whenever the\nparentid doesn\u0027t correspond to a class, so that we can detect it\nearlier on and abort before qdisc_create is called.\n\n[1] https://lore.kernel.org/netdev/d912cbd7-193b-4269-9857-525bee8bbb6a@gmail.com/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38457",
"url": "https://www.suse.com/security/cve/CVE-2025-38457"
},
{
"category": "external",
"summary": "SUSE Bug 1247098 for CVE-2025-38457",
"url": "https://bugzilla.suse.com/1247098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38457"
},
{
"cve": "CVE-2025-38458",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38458"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: clip: Fix NULL pointer dereference in vcc_sendmsg()\n\natmarpd_dev_ops does not implement the send method, which may cause crash\nas bellow.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nPGD 0 P4D 0\nOops: Oops: 0010 [#1] SMP KASAN NOPTI\nCPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted 6.15.0-rc6-syzkaller-00346-g5723cc3450bc #0 PREEMPT(full)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nRIP: 0010:0x0\nCode: Unable to access opcode bytes at 0xffffffffffffffd6.\nRSP: 0018:ffffc9000d3cf778 EFLAGS: 00010246\nRAX: 1ffffffff1910dd1 RBX: 00000000000000c0 RCX: dffffc0000000000\nRDX: ffffc9000dc82000 RSI: ffff88803e4c4640 RDI: ffff888052cd0000\nRBP: ffffc9000d3cf8d0 R08: ffff888052c9143f R09: 1ffff1100a592287\nR10: dffffc0000000000 R11: 0000000000000000 R12: 1ffff92001a79f00\nR13: ffff888052cd0000 R14: ffff88803e4c4640 R15: ffffffff8c886e88\nFS: 00007fbc762566c0(0000) GS:ffff88808d6c2000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: ffffffffffffffd6 CR3: 0000000041f1b000 CR4: 0000000000352ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n vcc_sendmsg+0xa10/0xc50 net/atm/common.c:644\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg+0x219/0x270 net/socket.c:727\n ____sys_sendmsg+0x52d/0x830 net/socket.c:2566\n ___sys_sendmsg+0x21f/0x2a0 net/socket.c:2620\n __sys_sendmmsg+0x227/0x430 net/socket.c:2709\n __do_sys_sendmmsg net/socket.c:2736 [inline]\n __se_sys_sendmmsg net/socket.c:2733 [inline]\n __x64_sys_sendmmsg+0xa0/0xc0 net/socket.c:2733\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38458",
"url": "https://www.suse.com/security/cve/CVE-2025-38458"
},
{
"category": "external",
"summary": "SUSE Bug 1247116 for CVE-2025-38458",
"url": "https://bugzilla.suse.com/1247116"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38458"
},
{
"cve": "CVE-2025-38459",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38459"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: clip: Fix infinite recursive call of clip_push().\n\nsyzbot reported the splat below. [0]\n\nThis happens if we call ioctl(ATMARP_MKIP) more than once.\n\nDuring the first call, clip_mkip() sets clip_push() to vcc-\u003epush(),\nand the second call copies it to clip_vcc-\u003eold_push().\n\nLater, when the socket is close()d, vcc_destroy_socket() passes\nNULL skb to clip_push(), which calls clip_vcc-\u003eold_push(),\ntriggering the infinite recursion.\n\nLet\u0027s prevent the second ioctl(ATMARP_MKIP) by checking\nvcc-\u003euser_back, which is allocated by the first call as clip_vcc.\n\nNote also that we use lock_sock() to prevent racy calls.\n\n[0]:\nBUG: TASK stack guard page was hit at ffffc9000d66fff8 (stack is ffffc9000d670000..ffffc9000d678000)\nOops: stack guard page: 0000 [#1] SMP KASAN NOPTI\nCPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nRIP: 0010:clip_push+0x5/0x720 net/atm/clip.c:191\nCode: e0 8f aa 8c e8 1c ad 5b fa eb ae 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 \u003c41\u003e 57 41 56 41 55 41 54 53 48 83 ec 20 48 89 f3 49 89 fd 48 bd 00\nRSP: 0018:ffffc9000d670000 EFLAGS: 00010246\nRAX: 1ffff1100235a4a5 RBX: ffff888011ad2508 RCX: ffff8880003c0000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888037f01000\nRBP: dffffc0000000000 R08: ffffffff8fa104f7 R09: 1ffffffff1f4209e\nR10: dffffc0000000000 R11: ffffffff8a99b300 R12: ffffffff8a99b300\nR13: ffff888037f01000 R14: ffff888011ad2500 R15: ffff888037f01578\nFS: 000055557ab6d500(0000) GS:ffff88808d250000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: ffffc9000d66fff8 CR3: 0000000043172000 CR4: 0000000000352ef0\nCall Trace:\n \u003cTASK\u003e\n clip_push+0x6dc/0x720 net/atm/clip.c:200\n clip_push+0x6dc/0x720 net/atm/clip.c:200\n clip_push+0x6dc/0x720 net/atm/clip.c:200\n...\n clip_push+0x6dc/0x720 net/atm/clip.c:200\n clip_push+0x6dc/0x720 net/atm/clip.c:200\n clip_push+0x6dc/0x720 net/atm/clip.c:200\n vcc_destroy_socket net/atm/common.c:183 [inline]\n vcc_release+0x157/0x460 net/atm/common.c:205\n __sock_release net/socket.c:647 [inline]\n sock_close+0xc0/0x240 net/socket.c:1391\n __fput+0x449/0xa70 fs/file_table.c:465\n task_work_run+0x1d1/0x260 kernel/task_work.c:227\n resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]\n exit_to_user_mode_loop+0xec/0x110 kernel/entry/common.c:114\n exit_to_user_mode_prepare include/linux/entry-common.h:330 [inline]\n syscall_exit_to_user_mode_work include/linux/entry-common.h:414 [inline]\n syscall_exit_to_user_mode include/linux/entry-common.h:449 [inline]\n do_syscall_64+0x2bd/0x3b0 arch/x86/entry/syscall_64.c:100\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7ff31c98e929\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fffb5aa1f78 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4\nRAX: 0000000000000000 RBX: 0000000000012747 RCX: 00007ff31c98e929\nRDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003\nRBP: 00007ff31cbb7ba0 R08: 0000000000000001 R09: 0000000db5aa226f\nR10: 00007ff31c7ff030 R11: 0000000000000246 R12: 00007ff31cbb608c\nR13: 00007ff31cbb6080 R14: ffffffffffffffff R15: 00007fffb5aa2090\n \u003c/TASK\u003e\nModules linked in:",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38459",
"url": "https://www.suse.com/security/cve/CVE-2025-38459"
},
{
"category": "external",
"summary": "SUSE Bug 1247119 for CVE-2025-38459",
"url": "https://bugzilla.suse.com/1247119"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38459"
},
{
"cve": "CVE-2025-38460",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38460"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: clip: Fix potential null-ptr-deref in to_atmarpd().\n\natmarpd is protected by RTNL since commit f3a0592b37b8 (\"[ATM]: clip\ncauses unregister hang\").\n\nHowever, it is not enough because to_atmarpd() is called without RTNL,\nespecially clip_neigh_solicit() / neigh_ops-\u003esolicit() is unsleepable.\n\nAlso, there is no RTNL dependency around atmarpd.\n\nLet\u0027s use a private mutex and RCU to protect access to atmarpd in\nto_atmarpd().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38460",
"url": "https://www.suse.com/security/cve/CVE-2025-38460"
},
{
"category": "external",
"summary": "SUSE Bug 1247143 for CVE-2025-38460",
"url": "https://bugzilla.suse.com/1247143"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38460"
},
{
"cve": "CVE-2025-38461",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38461"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Fix transport_* TOCTOU\n\nTransport assignment may race with module unload. Protect new_transport\nfrom becoming a stale pointer.\n\nThis also takes care of an insecure call in vsock_use_local_transport();\nadd a lockdep assert.\n\nBUG: unable to handle page fault for address: fffffbfff8056000\nOops: Oops: 0000 [#1] SMP KASAN\nRIP: 0010:vsock_assign_transport+0x366/0x600\nCall Trace:\n vsock_connect+0x59c/0xc40\n __sys_connect+0xe8/0x100\n __x64_sys_connect+0x6e/0xc0\n do_syscall_64+0x92/0x1c0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38461",
"url": "https://www.suse.com/security/cve/CVE-2025-38461"
},
{
"category": "external",
"summary": "SUSE Bug 1247103 for CVE-2025-38461",
"url": "https://bugzilla.suse.com/1247103"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38461"
},
{
"cve": "CVE-2025-38462",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38462"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Fix transport_{g2h,h2g} TOCTOU\n\nvsock_find_cid() and vsock_dev_do_ioctl() may race with module unload.\ntransport_{g2h,h2g} may become NULL after the NULL check.\n\nIntroduce vsock_transport_local_cid() to protect from a potential\nnull-ptr-deref.\n\nKASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f]\nRIP: 0010:vsock_find_cid+0x47/0x90\nCall Trace:\n __vsock_bind+0x4b2/0x720\n vsock_bind+0x90/0xe0\n __sys_bind+0x14d/0x1e0\n __x64_sys_bind+0x6e/0xc0\n do_syscall_64+0x92/0x1c0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nKASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f]\nRIP: 0010:vsock_dev_do_ioctl.isra.0+0x58/0xf0\nCall Trace:\n __x64_sys_ioctl+0x12d/0x190\n do_syscall_64+0x92/0x1c0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38462",
"url": "https://www.suse.com/security/cve/CVE-2025-38462"
},
{
"category": "external",
"summary": "SUSE Bug 1247104 for CVE-2025-38462",
"url": "https://bugzilla.suse.com/1247104"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38462"
},
{
"cve": "CVE-2025-38463",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38463"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Correct signedness in skb remaining space calculation\n\nSyzkaller reported a bug [1] where sk-\u003esk_forward_alloc can overflow.\n\nWhen we send data, if an skb exists at the tail of the write queue, the\nkernel will attempt to append the new data to that skb. However, the code\nthat checks for available space in the skb is flawed:\n\u0027\u0027\u0027\ncopy = size_goal - skb-\u003elen\n\u0027\u0027\u0027\n\nThe types of the variables involved are:\n\u0027\u0027\u0027\ncopy: ssize_t (s64 on 64-bit systems)\nsize_goal: int\nskb-\u003elen: unsigned int\n\u0027\u0027\u0027\n\nDue to C\u0027s type promotion rules, the signed size_goal is converted to an\nunsigned int to match skb-\u003elen before the subtraction. The result is an\nunsigned int.\n\nWhen this unsigned int result is then assigned to the s64 copy variable,\nit is zero-extended, preserving its non-negative value. Consequently, copy\nis always \u003e= 0.\n\nAssume we are sending 2GB of data and size_goal has been adjusted to a\nvalue smaller than skb-\u003elen. The subtraction will result in copy holding a\nvery large positive integer. In the subsequent logic, this large value is\nused to update sk-\u003esk_forward_alloc, which can easily cause it to overflow.\n\nThe syzkaller reproducer uses TCP_REPAIR to reliably create this\ncondition. However, this can also occur in real-world scenarios. The\ntcp_bound_to_half_wnd() function can also reduce size_goal to a small\nvalue. This would cause the subsequent tcp_wmem_schedule() to set\nsk-\u003esk_forward_alloc to a value close to INT_MAX. Further memory\nallocation requests would then cause sk_forward_alloc to wrap around and\nbecome negative.\n\n[1]: https://syzkaller.appspot.com/bug?extid=de6565462ab540f50e47",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38463",
"url": "https://www.suse.com/security/cve/CVE-2025-38463"
},
{
"category": "external",
"summary": "SUSE Bug 1247113 for CVE-2025-38463",
"url": "https://bugzilla.suse.com/1247113"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38463"
},
{
"cve": "CVE-2025-38464",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38464"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: Fix use-after-free in tipc_conn_close().\n\nsyzbot reported a null-ptr-deref in tipc_conn_close() during netns\ndismantle. [0]\n\ntipc_topsrv_stop() iterates tipc_net(net)-\u003etopsrv-\u003econn_idr and calls\ntipc_conn_close() for each tipc_conn.\n\nThe problem is that tipc_conn_close() is called after releasing the\nIDR lock.\n\nAt the same time, there might be tipc_conn_recv_work() running and it\ncould call tipc_conn_close() for the same tipc_conn and release its\nlast -\u003ekref.\n\nOnce we release the IDR lock in tipc_topsrv_stop(), there is no\nguarantee that the tipc_conn is alive.\n\nLet\u0027s hold the ref before releasing the lock and put the ref after\ntipc_conn_close() in tipc_topsrv_stop().\n\n[0]:\nBUG: KASAN: use-after-free in tipc_conn_close+0x122/0x140 net/tipc/topsrv.c:165\nRead of size 8 at addr ffff888099305a08 by task kworker/u4:3/435\n\nCPU: 0 PID: 435 Comm: kworker/u4:3 Not tainted 4.19.204-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nWorkqueue: netns cleanup_net\nCall Trace:\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0x1fc/0x2ef lib/dump_stack.c:118\n print_address_description.cold+0x54/0x219 mm/kasan/report.c:256\n kasan_report_error.cold+0x8a/0x1b9 mm/kasan/report.c:354\n kasan_report mm/kasan/report.c:412 [inline]\n __asan_report_load8_noabort+0x88/0x90 mm/kasan/report.c:433\n tipc_conn_close+0x122/0x140 net/tipc/topsrv.c:165\n tipc_topsrv_stop net/tipc/topsrv.c:701 [inline]\n tipc_topsrv_exit_net+0x27b/0x5c0 net/tipc/topsrv.c:722\n ops_exit_list+0xa5/0x150 net/core/net_namespace.c:153\n cleanup_net+0x3b4/0x8b0 net/core/net_namespace.c:553\n process_one_work+0x864/0x1570 kernel/workqueue.c:2153\n worker_thread+0x64c/0x1130 kernel/workqueue.c:2296\n kthread+0x33f/0x460 kernel/kthread.c:259\n ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415\n\nAllocated by task 23:\n kmem_cache_alloc_trace+0x12f/0x380 mm/slab.c:3625\n kmalloc include/linux/slab.h:515 [inline]\n kzalloc include/linux/slab.h:709 [inline]\n tipc_conn_alloc+0x43/0x4f0 net/tipc/topsrv.c:192\n tipc_topsrv_accept+0x1b5/0x280 net/tipc/topsrv.c:470\n process_one_work+0x864/0x1570 kernel/workqueue.c:2153\n worker_thread+0x64c/0x1130 kernel/workqueue.c:2296\n kthread+0x33f/0x460 kernel/kthread.c:259\n ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415\n\nFreed by task 23:\n __cache_free mm/slab.c:3503 [inline]\n kfree+0xcc/0x210 mm/slab.c:3822\n tipc_conn_kref_release net/tipc/topsrv.c:150 [inline]\n kref_put include/linux/kref.h:70 [inline]\n conn_put+0x2cd/0x3a0 net/tipc/topsrv.c:155\n process_one_work+0x864/0x1570 kernel/workqueue.c:2153\n worker_thread+0x64c/0x1130 kernel/workqueue.c:2296\n kthread+0x33f/0x460 kernel/kthread.c:259\n ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415\n\nThe buggy address belongs to the object at ffff888099305a00\n which belongs to the cache kmalloc-512 of size 512\nThe buggy address is located 8 bytes inside of\n 512-byte region [ffff888099305a00, ffff888099305c00)\nThe buggy address belongs to the page:\npage:ffffea000264c140 count:1 mapcount:0 mapping:ffff88813bff0940 index:0x0\nflags: 0xfff00000000100(slab)\nraw: 00fff00000000100 ffffea00028b6b88 ffffea0002cd2b08 ffff88813bff0940\nraw: 0000000000000000 ffff888099305000 0000000100000006 0000000000000000\npage dumped because: kasan: bad access detected\n\nMemory state around the buggy address:\n ffff888099305900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff888099305980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n\u003effff888099305a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ^\n ffff888099305a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff888099305b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38464",
"url": "https://www.suse.com/security/cve/CVE-2025-38464"
},
{
"category": "external",
"summary": "SUSE Bug 1247112 for CVE-2025-38464",
"url": "https://bugzilla.suse.com/1247112"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38464"
},
{
"cve": "CVE-2025-38465",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38465"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: Fix wraparounds of sk-\u003esk_rmem_alloc.\n\nNetlink has this pattern in some places\n\n if (atomic_read(\u0026sk-\u003esk_rmem_alloc) \u003e sk-\u003esk_rcvbuf)\n \tatomic_add(skb-\u003etruesize, \u0026sk-\u003esk_rmem_alloc);\n\n, which has the same problem fixed by commit 5a465a0da13e (\"udp:\nFix multiple wraparounds of sk-\u003esk_rmem_alloc.\").\n\nFor example, if we set INT_MAX to SO_RCVBUFFORCE, the condition\nis always false as the two operands are of int.\n\nThen, a single socket can eat as many skb as possible until OOM\nhappens, and we can see multiple wraparounds of sk-\u003esk_rmem_alloc.\n\nLet\u0027s fix it by using atomic_add_return() and comparing the two\nvariables as unsigned int.\n\nBefore:\n [root@fedora ~]# ss -f netlink\n Recv-Q Send-Q Local Address:Port Peer Address:Port\n -1668710080 0 rtnl:nl_wraparound/293 *\n\nAfter:\n [root@fedora ~]# ss -f netlink\n Recv-Q Send-Q Local Address:Port Peer Address:Port\n 2147483072 0 rtnl:nl_wraparound/290 *\n ^\n `--- INT_MAX - 576",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38465",
"url": "https://www.suse.com/security/cve/CVE-2025-38465"
},
{
"category": "external",
"summary": "SUSE Bug 1247118 for CVE-2025-38465",
"url": "https://bugzilla.suse.com/1247118"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38465"
},
{
"cve": "CVE-2025-38466",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38466"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Revert to requiring CAP_SYS_ADMIN for uprobes\n\nJann reports that uprobes can be used destructively when used in the\nmiddle of an instruction. The kernel only verifies there is a valid\ninstruction at the requested offset, but due to variable instruction\nlength cannot determine if this is an instruction as seen by the\nintended execution stream.\n\nAdditionally, Mark Rutland notes that on architectures that mix data\nin the text segment (like arm64), a similar things can be done if the\ndata word is \u0027mistaken\u0027 for an instruction.\n\nAs such, require CAP_SYS_ADMIN for uprobes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38466",
"url": "https://www.suse.com/security/cve/CVE-2025-38466"
},
{
"category": "external",
"summary": "SUSE Bug 1247442 for CVE-2025-38466",
"url": "https://bugzilla.suse.com/1247442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38466"
},
{
"cve": "CVE-2025-38467",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38467"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/exynos: exynos7_drm_decon: add vblank check in IRQ handling\n\nIf there\u0027s support for another console device (such as a TTY serial),\nthe kernel occasionally panics during boot. The panic message and a\nrelevant snippet of the call stack is as follows:\n\n Unable to handle kernel NULL pointer dereference at virtual address 000000000000000\n Call trace:\n drm_crtc_handle_vblank+0x10/0x30 (P)\n decon_irq_handler+0x88/0xb4\n [...]\n\nOtherwise, the panics don\u0027t happen. This indicates that it\u0027s some sort\nof race condition.\n\nAdd a check to validate if the drm device can handle vblanks before\ncalling drm_crtc_handle_vblank() to avoid this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38467",
"url": "https://www.suse.com/security/cve/CVE-2025-38467"
},
{
"category": "external",
"summary": "SUSE Bug 1247146 for CVE-2025-38467",
"url": "https://bugzilla.suse.com/1247146"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38467"
},
{
"cve": "CVE-2025-38468",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38468"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree\n\nhtb_lookup_leaf has a BUG_ON that can trigger with the following:\n\ntc qdisc del dev lo root\ntc qdisc add dev lo root handle 1: htb default 1\ntc class add dev lo parent 1: classid 1:1 htb rate 64bit\ntc qdisc add dev lo parent 1:1 handle 2: netem\ntc qdisc add dev lo parent 2:1 handle 3: blackhole\nping -I lo -c1 -W0.001 127.0.0.1\n\nThe root cause is the following:\n\n1. htb_dequeue calls htb_dequeue_tree which calls the dequeue handler on\n the selected leaf qdisc\n2. netem_dequeue calls enqueue on the child qdisc\n3. blackhole_enqueue drops the packet and returns a value that is not\n just NET_XMIT_SUCCESS\n4. Because of this, netem_dequeue calls qdisc_tree_reduce_backlog, and\n since qlen is now 0, it calls htb_qlen_notify -\u003e htb_deactivate -\u003e\n htb_deactiviate_prios -\u003e htb_remove_class_from_row -\u003e htb_safe_rb_erase\n5. As this is the only class in the selected hprio rbtree,\n __rb_change_child in __rb_erase_augmented sets the rb_root pointer to\n NULL\n6. Because blackhole_dequeue returns NULL, netem_dequeue returns NULL,\n which causes htb_dequeue_tree to call htb_lookup_leaf with the same\n hprio rbtree, and fail the BUG_ON\n\nThe function graph for this scenario is shown here:\n 0) | htb_enqueue() {\n 0) + 13.635 us | netem_enqueue();\n 0) 4.719 us | htb_activate_prios();\n 0) # 2249.199 us | }\n 0) | htb_dequeue() {\n 0) 2.355 us | htb_lookup_leaf();\n 0) | netem_dequeue() {\n 0) + 11.061 us | blackhole_enqueue();\n 0) | qdisc_tree_reduce_backlog() {\n 0) | qdisc_lookup_rcu() {\n 0) 1.873 us | qdisc_match_from_root();\n 0) 6.292 us | }\n 0) 1.894 us | htb_search();\n 0) | htb_qlen_notify() {\n 0) 2.655 us | htb_deactivate_prios();\n 0) 6.933 us | }\n 0) + 25.227 us | }\n 0) 1.983 us | blackhole_dequeue();\n 0) + 86.553 us | }\n 0) # 2932.761 us | qdisc_warn_nonwc();\n 0) | htb_lookup_leaf() {\n 0) | BUG_ON();\n ------------------------------------------\n\nThe full original bug report can be seen here [1].\n\nWe can fix this just by returning NULL instead of the BUG_ON,\nas htb_dequeue_tree returns NULL when htb_lookup_leaf returns\nNULL.\n\n[1] https://lore.kernel.org/netdev/pF5XOOIim0IuEfhI-SOxTgRvNoDwuux7UHKnE_Y5-zVd4wmGvNk2ceHjKb8ORnzw0cGwfmVu42g9dL7XyJLf1NEzaztboTWcm0Ogxuojoeo=@willsroot.io/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38468",
"url": "https://www.suse.com/security/cve/CVE-2025-38468"
},
{
"category": "external",
"summary": "SUSE Bug 1247437 for CVE-2025-38468",
"url": "https://bugzilla.suse.com/1247437"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38468"
},
{
"cve": "CVE-2025-38470",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38470"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime\n\nAssuming the \"rx-vlan-filter\" feature is enabled on a net device, the\n8021q module will automatically add or remove VLAN 0 when the net device\nis put administratively up or down, respectively. There are a couple of\nproblems with the above scheme.\n\nThe first problem is a memory leak that can happen if the \"rx-vlan-filter\"\nfeature is disabled while the device is running:\n\n # ip link add bond1 up type bond mode 0\n # ethtool -K bond1 rx-vlan-filter off\n # ip link del dev bond1\n\nWhen the device is put administratively down the \"rx-vlan-filter\"\nfeature is disabled, so the 8021q module will not remove VLAN 0 and the\nmemory will be leaked [1].\n\nAnother problem that can happen is that the kernel can automatically\ndelete VLAN 0 when the device is put administratively down despite not\nadding it when the device was put administratively up since during that\ntime the \"rx-vlan-filter\" feature was disabled. null-ptr-unref or\nbug_on[2] will be triggered by unregister_vlan_dev() for refcount\nimbalance if toggling filtering during runtime:\n\n$ ip link add bond0 type bond mode 0\n$ ip link add link bond0 name vlan0 type vlan id 0 protocol 802.1q\n$ ethtool -K bond0 rx-vlan-filter off\n$ ifconfig bond0 up\n$ ethtool -K bond0 rx-vlan-filter on\n$ ifconfig bond0 down\n$ ip link del vlan0\n\nRoot cause is as below:\nstep1: add vlan0 for real_dev, such as bond, team.\nregister_vlan_dev\n vlan_vid_add(real_dev,htons(ETH_P_8021Q),0) //refcnt=1\nstep2: disable vlan filter feature and enable real_dev\nstep3: change filter from 0 to 1\nvlan_device_event\n vlan_filter_push_vids\n ndo_vlan_rx_add_vid //No refcnt added to real_dev vlan0\nstep4: real_dev down\nvlan_device_event\n vlan_vid_del(dev, htons(ETH_P_8021Q), 0); //refcnt=0\n vlan_info_rcu_free //free vlan0\nstep5: delete vlan0\nunregister_vlan_dev\n BUG_ON(!vlan_info); //vlan_info is null\n\nFix both problems by noting in the VLAN info whether VLAN 0 was\nautomatically added upon NETDEV_UP and based on that decide whether it\nshould be deleted upon NETDEV_DOWN, regardless of the state of the\n\"rx-vlan-filter\" feature.\n\n[1]\nunreferenced object 0xffff8880068e3100 (size 256):\n comm \"ip\", pid 384, jiffies 4296130254\n hex dump (first 32 bytes):\n 00 20 30 0d 80 88 ff ff 00 00 00 00 00 00 00 00 . 0.............\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc 81ce31fa):\n __kmalloc_cache_noprof+0x2b5/0x340\n vlan_vid_add+0x434/0x940\n vlan_device_event.cold+0x75/0xa8\n notifier_call_chain+0xca/0x150\n __dev_notify_flags+0xe3/0x250\n rtnl_configure_link+0x193/0x260\n rtnl_newlink_create+0x383/0x8e0\n __rtnl_newlink+0x22c/0xa40\n rtnl_newlink+0x627/0xb00\n rtnetlink_rcv_msg+0x6fb/0xb70\n netlink_rcv_skb+0x11f/0x350\n netlink_unicast+0x426/0x710\n netlink_sendmsg+0x75a/0xc20\n __sock_sendmsg+0xc1/0x150\n ____sys_sendmsg+0x5aa/0x7b0\n ___sys_sendmsg+0xfc/0x180\n\n[2]\nkernel BUG at net/8021q/vlan.c:99!\nOops: invalid opcode: 0000 [#1] SMP KASAN PTI\nCPU: 0 UID: 0 PID: 382 Comm: ip Not tainted 6.16.0-rc3 #61 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:unregister_vlan_dev (net/8021q/vlan.c:99 (discriminator 1))\nRSP: 0018:ffff88810badf310 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff88810da84000 RCX: ffffffffb47ceb9a\nRDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff88810e8b43c8\nRBP: 0000000000000000 R08: 0000000000000000 R09: fffffbfff6cefe80\nR10: ffffffffb677f407 R11: ffff88810badf3c0 R12: ffff88810e8b4000\nR13: 0000000000000000 R14: ffff88810642a5c0 R15: 000000000000017e\nFS: 00007f1ff68c20c0(0000) GS:ffff888163a24000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f1ff5dad240 CR3: 0000000107e56000 CR4: 00000000000006f0\nCall Trace:\n \u003cTASK\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38470",
"url": "https://www.suse.com/security/cve/CVE-2025-38470"
},
{
"category": "external",
"summary": "SUSE Bug 1247288 for CVE-2025-38470",
"url": "https://bugzilla.suse.com/1247288"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38470"
},
{
"cve": "CVE-2025-38472",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38472"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_conntrack: fix crash due to removal of uninitialised entry\n\nA crash in conntrack was reported while trying to unlink the conntrack\nentry from the hash bucket list:\n [exception RIP: __nf_ct_delete_from_lists+172]\n [..]\n #7 [ff539b5a2b043aa0] nf_ct_delete at ffffffffc124d421 [nf_conntrack]\n #8 [ff539b5a2b043ad0] nf_ct_gc_expired at ffffffffc124d999 [nf_conntrack]\n #9 [ff539b5a2b043ae0] __nf_conntrack_find_get at ffffffffc124efbc [nf_conntrack]\n [..]\n\nThe nf_conn struct is marked as allocated from slab but appears to be in\na partially initialised state:\n\n ct hlist pointer is garbage; looks like the ct hash value\n (hence crash).\n ct-\u003estatus is equal to IPS_CONFIRMED|IPS_DYING, which is expected\n ct-\u003etimeout is 30000 (=30s), which is unexpected.\n\nEverything else looks like normal udp conntrack entry. If we ignore\nct-\u003estatus and pretend its 0, the entry matches those that are newly\nallocated but not yet inserted into the hash:\n - ct hlist pointers are overloaded and store/cache the raw tuple hash\n - ct-\u003etimeout matches the relative time expected for a new udp flow\n rather than the absolute \u0027jiffies\u0027 value.\n\nIf it were not for the presence of IPS_CONFIRMED,\n__nf_conntrack_find_get() would have skipped the entry.\n\nTheory is that we did hit following race:\n\ncpu x \t\t\tcpu y\t\t\tcpu z\n found entry E\t\tfound entry E\n E is expired\t\t\u003cpreemption\u003e\n nf_ct_delete()\n return E to rcu slab\n\t\t\t\t\tinit_conntrack\n\t\t\t\t\tE is re-inited,\n\t\t\t\t\tct-\u003estatus set to 0\n\t\t\t\t\treply tuplehash hnnode.pprev\n\t\t\t\t\tstores hash value.\n\ncpu y found E right before it was deleted on cpu x.\nE is now re-inited on cpu z. cpu y was preempted before\nchecking for expiry and/or confirm bit.\n\n\t\t\t\t\t-\u003erefcnt set to 1\n\t\t\t\t\tE now owned by skb\n\t\t\t\t\t-\u003etimeout set to 30000\n\nIf cpu y were to resume now, it would observe E as\nexpired but would skip E due to missing CONFIRMED bit.\n\n\t\t\t\t\tnf_conntrack_confirm gets called\n\t\t\t\t\tsets: ct-\u003estatus |= CONFIRMED\n\t\t\t\t\tThis is wrong: E is not yet added\n\t\t\t\t\tto hashtable.\n\ncpu y resumes, it observes E as expired but CONFIRMED:\n\t\t\t\u003cresumes\u003e\n\t\t\tnf_ct_expired()\n\t\t\t -\u003e yes (ct-\u003etimeout is 30s)\n\t\t\tconfirmed bit set.\n\ncpu y will try to delete E from the hashtable:\n\t\t\tnf_ct_delete() -\u003e set DYING bit\n\t\t\t__nf_ct_delete_from_lists\n\nEven this scenario doesn\u0027t guarantee a crash:\ncpu z still holds the table bucket lock(s) so y blocks:\n\n\t\t\twait for spinlock held by z\n\n\t\t\t\t\tCONFIRMED is set but there is no\n\t\t\t\t\tguarantee ct will be added to hash:\n\t\t\t\t\t\"chaintoolong\" or \"clash resolution\"\n\t\t\t\t\tlogic both skip the insert step.\n\t\t\t\t\treply hnnode.pprev still stores the\n\t\t\t\t\thash value.\n\n\t\t\t\t\tunlocks spinlock\n\t\t\t\t\treturn NF_DROP\n\t\t\t\u003cunblocks, then\n\t\t\t crashes on hlist_nulls_del_rcu pprev\u003e\n\nIn case CPU z does insert the entry into the hashtable, cpu y will unlink\nE again right away but no crash occurs.\n\nWithout \u0027cpu y\u0027 race, \u0027garbage\u0027 hlist is of no consequence:\nct refcnt remains at 1, eventually skb will be free\u0027d and E gets\ndestroyed via: nf_conntrack_put -\u003e nf_conntrack_destroy -\u003e nf_ct_destroy.\n\nTo resolve this, move the IPS_CONFIRMED assignment after the table\ninsertion but before the unlock.\n\nPablo points out that the confirm-bit-store could be reordered to happen\nbefore hlist add resp. the timeout fixup, so switch to set_bit and\nbefore_atomic memory barrier to prevent this.\n\nIt doesn\u0027t matter if other CPUs can observe a newly inserted entry right\nbefore the CONFIRMED bit was set:\n\nSuch event cannot be distinguished from above \"E is the old incarnation\"\ncase: the entry will be skipped.\n\nAlso change nf_ct_should_gc() to first check the confirmed bit.\n\nThe gc sequence is:\n 1. Check if entry has expired, if not skip to next entry\n 2. Obtain a reference to the expired entry.\n 3. Call nf_ct_should_gc() to double-check step 1.\n\nnf_ct_should_gc() is thus called only for entries that already failed an\nexpiry check. After this patch, once the confirmed bit check pas\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38472",
"url": "https://www.suse.com/security/cve/CVE-2025-38472"
},
{
"category": "external",
"summary": "SUSE Bug 1247313 for CVE-2025-38472",
"url": "https://bugzilla.suse.com/1247313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38472"
},
{
"cve": "CVE-2025-38473",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38473"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb()\n\nsyzbot reported null-ptr-deref in l2cap_sock_resume_cb(). [0]\n\nl2cap_sock_resume_cb() has a similar problem that was fixed by commit\n1bff51ea59a9 (\"Bluetooth: fix use-after-free error in lock_sock_nested()\").\n\nSince both l2cap_sock_kill() and l2cap_sock_resume_cb() are executed\nunder l2cap_sock_resume_cb(), we can avoid the issue simply by checking\nif chan-\u003edata is NULL.\n\nLet\u0027s not access to the killed socket in l2cap_sock_resume_cb().\n\n[0]:\nBUG: KASAN: null-ptr-deref in instrument_atomic_write include/linux/instrumented.h:82 [inline]\nBUG: KASAN: null-ptr-deref in clear_bit include/asm-generic/bitops/instrumented-atomic.h:41 [inline]\nBUG: KASAN: null-ptr-deref in l2cap_sock_resume_cb+0xb4/0x17c net/bluetooth/l2cap_sock.c:1711\nWrite of size 8 at addr 0000000000000570 by task kworker/u9:0/52\n\nCPU: 1 UID: 0 PID: 52 Comm: kworker/u9:0 Not tainted 6.16.0-rc4-syzkaller-g7482bb149b9f #0 PREEMPT\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nWorkqueue: hci0 hci_rx_work\nCall trace:\n show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:501 (C)\n __dump_stack+0x30/0x40 lib/dump_stack.c:94\n dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120\n print_report+0x58/0x84 mm/kasan/report.c:524\n kasan_report+0xb0/0x110 mm/kasan/report.c:634\n check_region_inline mm/kasan/generic.c:-1 [inline]\n kasan_check_range+0x264/0x2a4 mm/kasan/generic.c:189\n __kasan_check_write+0x20/0x30 mm/kasan/shadow.c:37\n instrument_atomic_write include/linux/instrumented.h:82 [inline]\n clear_bit include/asm-generic/bitops/instrumented-atomic.h:41 [inline]\n l2cap_sock_resume_cb+0xb4/0x17c net/bluetooth/l2cap_sock.c:1711\n l2cap_security_cfm+0x524/0xea0 net/bluetooth/l2cap_core.c:7357\n hci_auth_cfm include/net/bluetooth/hci_core.h:2092 [inline]\n hci_auth_complete_evt+0x2e8/0xa4c net/bluetooth/hci_event.c:3514\n hci_event_func net/bluetooth/hci_event.c:7511 [inline]\n hci_event_packet+0x650/0xe9c net/bluetooth/hci_event.c:7565\n hci_rx_work+0x320/0xb18 net/bluetooth/hci_core.c:4070\n process_one_work+0x7e8/0x155c kernel/workqueue.c:3238\n process_scheduled_works kernel/workqueue.c:3321 [inline]\n worker_thread+0x958/0xed8 kernel/workqueue.c:3402\n kthread+0x5fc/0x75c kernel/kthread.c:464\n ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:847",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38473",
"url": "https://www.suse.com/security/cve/CVE-2025-38473"
},
{
"category": "external",
"summary": "SUSE Bug 1247289 for CVE-2025-38473",
"url": "https://bugzilla.suse.com/1247289"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38473"
},
{
"cve": "CVE-2025-38474",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38474"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: net: sierra: check for no status endpoint\n\nThe driver checks for having three endpoints and\nhaving bulk in and out endpoints, but not that\nthe third endpoint is interrupt input.\nRectify the omission.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38474",
"url": "https://www.suse.com/security/cve/CVE-2025-38474"
},
{
"category": "external",
"summary": "SUSE Bug 1247311 for CVE-2025-38474",
"url": "https://bugzilla.suse.com/1247311"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38474"
},
{
"cve": "CVE-2025-38475",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38475"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmc: Fix various oops due to inet_sock type confusion.\n\nsyzbot reported weird splats [0][1] in cipso_v4_sock_setattr() while\nfreeing inet_sk(sk)-\u003einet_opt.\n\nThe address was freed multiple times even though it was read-only memory.\n\ncipso_v4_sock_setattr() did nothing wrong, and the root cause was type\nconfusion.\n\nThe cited commit made it possible to create smc_sock as an INET socket.\n\nThe issue is that struct smc_sock does not have struct inet_sock as the\nfirst member but hijacks AF_INET and AF_INET6 sk_family, which confuses\nvarious places.\n\nIn this case, inet_sock.inet_opt was actually smc_sock.clcsk_data_ready(),\nwhich is an address of a function in the text segment.\n\n $ pahole -C inet_sock vmlinux\n struct inet_sock {\n ...\n struct ip_options_rcu * inet_opt; /* 784 8 */\n\n $ pahole -C smc_sock vmlinux\n struct smc_sock {\n ...\n void (*clcsk_data_ready)(struct sock *); /* 784 8 */\n\nThe same issue for another field was reported before. [2][3]\n\nAt that time, an ugly hack was suggested [4], but it makes both INET\nand SMC code error-prone and hard to change.\n\nAlso, yet another variant was fixed by a hacky commit 98d4435efcbf3\n(\"net/smc: prevent NULL pointer dereference in txopt_get\").\n\nInstead of papering over the root cause by such hacks, we should not\nallow non-INET socket to reuse the INET infra.\n\nLet\u0027s add inet_sock as the first member of smc_sock.\n\n[0]:\nkvfree_call_rcu(): Double-freed call. rcu_head 000000006921da73\nWARNING: CPU: 0 PID: 6718 at mm/slab_common.c:1956 kvfree_call_rcu+0x94/0x3f0 mm/slab_common.c:1955\nModules linked in:\nCPU: 0 UID: 0 PID: 6718 Comm: syz.0.17 Tainted: G W 6.16.0-rc4-syzkaller-g7482bb149b9f #0 PREEMPT\nTainted: [W]=WARN\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\npstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : kvfree_call_rcu+0x94/0x3f0 mm/slab_common.c:1955\nlr : kvfree_call_rcu+0x94/0x3f0 mm/slab_common.c:1955\nsp : ffff8000a03a7730\nx29: ffff8000a03a7730 x28: 00000000fffffff5 x27: 1fffe000184823d3\nx26: dfff800000000000 x25: ffff0000c2411e9e x24: ffff0000dd88da00\nx23: ffff8000891ac9a0 x22: 00000000ffffffea x21: ffff8000891ac9a0\nx20: ffff8000891ac9a0 x19: ffff80008afc2480 x18: 00000000ffffffff\nx17: 0000000000000000 x16: ffff80008ae642c8 x15: ffff700011ede14c\nx14: 1ffff00011ede14c x13: 0000000000000004 x12: ffffffffffffffff\nx11: ffff700011ede14c x10: 0000000000ff0100 x9 : 5fa3c1ffaf0ff000\nx8 : 5fa3c1ffaf0ff000 x7 : 0000000000000001 x6 : 0000000000000001\nx5 : ffff8000a03a7078 x4 : ffff80008f766c20 x3 : ffff80008054d360\nx2 : 0000000000000000 x1 : 0000000000000201 x0 : 0000000000000000\nCall trace:\n kvfree_call_rcu+0x94/0x3f0 mm/slab_common.c:1955 (P)\n cipso_v4_sock_setattr+0x2f0/0x3f4 net/ipv4/cipso_ipv4.c:1914\n netlbl_sock_setattr+0x240/0x334 net/netlabel/netlabel_kapi.c:1000\n smack_netlbl_add+0xa8/0x158 security/smack/smack_lsm.c:2581\n smack_inode_setsecurity+0x378/0x430 security/smack/smack_lsm.c:2912\n security_inode_setsecurity+0x118/0x3c0 security/security.c:2706\n __vfs_setxattr_noperm+0x174/0x5c4 fs/xattr.c:251\n __vfs_setxattr_locked+0x1ec/0x218 fs/xattr.c:295\n vfs_setxattr+0x158/0x2ac fs/xattr.c:321\n do_setxattr fs/xattr.c:636 [inline]\n file_setxattr+0x1b8/0x294 fs/xattr.c:646\n path_setxattrat+0x2ac/0x320 fs/xattr.c:711\n __do_sys_fsetxattr fs/xattr.c:761 [inline]\n __se_sys_fsetxattr fs/xattr.c:758 [inline]\n __arm64_sys_fsetxattr+0xc0/0xdc fs/xattr.c:758\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879\n el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898\n el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600\n\n[\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38475",
"url": "https://www.suse.com/security/cve/CVE-2025-38475"
},
{
"category": "external",
"summary": "SUSE Bug 1247308 for CVE-2025-38475",
"url": "https://bugzilla.suse.com/1247308"
},
{
"category": "external",
"summary": "SUSE Bug 1247309 for CVE-2025-38475",
"url": "https://bugzilla.suse.com/1247309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38475"
},
{
"cve": "CVE-2025-38476",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38476"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrpl: Fix use-after-free in rpl_do_srh_inline().\n\nRunning lwt_dst_cache_ref_loop.sh in selftest with KASAN triggers\nthe splat below [0].\n\nrpl_do_srh_inline() fetches ipv6_hdr(skb) and accesses it after\nskb_cow_head(), which is illegal as the header could be freed then.\n\nLet\u0027s fix it by making oldhdr to a local struct instead of a pointer.\n\n[0]:\n[root@fedora net]# ./lwt_dst_cache_ref_loop.sh\n...\nTEST: rpl (input)\n[ 57.631529] ==================================================================\nBUG: KASAN: slab-use-after-free in rpl_do_srh_inline.isra.0 (net/ipv6/rpl_iptunnel.c:174)\nRead of size 40 at addr ffff888122bf96d8 by task ping6/1543\n\nCPU: 50 UID: 0 PID: 1543 Comm: ping6 Not tainted 6.16.0-rc5-01302-gfadd1e6231b1 #23 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl (lib/dump_stack.c:122)\n print_report (mm/kasan/report.c:409 mm/kasan/report.c:521)\n kasan_report (mm/kasan/report.c:221 mm/kasan/report.c:636)\n kasan_check_range (mm/kasan/generic.c:175 (discriminator 1) mm/kasan/generic.c:189 (discriminator 1))\n __asan_memmove (mm/kasan/shadow.c:94 (discriminator 2))\n rpl_do_srh_inline.isra.0 (net/ipv6/rpl_iptunnel.c:174)\n rpl_input (net/ipv6/rpl_iptunnel.c:201 net/ipv6/rpl_iptunnel.c:282)\n lwtunnel_input (net/core/lwtunnel.c:459)\n ipv6_rcv (./include/net/dst.h:471 (discriminator 1) ./include/net/dst.h:469 (discriminator 1) net/ipv6/ip6_input.c:79 (discriminator 1) ./include/linux/netfilter.h:317 (discriminator 1) ./include/linux/netfilter.h:311 (discriminator 1) net/ipv6/ip6_input.c:311 (discriminator 1))\n __netif_receive_skb_one_core (net/core/dev.c:5967)\n process_backlog (./include/linux/rcupdate.h:869 net/core/dev.c:6440)\n __napi_poll.constprop.0 (net/core/dev.c:7452)\n net_rx_action (net/core/dev.c:7518 net/core/dev.c:7643)\n handle_softirqs (kernel/softirq.c:579)\n do_softirq (kernel/softirq.c:480 (discriminator 20))\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n __local_bh_enable_ip (kernel/softirq.c:407)\n __dev_queue_xmit (net/core/dev.c:4740)\n ip6_finish_output2 (./include/linux/netdevice.h:3358 ./include/net/neighbour.h:526 ./include/net/neighbour.h:540 net/ipv6/ip6_output.c:141)\n ip6_finish_output (net/ipv6/ip6_output.c:215 net/ipv6/ip6_output.c:226)\n ip6_output (./include/linux/netfilter.h:306 net/ipv6/ip6_output.c:248)\n ip6_send_skb (net/ipv6/ip6_output.c:1983)\n rawv6_sendmsg (net/ipv6/raw.c:588 net/ipv6/raw.c:918)\n __sys_sendto (net/socket.c:714 (discriminator 1) net/socket.c:729 (discriminator 1) net/socket.c:2228 (discriminator 1))\n __x64_sys_sendto (net/socket.c:2231)\n do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1))\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\nRIP: 0033:0x7f68cffb2a06\nCode: 5d e8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 75 19 83 e2 39 83 fa 08 75 11 e8 26 ff ff ff 66 0f 1f 44 00 00 48 8b 45 10 0f 05 \u003c48\u003e 8b 5d f8 c9 c3 0f 1f 40 00 f3 0f 1e fa 55 48 89 e5 48 83 ec 08\nRSP: 002b:00007ffefb7c53d0 EFLAGS: 00000202 ORIG_RAX: 000000000000002c\nRAX: ffffffffffffffda RBX: 0000564cd69f10a0 RCX: 00007f68cffb2a06\nRDX: 0000000000000040 RSI: 0000564cd69f10a4 RDI: 0000000000000003\nRBP: 00007ffefb7c53f0 R08: 0000564cd6a032ac R09: 000000000000001c\nR10: 0000000000000000 R11: 0000000000000202 R12: 0000564cd69f10a4\nR13: 0000000000000040 R14: 00007ffefb7c66e0 R15: 0000564cd69f10a0\n \u003c/TASK\u003e\n\nAllocated by task 1543:\n kasan_save_stack (mm/kasan/common.c:48)\n kasan_save_track (mm/kasan/common.c:60 (discriminator 1) mm/kasan/common.c:69 (discriminator 1))\n __kasan_slab_alloc (mm/kasan/common.c:319 mm/kasan/common.c:345)\n kmem_cache_alloc_node_noprof (./include/linux/kasan.h:250 mm/slub.c:4148 mm/slub.c:4197 mm/slub.c:4249)\n kmalloc_reserve (net/core/skbuff.c:581 (discriminator 88))\n __alloc_skb (net/core/skbuff.c:669)\n __ip6_append_data (net/ipv6/ip6_output.c:1672 (discriminator 1))\n ip6_\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38476",
"url": "https://www.suse.com/security/cve/CVE-2025-38476"
},
{
"category": "external",
"summary": "SUSE Bug 1247317 for CVE-2025-38476",
"url": "https://bugzilla.suse.com/1247317"
},
{
"category": "external",
"summary": "SUSE Bug 1251203 for CVE-2025-38476",
"url": "https://bugzilla.suse.com/1251203"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38476"
},
{
"cve": "CVE-2025-38477",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38477"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: sch_qfq: Fix race condition on qfq_aggregate\n\nA race condition can occur when \u0027agg\u0027 is modified in qfq_change_agg\n(called during qfq_enqueue) while other threads access it\nconcurrently. For example, qfq_dump_class may trigger a NULL\ndereference, and qfq_delete_class may cause a use-after-free.\n\nThis patch addresses the issue by:\n\n1. Moved qfq_destroy_class into the critical section.\n\n2. Added sch_tree_lock protection to qfq_dump_class and\nqfq_dump_class_stats.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38477",
"url": "https://www.suse.com/security/cve/CVE-2025-38477"
},
{
"category": "external",
"summary": "SUSE Bug 1247314 for CVE-2025-38477",
"url": "https://bugzilla.suse.com/1247314"
},
{
"category": "external",
"summary": "SUSE Bug 1247315 for CVE-2025-38477",
"url": "https://bugzilla.suse.com/1247315"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38477"
},
{
"cve": "CVE-2025-38478",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38478"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: Fix initialization of data for instructions that write to subdevice\n\nSome Comedi subdevice instruction handlers are known to access\ninstruction data elements beyond the first `insn-\u003en` elements in some\ncases. The `do_insn_ioctl()` and `do_insnlist_ioctl()` functions\nallocate at least `MIN_SAMPLES` (16) data elements to deal with this,\nbut they do not initialize all of that. For Comedi instruction codes\nthat write to the subdevice, the first `insn-\u003en` data elements are\ncopied from user-space, but the remaining elements are left\nuninitialized. That could be a problem if the subdevice instruction\nhandler reads the uninitialized data. Ensure that the first\n`MIN_SAMPLES` elements are initialized before calling these instruction\nhandlers, filling the uncopied elements with 0. For\n`do_insnlist_ioctl()`, the same data buffer elements are used for\nhandling a list of instructions, so ensure the first `MIN_SAMPLES`\nelements are initialized for each instruction that writes to the\nsubdevice.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38478",
"url": "https://www.suse.com/security/cve/CVE-2025-38478"
},
{
"category": "external",
"summary": "SUSE Bug 1247273 for CVE-2025-38478",
"url": "https://bugzilla.suse.com/1247273"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38478"
},
{
"cve": "CVE-2025-38480",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38480"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: Fix use of uninitialized data in insn_rw_emulate_bits()\n\nFor Comedi `INSN_READ` and `INSN_WRITE` instructions on \"digital\"\nsubdevices (subdevice types `COMEDI_SUBD_DI`, `COMEDI_SUBD_DO`, and\n`COMEDI_SUBD_DIO`), it is common for the subdevice driver not to have\n`insn_read` and `insn_write` handler functions, but to have an\n`insn_bits` handler function for handling Comedi `INSN_BITS`\ninstructions. In that case, the subdevice\u0027s `insn_read` and/or\n`insn_write` function handler pointers are set to point to the\n`insn_rw_emulate_bits()` function by `__comedi_device_postconfig()`.\n\nFor `INSN_WRITE`, `insn_rw_emulate_bits()` currently assumes that the\nsupplied `data[0]` value is a valid copy from user memory. It will at\nleast exist because `do_insnlist_ioctl()` and `do_insn_ioctl()` in\n\"comedi_fops.c\" ensure at lease `MIN_SAMPLES` (16) elements are\nallocated. However, if `insn-\u003en` is 0 (which is allowable for\n`INSN_READ` and `INSN_WRITE` instructions, then `data[0]` may contain\nuninitialized data, and certainly contains invalid data, possibly from a\ndifferent instruction in the array of instructions handled by\n`do_insnlist_ioctl()`. This will result in an incorrect value being\nwritten to the digital output channel (or to the digital input/output\nchannel if configured as an output), and may be reflected in the\ninternal saved state of the channel.\n\nFix it by returning 0 early if `insn-\u003en` is 0, before reaching the code\nthat accesses `data[0]`. Previously, the function always returned 1 on\nsuccess, but it is supposed to be the number of data samples actually\nread or written up to `insn-\u003en`, which is 0 in this case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38480",
"url": "https://www.suse.com/security/cve/CVE-2025-38480"
},
{
"category": "external",
"summary": "SUSE Bug 1247274 for CVE-2025-38480",
"url": "https://bugzilla.suse.com/1247274"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38480"
},
{
"cve": "CVE-2025-38481",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38481"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large\n\nThe handling of the `COMEDI_INSNLIST` ioctl allocates a kernel buffer to\nhold the array of `struct comedi_insn`, getting the length from the\n`n_insns` member of the `struct comedi_insnlist` supplied by the user.\nThe allocation will fail with a WARNING and a stack dump if it is too\nlarge.\n\nAvoid that by failing with an `-EINVAL` error if the supplied `n_insns`\nvalue is unreasonable.\n\nDefine the limit on the `n_insns` value in the `MAX_INSNS` macro. Set\nthis to the same value as `MAX_SAMPLES` (65536), which is the maximum\nallowed sum of the values of the member `n` in the array of `struct\ncomedi_insn`, and sensible comedi instructions will have an `n` of at\nleast 1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38481",
"url": "https://www.suse.com/security/cve/CVE-2025-38481"
},
{
"category": "external",
"summary": "SUSE Bug 1247276 for CVE-2025-38481",
"url": "https://bugzilla.suse.com/1247276"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "low"
}
],
"title": "CVE-2025-38481"
},
{
"cve": "CVE-2025-38482",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38482"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: das6402: Fix bit shift out of bounds\n\nWhen checking for a supported IRQ number, the following test is used:\n\n\t/* IRQs 2,3,5,6,7, 10,11,15 are valid for \"enhanced\" mode */\n\tif ((1 \u003c\u003c it-\u003eoptions[1]) \u0026 0x8cec) {\n\nHowever, `it-\u003eoptions[i]` is an unchecked `int` value from userspace, so\nthe shift amount could be negative or out of bounds. Fix the test by\nrequiring `it-\u003eoptions[1]` to be within bounds before proceeding with\nthe original test. Valid `it-\u003eoptions[1]` values that select the IRQ\nwill be in the range [1,15]. The value 0 explicitly disables the use of\ninterrupts.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38482",
"url": "https://www.suse.com/security/cve/CVE-2025-38482"
},
{
"category": "external",
"summary": "SUSE Bug 1247277 for CVE-2025-38482",
"url": "https://bugzilla.suse.com/1247277"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38482"
},
{
"cve": "CVE-2025-38483",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38483"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: das16m1: Fix bit shift out of bounds\n\nWhen checking for a supported IRQ number, the following test is used:\n\n\t/* only irqs 2, 3, 4, 5, 6, 7, 10, 11, 12, 14, and 15 are valid */\n\tif ((1 \u003c\u003c it-\u003eoptions[1]) \u0026 0xdcfc) {\n\nHowever, `it-\u003eoptions[i]` is an unchecked `int` value from userspace, so\nthe shift amount could be negative or out of bounds. Fix the test by\nrequiring `it-\u003eoptions[1]` to be within bounds before proceeding with\nthe original test.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38483",
"url": "https://www.suse.com/security/cve/CVE-2025-38483"
},
{
"category": "external",
"summary": "SUSE Bug 1247278 for CVE-2025-38483",
"url": "https://bugzilla.suse.com/1247278"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38483"
},
{
"cve": "CVE-2025-38484",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38484"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: backend: fix out-of-bound write\n\nThe buffer is set to 80 character. If a caller write more characters,\ncount is truncated to the max available space in \"simple_write_to_buffer\".\nBut afterwards a string terminator is written to the buffer at offset count\nwithout boundary check. The zero termination is written OUT-OF-BOUND.\n\nAdd a check that the given buffer is smaller then the buffer to prevent.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38484",
"url": "https://www.suse.com/security/cve/CVE-2025-38484"
},
{
"category": "external",
"summary": "SUSE Bug 1247235 for CVE-2025-38484",
"url": "https://bugzilla.suse.com/1247235"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38484"
},
{
"cve": "CVE-2025-38485",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38485"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush\n\nfxls8962af_fifo_flush() uses indio_dev-\u003eactive_scan_mask (with\niio_for_each_active_channel()) without making sure the indio_dev\nstays in buffer mode.\nThere is a race if indio_dev exits buffer mode in the middle of the\ninterrupt that flushes the fifo. Fix this by calling\nsynchronize_irq() to ensure that no interrupt is currently running when\ndisabling buffer mode.\n\nUnable to handle kernel NULL pointer dereference at virtual address 00000000 when read\n[...]\n_find_first_bit_le from fxls8962af_fifo_flush+0x17c/0x290\nfxls8962af_fifo_flush from fxls8962af_interrupt+0x80/0x178\nfxls8962af_interrupt from irq_thread_fn+0x1c/0x7c\nirq_thread_fn from irq_thread+0x110/0x1f4\nirq_thread from kthread+0xe0/0xfc\nkthread from ret_from_fork+0x14/0x2c",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38485",
"url": "https://www.suse.com/security/cve/CVE-2025-38485"
},
{
"category": "external",
"summary": "SUSE Bug 1247236 for CVE-2025-38485",
"url": "https://bugzilla.suse.com/1247236"
},
{
"category": "external",
"summary": "SUSE Bug 1247237 for CVE-2025-38485",
"url": "https://bugzilla.suse.com/1247237"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38485"
},
{
"cve": "CVE-2025-38487",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38487"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: aspeed: lpc-snoop: Don\u0027t disable channels that aren\u0027t enabled\n\nMitigate e.g. the following:\n\n # echo 1e789080.lpc-snoop \u003e /sys/bus/platform/drivers/aspeed-lpc-snoop/unbind\n ...\n [ 120.363594] Unable to handle kernel NULL pointer dereference at virtual address 00000004 when write\n [ 120.373866] [00000004] *pgd=00000000\n [ 120.377910] Internal error: Oops: 805 [#1] SMP ARM\n [ 120.383306] CPU: 1 UID: 0 PID: 315 Comm: sh Not tainted 6.15.0-rc1-00009-g926217bc7d7d-dirty #20 NONE\n ...\n [ 120.679543] Call trace:\n [ 120.679559] misc_deregister from aspeed_lpc_snoop_remove+0x84/0xac\n [ 120.692462] aspeed_lpc_snoop_remove from platform_remove+0x28/0x38\n [ 120.700996] platform_remove from device_release_driver_internal+0x188/0x200\n ...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38487",
"url": "https://www.suse.com/security/cve/CVE-2025-38487"
},
{
"category": "external",
"summary": "SUSE Bug 1247238 for CVE-2025-38487",
"url": "https://bugzilla.suse.com/1247238"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38487"
},
{
"cve": "CVE-2025-38488",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38488"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix use-after-free in crypt_message when using async crypto\n\nThe CVE-2024-50047 fix removed asynchronous crypto handling from\ncrypt_message(), assuming all crypto operations are synchronous.\nHowever, when hardware crypto accelerators are used, this can cause\nuse-after-free crashes:\n\n crypt_message()\n // Allocate the creq buffer containing the req\n creq = smb2_get_aead_req(..., \u0026req);\n\n // Async encryption returns -EINPROGRESS immediately\n rc = enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req);\n\n // Free creq while async operation is still in progress\n kvfree_sensitive(creq, ...);\n\nHardware crypto modules often implement async AEAD operations for\nperformance. When crypto_aead_encrypt/decrypt() returns -EINPROGRESS,\nthe operation completes asynchronously. Without crypto_wait_req(),\nthe function immediately frees the request buffer, leading to crashes\nwhen the driver later accesses the freed memory.\n\nThis results in a use-after-free condition when the hardware crypto\ndriver later accesses the freed request structure, leading to kernel\ncrashes with NULL pointer dereferences.\n\nThe issue occurs because crypto_alloc_aead() with mask=0 doesn\u0027t\nguarantee synchronous operation. Even without CRYPTO_ALG_ASYNC in\nthe mask, async implementations can be selected.\n\nFix by restoring the async crypto handling:\n- DECLARE_CRYPTO_WAIT(wait) for completion tracking\n- aead_request_set_callback() for async completion notification\n- crypto_wait_req() to wait for operation completion\n\nThis ensures the request buffer isn\u0027t freed until the crypto operation\ncompletes, whether synchronous or asynchronous, while preserving the\nCVE-2024-50047 fix.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38488",
"url": "https://www.suse.com/security/cve/CVE-2025-38488"
},
{
"category": "external",
"summary": "SUSE Bug 1247239 for CVE-2025-38488",
"url": "https://bugzilla.suse.com/1247239"
},
{
"category": "external",
"summary": "SUSE Bug 1247240 for CVE-2025-38488",
"url": "https://bugzilla.suse.com/1247240"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38488"
},
{
"cve": "CVE-2025-38489",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38489"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again\n\nCommit 7ded842b356d (\"s390/bpf: Fix bpf_plt pointer arithmetic\") has\naccidentally removed the critical piece of commit c730fce7c70c\n(\"s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL\"), causing\nintermittent kernel panics in e.g. perf\u0027s on_switch() prog to reappear.\n\nRestore the fix and add a comment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38489",
"url": "https://www.suse.com/security/cve/CVE-2025-38489"
},
{
"category": "external",
"summary": "SUSE Bug 1247241 for CVE-2025-38489",
"url": "https://bugzilla.suse.com/1247241"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38489"
},
{
"cve": "CVE-2025-38490",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38490"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: libwx: remove duplicate page_pool_put_full_page()\n\npage_pool_put_full_page() should only be invoked when freeing Rx buffers\nor building a skb if the size is too short. At other times, the pages\nneed to be reused. So remove the redundant page put. In the original\ncode, double free pages cause kernel panic:\n\n[ 876.949834] __irq_exit_rcu+0xc7/0x130\n[ 876.949836] common_interrupt+0xb8/0xd0\n[ 876.949838] \u003c/IRQ\u003e\n[ 876.949838] \u003cTASK\u003e\n[ 876.949840] asm_common_interrupt+0x22/0x40\n[ 876.949841] RIP: 0010:cpuidle_enter_state+0xc2/0x420\n[ 876.949843] Code: 00 00 e8 d1 1d 5e ff e8 ac f0 ff ff 49 89 c5 0f 1f 44 00 00 31 ff e8 cd fc 5c ff 45 84 ff 0f 85 40 02 00 00 fb 0f 1f 44 00 00 \u003c45\u003e 85 f6 0f 88 84 01 00 00 49 63 d6 48 8d 04 52 48 8d 04 82 49 8d\n[ 876.949844] RSP: 0018:ffffaa7340267e78 EFLAGS: 00000246\n[ 876.949845] RAX: ffff9e3f135be000 RBX: 0000000000000002 RCX: 0000000000000000\n[ 876.949846] RDX: 000000cc2dc4cb7c RSI: ffffffff89ee49ae RDI: ffffffff89ef9f9e\n[ 876.949847] RBP: ffff9e378f940800 R08: 0000000000000002 R09: 00000000000000ed\n[ 876.949848] R10: 000000000000afc8 R11: ffff9e3e9e5a9b6c R12: ffffffff8a6d8580\n[ 876.949849] R13: 000000cc2dc4cb7c R14: 0000000000000002 R15: 0000000000000000\n[ 876.949852] ? cpuidle_enter_state+0xb3/0x420\n[ 876.949855] cpuidle_enter+0x29/0x40\n[ 876.949857] cpuidle_idle_call+0xfd/0x170\n[ 876.949859] do_idle+0x7a/0xc0\n[ 876.949861] cpu_startup_entry+0x25/0x30\n[ 876.949862] start_secondary+0x117/0x140\n[ 876.949864] common_startup_64+0x13e/0x148\n[ 876.949867] \u003c/TASK\u003e\n[ 876.949868] ---[ end trace 0000000000000000 ]---\n[ 876.949869] ------------[ cut here ]------------\n[ 876.949870] list_del corruption, ffffead40445a348-\u003enext is NULL\n[ 876.949873] WARNING: CPU: 14 PID: 0 at lib/list_debug.c:52 __list_del_entry_valid_or_report+0x67/0x120\n[ 876.949875] Modules linked in: snd_hrtimer(E) bnep(E) binfmt_misc(E) amdgpu(E) squashfs(E) vfat(E) loop(E) fat(E) amd_atl(E) snd_hda_codec_realtek(E) intel_rapl_msr(E) snd_hda_codec_generic(E) intel_rapl_common(E) snd_hda_scodec_component(E) snd_hda_codec_hdmi(E) snd_hda_intel(E) edac_mce_amd(E) snd_intel_dspcfg(E) snd_hda_codec(E) snd_hda_core(E) amdxcp(E) kvm_amd(E) snd_hwdep(E) gpu_sched(E) drm_panel_backlight_quirks(E) cec(E) snd_pcm(E) drm_buddy(E) snd_seq_dummy(E) drm_ttm_helper(E) btusb(E) kvm(E) snd_seq_oss(E) btrtl(E) ttm(E) btintel(E) snd_seq_midi(E) btbcm(E) drm_exec(E) snd_seq_midi_event(E) i2c_algo_bit(E) snd_rawmidi(E) bluetooth(E) drm_suballoc_helper(E) irqbypass(E) snd_seq(E) ghash_clmulni_intel(E) sha512_ssse3(E) drm_display_helper(E) aesni_intel(E) snd_seq_device(E) rfkill(E) snd_timer(E) gf128mul(E) drm_client_lib(E) drm_kms_helper(E) snd(E) i2c_piix4(E) joydev(E) soundcore(E) wmi_bmof(E) ccp(E) k10temp(E) i2c_smbus(E) gpio_amdpt(E) i2c_designware_platform(E) gpio_generic(E) sg(E)\n[ 876.949914] i2c_designware_core(E) sch_fq_codel(E) parport_pc(E) drm(E) ppdev(E) lp(E) parport(E) fuse(E) nfnetlink(E) ip_tables(E) ext4 crc16 mbcache jbd2 sd_mod sfp mdio_i2c i2c_core txgbe ahci ngbe pcs_xpcs libahci libwx r8169 phylink libata realtek ptp pps_core video wmi\n[ 876.949933] CPU: 14 UID: 0 PID: 0 Comm: swapper/14 Kdump: loaded Tainted: G W E 6.16.0-rc2+ #20 PREEMPT(voluntary)\n[ 876.949935] Tainted: [W]=WARN, [E]=UNSIGNED_MODULE\n[ 876.949936] Hardware name: Micro-Star International Co., Ltd. MS-7E16/X670E GAMING PLUS WIFI (MS-7E16), BIOS 1.90 12/31/2024\n[ 876.949936] RIP: 0010:__list_del_entry_valid_or_report+0x67/0x120\n[ 876.949938] Code: 00 00 00 48 39 7d 08 0f 85 a6 00 00 00 5b b8 01 00 00 00 5d 41 5c e9 73 0d 93 ff 48 89 fe 48 c7 c7 a0 31 e8 89 e8 59 7c b3 ff \u003c0f\u003e 0b 31 c0 5b 5d 41 5c e9 57 0d 93 ff 48 89 fe 48 c7 c7 c8 31 e8\n[ 876.949940] RSP: 0018:ffffaa73405d0c60 EFLAGS: 00010282\n[ 876.949941] RAX: 0000000000000000 RBX: ffffead40445a348 RCX: 0000000000000000\n[ 876.949942] RDX: 0000000000000105 RSI: 00000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38490",
"url": "https://www.suse.com/security/cve/CVE-2025-38490"
},
{
"category": "external",
"summary": "SUSE Bug 1247243 for CVE-2025-38490",
"url": "https://bugzilla.suse.com/1247243"
},
{
"category": "external",
"summary": "SUSE Bug 1247384 for CVE-2025-38490",
"url": "https://bugzilla.suse.com/1247384"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38490"
},
{
"cve": "CVE-2025-38491",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38491"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: make fallback action and fallback decision atomic\n\nSyzkaller reported the following splat:\n\n WARNING: CPU: 1 PID: 7704 at net/mptcp/protocol.h:1223 __mptcp_do_fallback net/mptcp/protocol.h:1223 [inline]\n WARNING: CPU: 1 PID: 7704 at net/mptcp/protocol.h:1223 mptcp_do_fallback net/mptcp/protocol.h:1244 [inline]\n WARNING: CPU: 1 PID: 7704 at net/mptcp/protocol.h:1223 check_fully_established net/mptcp/options.c:982 [inline]\n WARNING: CPU: 1 PID: 7704 at net/mptcp/protocol.h:1223 mptcp_incoming_options+0x21a8/0x2510 net/mptcp/options.c:1153\n Modules linked in:\n CPU: 1 UID: 0 PID: 7704 Comm: syz.3.1419 Not tainted 6.16.0-rc3-gbd5ce2324dba #20 PREEMPT(voluntary)\n Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n RIP: 0010:__mptcp_do_fallback net/mptcp/protocol.h:1223 [inline]\n RIP: 0010:mptcp_do_fallback net/mptcp/protocol.h:1244 [inline]\n RIP: 0010:check_fully_established net/mptcp/options.c:982 [inline]\n RIP: 0010:mptcp_incoming_options+0x21a8/0x2510 net/mptcp/options.c:1153\n Code: 24 18 e8 bb 2a 00 fd e9 1b df ff ff e8 b1 21 0f 00 e8 ec 5f c4 fc 44 0f b7 ac 24 b0 00 00 00 e9 54 f1 ff ff e8 d9 5f c4 fc 90 \u003c0f\u003e 0b 90 e9 b8 f4 ff ff e8 8b 2a 00 fd e9 8d e6 ff ff e8 81 2a 00\n RSP: 0018:ffff8880a3f08448 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: ffff8880180a8000 RCX: ffffffff84afcf45\n RDX: ffff888090223700 RSI: ffffffff84afdaa7 RDI: 0000000000000001\n RBP: ffff888017955780 R08: 0000000000000001 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000\n R13: ffff8880180a8910 R14: ffff8880a3e9d058 R15: 0000000000000000\n FS: 00005555791b8500(0000) GS:ffff88811c495000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000110c2800b7 CR3: 0000000058e44000 CR4: 0000000000350ef0\n Call Trace:\n \u003cIRQ\u003e\n tcp_reset+0x26f/0x2b0 net/ipv4/tcp_input.c:4432\n tcp_validate_incoming+0x1057/0x1b60 net/ipv4/tcp_input.c:5975\n tcp_rcv_established+0x5b5/0x21f0 net/ipv4/tcp_input.c:6166\n tcp_v4_do_rcv+0x5dc/0xa70 net/ipv4/tcp_ipv4.c:1925\n tcp_v4_rcv+0x3473/0x44a0 net/ipv4/tcp_ipv4.c:2363\n ip_protocol_deliver_rcu+0xba/0x480 net/ipv4/ip_input.c:205\n ip_local_deliver_finish+0x2f1/0x500 net/ipv4/ip_input.c:233\n NF_HOOK include/linux/netfilter.h:317 [inline]\n NF_HOOK include/linux/netfilter.h:311 [inline]\n ip_local_deliver+0x1be/0x560 net/ipv4/ip_input.c:254\n dst_input include/net/dst.h:469 [inline]\n ip_rcv_finish net/ipv4/ip_input.c:447 [inline]\n NF_HOOK include/linux/netfilter.h:317 [inline]\n NF_HOOK include/linux/netfilter.h:311 [inline]\n ip_rcv+0x514/0x810 net/ipv4/ip_input.c:567\n __netif_receive_skb_one_core+0x197/0x1e0 net/core/dev.c:5975\n __netif_receive_skb+0x1f/0x120 net/core/dev.c:6088\n process_backlog+0x301/0x1360 net/core/dev.c:6440\n __napi_poll.constprop.0+0xba/0x550 net/core/dev.c:7453\n napi_poll net/core/dev.c:7517 [inline]\n net_rx_action+0xb44/0x1010 net/core/dev.c:7644\n handle_softirqs+0x1d0/0x770 kernel/softirq.c:579\n do_softirq+0x3f/0x90 kernel/softirq.c:480\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n __local_bh_enable_ip+0xed/0x110 kernel/softirq.c:407\n local_bh_enable include/linux/bottom_half.h:33 [inline]\n inet_csk_listen_stop+0x2c5/0x1070 net/ipv4/inet_connection_sock.c:1524\n mptcp_check_listen_stop.part.0+0x1cc/0x220 net/mptcp/protocol.c:2985\n mptcp_check_listen_stop net/mptcp/mib.h:118 [inline]\n __mptcp_close+0x9b9/0xbd0 net/mptcp/protocol.c:3000\n mptcp_close+0x2f/0x140 net/mptcp/protocol.c:3066\n inet_release+0xed/0x200 net/ipv4/af_inet.c:435\n inet6_release+0x4f/0x70 net/ipv6/af_inet6.c:487\n __sock_release+0xb3/0x270 net/socket.c:649\n sock_close+0x1c/0x30 net/socket.c:1439\n __fput+0x402/0xb70 fs/file_table.c:465\n task_work_run+0x150/0x240 kernel/task_work.c:227\n resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]\n exit_to_user_mode_loop+0xd4\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38491",
"url": "https://www.suse.com/security/cve/CVE-2025-38491"
},
{
"category": "external",
"summary": "SUSE Bug 1247280 for CVE-2025-38491",
"url": "https://bugzilla.suse.com/1247280"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38491"
},
{
"cve": "CVE-2025-38493",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38493"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/osnoise: Fix crash in timerlat_dump_stack()\n\nWe have observed kernel panics when using timerlat with stack saving,\nwith the following dmesg output:\n\nmemcpy: detected buffer overflow: 88 byte write of buffer size 0\nWARNING: CPU: 2 PID: 8153 at lib/string_helpers.c:1032 __fortify_report+0x55/0xa0\nCPU: 2 UID: 0 PID: 8153 Comm: timerlatu/2 Kdump: loaded Not tainted 6.15.3-200.fc42.x86_64 #1 PREEMPT(lazy)\nCall Trace:\n \u003cTASK\u003e\n ? trace_buffer_lock_reserve+0x2a/0x60\n __fortify_panic+0xd/0xf\n __timerlat_dump_stack.cold+0xd/0xd\n timerlat_dump_stack.part.0+0x47/0x80\n timerlat_fd_read+0x36d/0x390\n vfs_read+0xe2/0x390\n ? syscall_exit_to_user_mode+0x1d5/0x210\n ksys_read+0x73/0xe0\n do_syscall_64+0x7b/0x160\n ? exc_page_fault+0x7e/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n__timerlat_dump_stack() constructs the ftrace stack entry like this:\n\nstruct stack_entry *entry;\n...\nmemcpy(\u0026entry-\u003ecaller, fstack-\u003ecalls, size);\nentry-\u003esize = fstack-\u003enr_entries;\n\nSince commit e7186af7fb26 (\"tracing: Add back FORTIFY_SOURCE logic to\nkernel_stack event structure\"), struct stack_entry marks its caller\nfield with __counted_by(size). At the time of the memcpy, entry-\u003esize\ncontains garbage from the ringbuffer, which under some circumstances is\nzero, triggering a kernel panic by buffer overflow.\n\nPopulate the size field before the memcpy so that the out-of-bounds\ncheck knows the correct size. This is analogous to\n__ftrace_trace_stack().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38493",
"url": "https://www.suse.com/security/cve/CVE-2025-38493"
},
{
"category": "external",
"summary": "SUSE Bug 1247283 for CVE-2025-38493",
"url": "https://bugzilla.suse.com/1247283"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38493"
},
{
"cve": "CVE-2025-38494",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38494"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: do not bypass hid_hw_raw_request\n\nhid_hw_raw_request() is actually useful to ensure the provided buffer\nand length are valid. Directly calling in the low level transport driver\nfunction bypassed those checks and allowed invalid paramto be used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38494",
"url": "https://www.suse.com/security/cve/CVE-2025-38494"
},
{
"category": "external",
"summary": "SUSE Bug 1247349 for CVE-2025-38494",
"url": "https://bugzilla.suse.com/1247349"
},
{
"category": "external",
"summary": "SUSE Bug 1247350 for CVE-2025-38494",
"url": "https://bugzilla.suse.com/1247350"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38494"
},
{
"cve": "CVE-2025-38495",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38495"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: ensure the allocated report buffer can contain the reserved report ID\n\nWhen the report ID is not used, the low level transport drivers expect\nthe first byte to be 0. However, currently the allocated buffer not\naccount for that extra byte, meaning that instead of having 8 guaranteed\nbytes for implement to be working, we only have 7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38495",
"url": "https://www.suse.com/security/cve/CVE-2025-38495"
},
{
"category": "external",
"summary": "SUSE Bug 1247348 for CVE-2025-38495",
"url": "https://bugzilla.suse.com/1247348"
},
{
"category": "external",
"summary": "SUSE Bug 1247351 for CVE-2025-38495",
"url": "https://bugzilla.suse.com/1247351"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38495"
},
{
"cve": "CVE-2025-38496",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38496"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-bufio: fix sched in atomic context\n\nIf \"try_verify_in_tasklet\" is set for dm-verity, DM_BUFIO_CLIENT_NO_SLEEP\nis enabled for dm-bufio. However, when bufio tries to evict buffers, there\nis a chance to trigger scheduling in spin_lock_bh, the following warning\nis hit:\n\nBUG: sleeping function called from invalid context at drivers/md/dm-bufio.c:2745\nin_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 123, name: kworker/2:2\npreempt_count: 201, expected: 0\nRCU nest depth: 0, expected: 0\n4 locks held by kworker/2:2/123:\n #0: ffff88800a2d1548 ((wq_completion)dm_bufio_cache){....}-{0:0}, at: process_one_work+0xe46/0x1970\n #1: ffffc90000d97d20 ((work_completion)(\u0026dm_bufio_replacement_work)){....}-{0:0}, at: process_one_work+0x763/0x1970\n #2: ffffffff8555b528 (dm_bufio_clients_lock){....}-{3:3}, at: do_global_cleanup+0x1ce/0x710\n #3: ffff88801d5820b8 (\u0026c-\u003espinlock){....}-{2:2}, at: do_global_cleanup+0x2a5/0x710\nPreemption disabled at:\n[\u003c0000000000000000\u003e] 0x0\nCPU: 2 UID: 0 PID: 123 Comm: kworker/2:2 Not tainted 6.16.0-rc3-g90548c634bd0 #305 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nWorkqueue: dm_bufio_cache do_global_cleanup\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x53/0x70\n __might_resched+0x360/0x4e0\n do_global_cleanup+0x2f5/0x710\n process_one_work+0x7db/0x1970\n worker_thread+0x518/0xea0\n kthread+0x359/0x690\n ret_from_fork+0xf3/0x1b0\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nThat can be reproduced by:\n\n veritysetup format --data-block-size=4096 --hash-block-size=4096 /dev/vda /dev/vdb\n SIZE=$(blockdev --getsz /dev/vda)\n dmsetup create myverity -r --table \"0 $SIZE verity 1 /dev/vda /dev/vdb 4096 4096 \u003cdata_blocks\u003e 1 sha256 \u003croot_hash\u003e \u003csalt\u003e 1 try_verify_in_tasklet\"\n mount /dev/dm-0 /mnt -o ro\n echo 102400 \u003e /sys/module/dm_bufio/parameters/max_cache_size_bytes\n [read files in /mnt]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38496",
"url": "https://www.suse.com/security/cve/CVE-2025-38496"
},
{
"category": "external",
"summary": "SUSE Bug 1247284 for CVE-2025-38496",
"url": "https://bugzilla.suse.com/1247284"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38496"
},
{
"cve": "CVE-2025-38497",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38497"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: configfs: Fix OOB read on empty string write\n\nWhen writing an empty string to either \u0027qw_sign\u0027 or \u0027landingPage\u0027\nsysfs attributes, the store functions attempt to access page[l - 1]\nbefore validating that the length \u0027l\u0027 is greater than zero.\n\nThis patch fixes the vulnerability by adding a check at the beginning\nof os_desc_qw_sign_store() and webusb_landingPage_store() to handle\nthe zero-length input case gracefully by returning immediately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38497",
"url": "https://www.suse.com/security/cve/CVE-2025-38497"
},
{
"category": "external",
"summary": "SUSE Bug 1247347 for CVE-2025-38497",
"url": "https://bugzilla.suse.com/1247347"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38497"
},
{
"cve": "CVE-2025-38499",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38499"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns\n\nWhat we want is to verify there is that clone won\u0027t expose something\nhidden by a mount we wouldn\u0027t be able to undo. \"Wouldn\u0027t be able to undo\"\nmay be a result of MNT_LOCKED on a child, but it may also come from\nlacking admin rights in the userns of the namespace mount belongs to.\n\nclone_private_mnt() checks the former, but not the latter.\n\nThere\u0027s a number of rather confusing CAP_SYS_ADMIN checks in various\nuserns during the mount, especially with the new mount API; they serve\ndifferent purposes and in case of clone_private_mnt() they usually,\nbut not always end up covering the missing check mentioned above.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38499",
"url": "https://www.suse.com/security/cve/CVE-2025-38499"
},
{
"category": "external",
"summary": "SUSE Bug 1247976 for CVE-2025-38499",
"url": "https://bugzilla.suse.com/1247976"
},
{
"category": "external",
"summary": "SUSE Bug 1248673 for CVE-2025-38499",
"url": "https://bugzilla.suse.com/1248673"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38499"
},
{
"cve": "CVE-2025-38500",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38500"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: interface: fix use-after-free after changing collect_md xfrm interface\n\ncollect_md property on xfrm interfaces can only be set on device creation,\nthus xfrmi_changelink() should fail when called on such interfaces.\n\nThe check to enforce this was done only in the case where the xi was\nreturned from xfrmi_locate() which doesn\u0027t look for the collect_md\ninterface, and thus the validation was never reached.\n\nCalling changelink would thus errornously place the special interface xi\nin the xfrmi_net-\u003exfrmi hash, but since it also exists in the\nxfrmi_net-\u003ecollect_md_xfrmi pointer it would lead to a double free when\nthe net namespace was taken down [1].\n\nChange the check to use the xi from netdev_priv which is available earlier\nin the function to prevent changes in xfrm collect_md interfaces.\n\n[1] resulting oops:\n[ 8.516540] kernel BUG at net/core/dev.c:12029!\n[ 8.516552] Oops: invalid opcode: 0000 [#1] SMP NOPTI\n[ 8.516559] CPU: 0 UID: 0 PID: 12 Comm: kworker/u80:0 Not tainted 6.15.0-virtme #5 PREEMPT(voluntary)\n[ 8.516565] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 8.516569] Workqueue: netns cleanup_net\n[ 8.516579] RIP: 0010:unregister_netdevice_many_notify+0x101/0xab0\n[ 8.516590] Code: 90 0f 0b 90 48 8b b0 78 01 00 00 48 8b 90 80 01 00 00 48 89 56 08 48 89 32 4c 89 80 78 01 00 00 48 89 b8 80 01 00 00 eb ac 90 \u003c0f\u003e 0b 48 8b 45 00 4c 8d a0 88 fe ff ff 48 39 c5 74 5c 41 80 bc 24\n[ 8.516593] RSP: 0018:ffffa93b8006bd30 EFLAGS: 00010206\n[ 8.516598] RAX: ffff98fe4226e000 RBX: ffffa93b8006bd58 RCX: ffffa93b8006bc60\n[ 8.516601] RDX: 0000000000000004 RSI: 0000000000000000 RDI: dead000000000122\n[ 8.516603] RBP: ffffa93b8006bdd8 R08: dead000000000100 R09: ffff98fe4133c100\n[ 8.516605] R10: 0000000000000000 R11: 00000000000003d2 R12: ffffa93b8006be00\n[ 8.516608] R13: ffffffff96c1a510 R14: ffffffff96c1a510 R15: ffffa93b8006be00\n[ 8.516615] FS: 0000000000000000(0000) GS:ffff98fee73b7000(0000) knlGS:0000000000000000\n[ 8.516619] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 8.516622] CR2: 00007fcd2abd0700 CR3: 000000003aa40000 CR4: 0000000000752ef0\n[ 8.516625] PKRU: 55555554\n[ 8.516627] Call Trace:\n[ 8.516632] \u003cTASK\u003e\n[ 8.516635] ? rtnl_is_locked+0x15/0x20\n[ 8.516641] ? unregister_netdevice_queue+0x29/0xf0\n[ 8.516650] ops_undo_list+0x1f2/0x220\n[ 8.516659] cleanup_net+0x1ad/0x2e0\n[ 8.516664] process_one_work+0x160/0x380\n[ 8.516673] worker_thread+0x2aa/0x3c0\n[ 8.516679] ? __pfx_worker_thread+0x10/0x10\n[ 8.516686] kthread+0xfb/0x200\n[ 8.516690] ? __pfx_kthread+0x10/0x10\n[ 8.516693] ? __pfx_kthread+0x10/0x10\n[ 8.516697] ret_from_fork+0x82/0xf0\n[ 8.516705] ? __pfx_kthread+0x10/0x10\n[ 8.516709] ret_from_fork_asm+0x1a/0x30\n[ 8.516718] \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38500",
"url": "https://www.suse.com/security/cve/CVE-2025-38500"
},
{
"category": "external",
"summary": "SUSE Bug 1248088 for CVE-2025-38500",
"url": "https://bugzilla.suse.com/1248088"
},
{
"category": "external",
"summary": "SUSE Bug 1248672 for CVE-2025-38500",
"url": "https://bugzilla.suse.com/1248672"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38500"
},
{
"cve": "CVE-2025-38503",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38503"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix assertion when building free space tree\n\nWhen building the free space tree with the block group tree feature\nenabled, we can hit an assertion failure like this:\n\n BTRFS info (device loop0 state M): rebuilding free space tree\n assertion failed: ret == 0, in fs/btrfs/free-space-tree.c:1102\n ------------[ cut here ]------------\n kernel BUG at fs/btrfs/free-space-tree.c:1102!\n Internal error: Oops - BUG: 00000000f2000800 [#1] SMP\n Modules linked in:\n CPU: 1 UID: 0 PID: 6592 Comm: syz-executor322 Not tainted 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\n pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : populate_free_space_tree+0x514/0x518 fs/btrfs/free-space-tree.c:1102\n lr : populate_free_space_tree+0x514/0x518 fs/btrfs/free-space-tree.c:1102\n sp : ffff8000a4ce7600\n x29: ffff8000a4ce76e0 x28: ffff0000c9bc6000 x27: ffff0000ddfff3d8\n x26: ffff0000ddfff378 x25: dfff800000000000 x24: 0000000000000001\n x23: ffff8000a4ce7660 x22: ffff70001499cecc x21: ffff0000e1d8c160\n x20: ffff0000e1cb7800 x19: ffff0000e1d8c0b0 x18: 00000000ffffffff\n x17: ffff800092f39000 x16: ffff80008ad27e48 x15: ffff700011e740c0\n x14: 1ffff00011e740c0 x13: 0000000000000004 x12: ffffffffffffffff\n x11: ffff700011e740c0 x10: 0000000000ff0100 x9 : 94ef24f55d2dbc00\n x8 : 94ef24f55d2dbc00 x7 : 0000000000000001 x6 : 0000000000000001\n x5 : ffff8000a4ce6f98 x4 : ffff80008f415ba0 x3 : ffff800080548ef0\n x2 : 0000000000000000 x1 : 0000000100000000 x0 : 000000000000003e\n Call trace:\n populate_free_space_tree+0x514/0x518 fs/btrfs/free-space-tree.c:1102 (P)\n btrfs_rebuild_free_space_tree+0x14c/0x54c fs/btrfs/free-space-tree.c:1337\n btrfs_start_pre_rw_mount+0xa78/0xe10 fs/btrfs/disk-io.c:3074\n btrfs_remount_rw fs/btrfs/super.c:1319 [inline]\n btrfs_reconfigure+0x828/0x2418 fs/btrfs/super.c:1543\n reconfigure_super+0x1d4/0x6f0 fs/super.c:1083\n do_remount fs/namespace.c:3365 [inline]\n path_mount+0xb34/0xde0 fs/namespace.c:4200\n do_mount fs/namespace.c:4221 [inline]\n __do_sys_mount fs/namespace.c:4432 [inline]\n __se_sys_mount fs/namespace.c:4409 [inline]\n __arm64_sys_mount+0x3e8/0x468 fs/namespace.c:4409\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x58/0x17c arch/arm64/kernel/entry-common.c:767\n el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:786\n el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600\n Code: f0047182 91178042 528089c3 9771d47b (d4210000)\n ---[ end trace 0000000000000000 ]---\n\nThis happens because we are processing an empty block group, which has\nno extents allocated from it, there are no items for this block group,\nincluding the block group item since block group items are stored in a\ndedicated tree when using the block group tree feature. It also means\nthis is the block group with the highest start offset, so there are no\nhigher keys in the extent root, hence btrfs_search_slot_for_read()\nreturns 1 (no higher key found).\n\nFix this by asserting \u0027ret\u0027 is 0 only if the block group tree feature\nis not enabled, in which case we should find a block group item for\nthe block group since it\u0027s stored in the extent root and block group\nitem keys are greater than extent item keys (the value for\nBTRFS_BLOCK_GROUP_ITEM_KEY is 192 and for BTRFS_EXTENT_ITEM_KEY and\nBTRFS_METADATA_ITEM_KEY the values are 168 and 169 respectively).\nIn case \u0027ret\u0027 is 1, we just need to add a record to the free space\ntree which spans the whole block group, and we can achieve this by\nmaking \u0027ret == 0\u0027 as the while loop\u0027s condition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38503",
"url": "https://www.suse.com/security/cve/CVE-2025-38503"
},
{
"category": "external",
"summary": "SUSE Bug 1248183 for CVE-2025-38503",
"url": "https://bugzilla.suse.com/1248183"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38503"
},
{
"cve": "CVE-2025-38506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38506"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Allow CPU to reschedule while setting per-page memory attributes\n\nWhen running an SEV-SNP guest with a sufficiently large amount of memory (1TB+),\nthe host can experience CPU soft lockups when running an operation in\nkvm_vm_set_mem_attributes() to set memory attributes on the whole\nrange of guest memory.\n\nwatchdog: BUG: soft lockup - CPU#8 stuck for 26s! [qemu-kvm:6372]\nCPU: 8 UID: 0 PID: 6372 Comm: qemu-kvm Kdump: loaded Not tainted 6.15.0-rc7.20250520.el9uek.rc1.x86_64 #1 PREEMPT(voluntary)\nHardware name: Oracle Corporation ORACLE SERVER E4-2c/Asm,MB Tray,2U,E4-2c, BIOS 78016600 11/13/2024\nRIP: 0010:xas_create+0x78/0x1f0\nCode: 00 00 00 41 80 fc 01 0f 84 82 00 00 00 ba 06 00 00 00 bd 06 00 00 00 49 8b 45 08 4d 8d 65 08 41 39 d6 73 20 83 ed 06 48 85 c0 \u003c74\u003e 67 48 89 c2 83 e2 03 48 83 fa 02 75 0c 48 3d 00 10 00 00 0f 87\nRSP: 0018:ffffad890a34b940 EFLAGS: 00000286\nRAX: ffff96f30b261daa RBX: ffffad890a34b9c8 RCX: 0000000000000000\nRDX: 000000000000001e RSI: 0000000000000000 RDI: 0000000000000000\nRBP: 0000000000000018 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffad890a356868\nR13: ffffad890a356860 R14: 0000000000000000 R15: ffffad890a356868\nFS: 00007f5578a2a400(0000) GS:ffff97ed317e1000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f015c70fb18 CR3: 00000001109fd006 CR4: 0000000000f70ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n xas_store+0x58/0x630\n __xa_store+0xa5/0x130\n xa_store+0x2c/0x50\n kvm_vm_set_mem_attributes+0x343/0x710 [kvm]\n kvm_vm_ioctl+0x796/0xab0 [kvm]\n __x64_sys_ioctl+0xa3/0xd0\n do_syscall_64+0x8c/0x7a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f5578d031bb\nCode: ff ff ff 85 c0 79 9b 49 c7 c4 ff ff ff ff 5b 5d 4c 89 e0 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 2d 4c 0f 00 f7 d8 64 89 01 48\nRSP: 002b:00007ffe0a742b88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 000000004020aed2 RCX: 00007f5578d031bb\nRDX: 00007ffe0a742c80 RSI: 000000004020aed2 RDI: 000000000000000b\nRBP: 0000010000000000 R08: 0000010000000000 R09: 0000017680000000\nR10: 0000000000000080 R11: 0000000000000246 R12: 00005575e5f95120\nR13: 00007ffe0a742c80 R14: 0000000000000008 R15: 00005575e5f961e0\n\nWhile looping through the range of memory setting the attributes,\ncall cond_resched() to give the scheduler a chance to run a higher\npriority task on the runqueue if necessary and avoid staying in\nkernel mode long enough to trigger the lockup.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38506",
"url": "https://www.suse.com/security/cve/CVE-2025-38506"
},
{
"category": "external",
"summary": "SUSE Bug 1248186 for CVE-2025-38506",
"url": "https://bugzilla.suse.com/1248186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "low"
}
],
"title": "CVE-2025-38506"
},
{
"cve": "CVE-2025-38508",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38508"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/sev: Use TSC_FACTOR for Secure TSC frequency calculation\n\nWhen using Secure TSC, the GUEST_TSC_FREQ MSR reports a frequency based on\nthe nominal P0 frequency, which deviates slightly (typically ~0.2%) from\nthe actual mean TSC frequency due to clocking parameters.\n\nOver extended VM uptime, this discrepancy accumulates, causing clock skew\nbetween the hypervisor and a SEV-SNP VM, leading to early timer interrupts as\nperceived by the guest.\n\nThe guest kernel relies on the reported nominal frequency for TSC-based\ntimekeeping, while the actual frequency set during SNP_LAUNCH_START may\ndiffer. This mismatch results in inaccurate time calculations, causing the\nguest to perceive hrtimers as firing earlier than expected.\n\nUtilize the TSC_FACTOR from the SEV firmware\u0027s secrets page (see \"Secrets\nPage Format\" in the SNP Firmware ABI Specification) to calculate the mean\nTSC frequency, ensuring accurate timekeeping and mitigating clock skew in\nSEV-SNP VMs.\n\nUse early_ioremap_encrypted() to map the secrets page as\nioremap_encrypted() uses kmalloc() which is not available during early TSC\ninitialization and causes a panic.\n\n [ bp: Drop the silly dummy var:\n https://lore.kernel.org/r/20250630192726.GBaGLlHl84xIopx4Pt@fat_crate.local ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38508",
"url": "https://www.suse.com/security/cve/CVE-2025-38508"
},
{
"category": "external",
"summary": "SUSE Bug 1248190 for CVE-2025-38508",
"url": "https://bugzilla.suse.com/1248190"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38508"
},
{
"cve": "CVE-2025-38514",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38514"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix oops due to non-existence of prealloc backlog struct\n\nIf an AF_RXRPC service socket is opened and bound, but calls are\npreallocated, then rxrpc_alloc_incoming_call() will oops because the\nrxrpc_backlog struct doesn\u0027t get allocated until the first preallocation is\nmade.\n\nFix this by returning NULL from rxrpc_alloc_incoming_call() if there is no\nbacklog struct. This will cause the incoming call to be aborted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38514",
"url": "https://www.suse.com/security/cve/CVE-2025-38514"
},
{
"category": "external",
"summary": "SUSE Bug 1248202 for CVE-2025-38514",
"url": "https://bugzilla.suse.com/1248202"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38514"
},
{
"cve": "CVE-2025-38524",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38524"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix recv-recv race of completed call\n\nIf a call receives an event (such as incoming data), the call gets placed\non the socket\u0027s queue and a thread in recvmsg can be awakened to go and\nprocess it. Once the thread has picked up the call off of the queue,\nfurther events will cause it to be requeued, and once the socket lock is\ndropped (recvmsg uses call-\u003euser_mutex to allow the socket to be used in\nparallel), a second thread can come in and its recvmsg can pop the call off\nthe socket queue again.\n\nIn such a case, the first thread will be receiving stuff from the call and\nthe second thread will be blocked on call-\u003euser_mutex. The first thread\ncan, at this point, process both the event that it picked call for and the\nevent that the second thread picked the call for and may see the call\nterminate - in which case the call will be \"released\", decoupling the call\nfrom the user call ID assigned to it (RXRPC_USER_CALL_ID in the control\nmessage).\n\nThe first thread will return okay, but then the second thread will wake up\nholding the user_mutex and, if it sees that the call has been released by\nthe first thread, it will BUG thusly:\n\n\tkernel BUG at net/rxrpc/recvmsg.c:474!\n\nFix this by just dequeuing the call and ignoring it if it is seen to be\nalready released. We can\u0027t tell userspace about it anyway as the user call\nID has become stale.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38524",
"url": "https://www.suse.com/security/cve/CVE-2025-38524"
},
{
"category": "external",
"summary": "SUSE Bug 1248194 for CVE-2025-38524",
"url": "https://bugzilla.suse.com/1248194"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38524"
},
{
"cve": "CVE-2025-38526",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38526"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: add NULL check in eswitch lag check\n\nThe function ice_lag_is_switchdev_running() is being called from outside of\nthe LAG event handler code. This results in the lag-\u003eupper_netdev being\nNULL sometimes. To avoid a NULL-pointer dereference, there needs to be a\ncheck before it is dereferenced.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38526",
"url": "https://www.suse.com/security/cve/CVE-2025-38526"
},
{
"category": "external",
"summary": "SUSE Bug 1248192 for CVE-2025-38526",
"url": "https://bugzilla.suse.com/1248192"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38526"
},
{
"cve": "CVE-2025-38527",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38527"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix use-after-free in cifs_oplock_break\n\nA race condition can occur in cifs_oplock_break() leading to a\nuse-after-free of the cinode structure when unmounting:\n\n cifs_oplock_break()\n _cifsFileInfo_put(cfile)\n cifsFileInfo_put_final()\n cifs_sb_deactive()\n [last ref, start releasing sb]\n kill_sb()\n kill_anon_super()\n generic_shutdown_super()\n evict_inodes()\n dispose_list()\n evict()\n destroy_inode()\n call_rcu(\u0026inode-\u003ei_rcu, i_callback)\n spin_lock(\u0026cinode-\u003eopen_file_lock) \u003c- OK\n [later] i_callback()\n cifs_free_inode()\n kmem_cache_free(cinode)\n spin_unlock(\u0026cinode-\u003eopen_file_lock) \u003c- UAF\n cifs_done_oplock_break(cinode) \u003c- UAF\n\nThe issue occurs when umount has already released its reference to the\nsuperblock. When _cifsFileInfo_put() calls cifs_sb_deactive(), this\nreleases the last reference, triggering the immediate cleanup of all\ninodes under RCU. However, cifs_oplock_break() continues to access the\ncinode after this point, resulting in use-after-free.\n\nFix this by holding an extra reference to the superblock during the\nentire oplock break operation. This ensures that the superblock and\nits inodes remain valid until the oplock break completes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38527",
"url": "https://www.suse.com/security/cve/CVE-2025-38527"
},
{
"category": "external",
"summary": "SUSE Bug 1248199 for CVE-2025-38527",
"url": "https://bugzilla.suse.com/1248199"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38527"
},
{
"cve": "CVE-2025-38528",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38528"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Reject %p% format string in bprintf-like helpers\n\nstatic const char fmt[] = \"%p%\";\n bpf_trace_printk(fmt, sizeof(fmt));\n\nThe above BPF program isn\u0027t rejected and causes a kernel warning at\nruntime:\n\n Please remove unsupported %\\x00 in format string\n WARNING: CPU: 1 PID: 7244 at lib/vsprintf.c:2680 format_decode+0x49c/0x5d0\n\nThis happens because bpf_bprintf_prepare skips over the second %,\ndetected as punctuation, while processing %p. This patch fixes it by\nnot skipping over punctuation. %\\x00 is then processed in the next\niteration and rejected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38528",
"url": "https://www.suse.com/security/cve/CVE-2025-38528"
},
{
"category": "external",
"summary": "SUSE Bug 1248198 for CVE-2025-38528",
"url": "https://bugzilla.suse.com/1248198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38528"
},
{
"cve": "CVE-2025-38531",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38531"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: common: st_sensors: Fix use of uninitialize device structs\n\nThroughout the various probe functions \u0026indio_dev-\u003edev is used before it\nis initialized. This caused a kernel panic in st_sensors_power_enable()\nwhen the call to devm_regulator_bulk_get_enable() fails and then calls\ndev_err_probe() with the uninitialized device.\n\nThis seems to only cause a panic with dev_err_probe(), dev_err(),\ndev_warn() and dev_info() don\u0027t seem to cause a panic, but are fixed\nas well.\n\nThe issue is reported and traced here: [1]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38531",
"url": "https://www.suse.com/security/cve/CVE-2025-38531"
},
{
"category": "external",
"summary": "SUSE Bug 1248205 for CVE-2025-38531",
"url": "https://bugzilla.suse.com/1248205"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38531"
},
{
"cve": "CVE-2025-38533",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38533"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: libwx: fix the using of Rx buffer DMA\n\nThe wx_rx_buffer structure contained two DMA address fields: \u0027dma\u0027 and\n\u0027page_dma\u0027. However, only \u0027page_dma\u0027 was actually initialized and used\nto program the Rx descriptor. But \u0027dma\u0027 was uninitialized and used in\nsome paths.\n\nThis could lead to undefined behavior, including DMA errors or\nuse-after-free, if the uninitialized \u0027dma\u0027 was used. Althrough such\nerror has not yet occurred, it is worth fixing in the code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38533",
"url": "https://www.suse.com/security/cve/CVE-2025-38533"
},
{
"category": "external",
"summary": "SUSE Bug 1248200 for CVE-2025-38533",
"url": "https://bugzilla.suse.com/1248200"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38533"
},
{
"cve": "CVE-2025-38539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38539"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Add down_write(trace_event_sem) when adding trace event\n\nWhen a module is loaded, it adds trace events defined by the module. It\nmay also need to modify the modules trace printk formats to replace enum\nnames with their values.\n\nIf two modules are loaded at the same time, the adding of the event to the\nftrace_events list can corrupt the walking of the list in the code that is\nmodifying the printk format strings and crash the kernel.\n\nThe addition of the event should take the trace_event_sem for write while\nit adds the new event.\n\nAlso add a lockdep_assert_held() on that semaphore in\n__trace_add_event_dirs() as it iterates the list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38539",
"url": "https://www.suse.com/security/cve/CVE-2025-38539"
},
{
"category": "external",
"summary": "SUSE Bug 1248211 for CVE-2025-38539",
"url": "https://bugzilla.suse.com/1248211"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38539"
},
{
"cve": "CVE-2025-38544",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38544"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix bug due to prealloc collision\n\nWhen userspace is using AF_RXRPC to provide a server, it has to preallocate\nincoming calls and assign to them call IDs that will be used to thread\nrelated recvmsg() and sendmsg() together. The preallocated call IDs will\nautomatically be attached to calls as they come in until the pool is empty.\n\nTo the kernel, the call IDs are just arbitrary numbers, but userspace can\nuse the call ID to hold a pointer to prepared structs. In any case, the\nuser isn\u0027t permitted to create two calls with the same call ID (call IDs\nbecome available again when the call ends) and EBADSLT should result from\nsendmsg() if an attempt is made to preallocate a call with an in-use call\nID.\n\nHowever, the cleanup in the error handling will trigger both assertions in\nrxrpc_cleanup_call() because the call isn\u0027t marked complete and isn\u0027t\nmarked as having been released.\n\nFix this by setting the call state in rxrpc_service_prealloc_one() and then\nmarking it as being released before calling the cleanup function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38544",
"url": "https://www.suse.com/security/cve/CVE-2025-38544"
},
{
"category": "external",
"summary": "SUSE Bug 1248225 for CVE-2025-38544",
"url": "https://bugzilla.suse.com/1248225"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38544"
},
{
"cve": "CVE-2025-38545",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38545"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: ti: am65-cpsw-nuss: Fix skb size by accounting for skb_shared_info\n\nWhile transitioning from netdev_alloc_ip_align() to build_skb(), memory\nfor the \"skb_shared_info\" member of an \"skb\" was not allocated. Fix this\nby allocating \"PAGE_SIZE\" as the skb length, accounting for the packet\nlength, headroom and tailroom, thereby including the required memory space\nfor skb_shared_info.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38545",
"url": "https://www.suse.com/security/cve/CVE-2025-38545"
},
{
"category": "external",
"summary": "SUSE Bug 1248224 for CVE-2025-38545",
"url": "https://bugzilla.suse.com/1248224"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38545"
},
{
"cve": "CVE-2025-38546",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38546"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: clip: Fix memory leak of struct clip_vcc.\n\nioctl(ATMARP_MKIP) allocates struct clip_vcc and set it to\nvcc-\u003euser_back.\n\nThe code assumes that vcc_destroy_socket() passes NULL skb\nto vcc-\u003epush() when the socket is close()d, and then clip_push()\nfrees clip_vcc.\n\nHowever, ioctl(ATMARPD_CTRL) sets NULL to vcc-\u003epush() in\natm_init_atmarp(), resulting in memory leak.\n\nLet\u0027s serialise two ioctl() by lock_sock() and check vcc-\u003epush()\nin atm_init_atmarp() to prevent memleak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38546",
"url": "https://www.suse.com/security/cve/CVE-2025-38546"
},
{
"category": "external",
"summary": "SUSE Bug 1248223 for CVE-2025-38546",
"url": "https://bugzilla.suse.com/1248223"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38546"
},
{
"cve": "CVE-2025-38549",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38549"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nefivarfs: Fix memory leak of efivarfs_fs_info in fs_context error paths\n\nWhen processing mount options, efivarfs allocates efivarfs_fs_info (sfi)\nearly in fs_context initialization. However, sfi is associated with the\nsuperblock and typically freed when the superblock is destroyed. If the\nfs_context is released (final put) before fill_super is called-such as\non error paths or during reconfiguration-the sfi structure would leak,\nas ownership never transfers to the superblock.\n\nImplement the .free callback in efivarfs_context_ops to ensure any\nallocated sfi is properly freed if the fs_context is torn down before\nfill_super, preventing this memory leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38549",
"url": "https://www.suse.com/security/cve/CVE-2025-38549"
},
{
"category": "external",
"summary": "SUSE Bug 1248235 for CVE-2025-38549",
"url": "https://bugzilla.suse.com/1248235"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "low"
}
],
"title": "CVE-2025-38549"
},
{
"cve": "CVE-2025-38552",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38552"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: plug races between subflow fail and subflow creation\n\nWe have races similar to the one addressed by the previous patch between\nsubflow failing and additional subflow creation. They are just harder to\ntrigger.\n\nThe solution is similar. Use a separate flag to track the condition\n\u0027socket state prevent any additional subflow creation\u0027 protected by the\nfallback lock.\n\nThe socket fallback makes such flag true, and also receiving or sending\nan MP_FAIL option.\n\nThe field \u0027allow_infinite_fallback\u0027 is now always touched under the\nrelevant lock, we can drop the ONCE annotation on write.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38552",
"url": "https://www.suse.com/security/cve/CVE-2025-38552"
},
{
"category": "external",
"summary": "SUSE Bug 1248230 for CVE-2025-38552",
"url": "https://bugzilla.suse.com/1248230"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38552"
},
{
"cve": "CVE-2025-38553",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38553"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Restrict conditions for adding duplicating netems to qdisc tree\n\nnetem_enqueue\u0027s duplication prevention logic breaks when a netem\nresides in a qdisc tree with other netems - this can lead to a\nsoft lockup and OOM loop in netem_dequeue, as seen in [1].\nEnsure that a duplicating netem cannot exist in a tree with other\nnetems.\n\nPrevious approaches suggested in discussions in chronological order:\n\n1) Track duplication status or ttl in the sk_buff struct. Considered\ntoo specific a use case to extend such a struct, though this would\nbe a resilient fix and address other previous and potential future\nDOS bugs like the one described in loopy fun [2].\n\n2) Restrict netem_enqueue recursion depth like in act_mirred with a\nper cpu variable. However, netem_dequeue can call enqueue on its\nchild, and the depth restriction could be bypassed if the child is a\nnetem.\n\n3) Use the same approach as in 2, but add metadata in netem_skb_cb\nto handle the netem_dequeue case and track a packet\u0027s involvement\nin duplication. This is an overly complex approach, and Jamal\nnotes that the skb cb can be overwritten to circumvent this\nsafeguard.\n\n4) Prevent the addition of a netem to a qdisc tree if its ancestral\npath contains a netem. However, filters and actions can cause a\npacket to change paths when re-enqueued to the root from netem\nduplication, leading us to the current solution: prevent a\nduplicating netem from inhabiting the same tree as other netems.\n\n[1] https://lore.kernel.org/netdev/8DuRWwfqjoRDLDmBMlIfbrsZg9Gx50DHJc1ilxsEBNe2D6NMoigR_eIRIG0LOjMc3r10nUUZtArXx4oZBIdUfZQrwjcQhdinnMis_0G7VEk=@willsroot.io/\n[2] https://lwn.net/Articles/719297/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38553",
"url": "https://www.suse.com/security/cve/CVE-2025-38553"
},
{
"category": "external",
"summary": "SUSE Bug 1248255 for CVE-2025-38553",
"url": "https://bugzilla.suse.com/1248255"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38553"
},
{
"cve": "CVE-2025-38554",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38554"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: fix a UAF when vma-\u003emm is freed after vma-\u003evm_refcnt got dropped\n\nBy inducing delays in the right places, Jann Horn created a reproducer for\na hard to hit UAF issue that became possible after VMAs were allowed to be\nrecycled by adding SLAB_TYPESAFE_BY_RCU to their cache.\n\nRace description is borrowed from Jann\u0027s discovery report:\nlock_vma_under_rcu() looks up a VMA locklessly with mas_walk() under\nrcu_read_lock(). At that point, the VMA may be concurrently freed, and it\ncan be recycled by another process. vma_start_read() then increments the\nvma-\u003evm_refcnt (if it is in an acceptable range), and if this succeeds,\nvma_start_read() can return a recycled VMA.\n\nIn this scenario where the VMA has been recycled, lock_vma_under_rcu()\nwill then detect the mismatching -\u003evm_mm pointer and drop the VMA through\nvma_end_read(), which calls vma_refcount_put(). vma_refcount_put() drops\nthe refcount and then calls rcuwait_wake_up() using a copy of vma-\u003evm_mm. \nThis is wrong: It implicitly assumes that the caller is keeping the VMA\u0027s\nmm alive, but in this scenario the caller has no relation to the VMA\u0027s mm,\nso the rcuwait_wake_up() can cause UAF.\n\nThe diagram depicting the race:\nT1 T2 T3\n== == ==\nlock_vma_under_rcu\n mas_walk\n \u003cVMA gets removed from mm\u003e\n mmap\n \u003cthe same VMA is reallocated\u003e\n vma_start_read\n __refcount_inc_not_zero_limited_acquire\n munmap\n __vma_enter_locked\n refcount_add_not_zero\n vma_end_read\n vma_refcount_put\n __refcount_dec_and_test\n rcuwait_wait_event\n \u003cfinish operation\u003e\n rcuwait_wake_up [UAF]\n\nNote that rcuwait_wait_event() in T3 does not block because refcount was\nalready dropped by T1. At this point T3 can exit and free the mm causing\nUAF in T1.\n\nTo avoid this we move vma-\u003evm_mm verification into vma_start_read() and\ngrab vma-\u003evm_mm to stabilize it before vma_refcount_put() operation.\n\n[surenb@google.com: v3]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38554",
"url": "https://www.suse.com/security/cve/CVE-2025-38554"
},
{
"category": "external",
"summary": "SUSE Bug 1248299 for CVE-2025-38554",
"url": "https://bugzilla.suse.com/1248299"
},
{
"category": "external",
"summary": "SUSE Bug 1248301 for CVE-2025-38554",
"url": "https://bugzilla.suse.com/1248301"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38554"
},
{
"cve": "CVE-2025-38555",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38555"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget : fix use-after-free in composite_dev_cleanup()\n\n1. In func configfs_composite_bind() -\u003e composite_os_desc_req_prepare():\nif kmalloc fails, the pointer cdev-\u003eos_desc_req will be freed but not\nset to NULL. Then it will return a failure to the upper-level function.\n2. in func configfs_composite_bind() -\u003e composite_dev_cleanup():\nit will checks whether cdev-\u003eos_desc_req is NULL. If it is not NULL, it\nwill attempt to use it.This will lead to a use-after-free issue.\n\nBUG: KASAN: use-after-free in composite_dev_cleanup+0xf4/0x2c0\nRead of size 8 at addr 0000004827837a00 by task init/1\n\nCPU: 10 PID: 1 Comm: init Tainted: G O 5.10.97-oh #1\n kasan_report+0x188/0x1cc\n __asan_load8+0xb4/0xbc\n composite_dev_cleanup+0xf4/0x2c0\n configfs_composite_bind+0x210/0x7ac\n udc_bind_to_driver+0xb4/0x1ec\n usb_gadget_probe_driver+0xec/0x21c\n gadget_dev_desc_UDC_store+0x264/0x27c",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38555",
"url": "https://www.suse.com/security/cve/CVE-2025-38555"
},
{
"category": "external",
"summary": "SUSE Bug 1248297 for CVE-2025-38555",
"url": "https://bugzilla.suse.com/1248297"
},
{
"category": "external",
"summary": "SUSE Bug 1248298 for CVE-2025-38555",
"url": "https://bugzilla.suse.com/1248298"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38555"
},
{
"cve": "CVE-2025-38556",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38556"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: Harden s32ton() against conversion to 0 bits\n\nTesting by the syzbot fuzzer showed that the HID core gets a\nshift-out-of-bounds exception when it tries to convert a 32-bit\nquantity to a 0-bit quantity. Ideally this should never occur, but\nthere are buggy devices and some might have a report field with size\nset to zero; we shouldn\u0027t reject the report or the device just because\nof that.\n\nInstead, harden the s32ton() routine so that it returns a reasonable\nresult instead of crashing when it is called with the number of bits\nset to 0 -- the same as what snto32() does.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38556",
"url": "https://www.suse.com/security/cve/CVE-2025-38556"
},
{
"category": "external",
"summary": "SUSE Bug 1248296 for CVE-2025-38556",
"url": "https://bugzilla.suse.com/1248296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38556"
},
{
"cve": "CVE-2025-38557",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38557"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: apple: validate feature-report field count to prevent NULL pointer dereference\n\nA malicious HID device with quirk APPLE_MAGIC_BACKLIGHT can trigger a NULL\npointer dereference whilst the power feature-report is toggled and sent to\nthe device in apple_magic_backlight_report_set(). The power feature-report\nis expected to have two data fields, but if the descriptor declares one\nfield then accessing field[1] and dereferencing it in\napple_magic_backlight_report_set() becomes invalid\nsince field[1] will be NULL.\n\nAn example of a minimal descriptor which can cause the crash is something\nlike the following where the report with ID 3 (power report) only\nreferences a single 1-byte field. When hid core parses the descriptor it\nwill encounter the final feature tag, allocate a hid_report (all members\nof field[] will be zeroed out), create field structure and populate it,\nincreasing the maxfield to 1. The subsequent field[1] access and\ndereference causes the crash.\n\n Usage Page (Vendor Defined 0xFF00)\n Usage (0x0F)\n Collection (Application)\n Report ID (1)\n Usage (0x01)\n Logical Minimum (0)\n Logical Maximum (255)\n Report Size (8)\n Report Count (1)\n Feature (Data,Var,Abs)\n\n Usage (0x02)\n Logical Maximum (32767)\n Report Size (16)\n Report Count (1)\n Feature (Data,Var,Abs)\n\n Report ID (3)\n Usage (0x03)\n Logical Minimum (0)\n Logical Maximum (1)\n Report Size (8)\n Report Count (1)\n Feature (Data,Var,Abs)\n End Collection\n\nHere we see the KASAN splat when the kernel dereferences the\nNULL pointer and crashes:\n\n [ 15.164723] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] SMP KASAN NOPTI\n [ 15.165691] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]\n [ 15.165691] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.15.0 #31 PREEMPT(voluntary)\n [ 15.165691] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\n [ 15.165691] RIP: 0010:apple_magic_backlight_report_set+0xbf/0x210\n [ 15.165691] Call Trace:\n [ 15.165691] \u003cTASK\u003e\n [ 15.165691] apple_probe+0x571/0xa20\n [ 15.165691] hid_device_probe+0x2e2/0x6f0\n [ 15.165691] really_probe+0x1ca/0x5c0\n [ 15.165691] __driver_probe_device+0x24f/0x310\n [ 15.165691] driver_probe_device+0x4a/0xd0\n [ 15.165691] __device_attach_driver+0x169/0x220\n [ 15.165691] bus_for_each_drv+0x118/0x1b0\n [ 15.165691] __device_attach+0x1d5/0x380\n [ 15.165691] device_initial_probe+0x12/0x20\n [ 15.165691] bus_probe_device+0x13d/0x180\n [ 15.165691] device_add+0xd87/0x1510\n [...]\n\nTo fix this issue we should validate the number of fields that the\nbacklight and power reports have and if they do not have the required\nnumber of fields then bail.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38557",
"url": "https://www.suse.com/security/cve/CVE-2025-38557"
},
{
"category": "external",
"summary": "SUSE Bug 1248304 for CVE-2025-38557",
"url": "https://bugzilla.suse.com/1248304"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38557"
},
{
"cve": "CVE-2025-38559",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38559"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86/intel/pmt: fix a crashlog NULL pointer access\n\nUsage of the intel_pmt_read() for binary sysfs, requires a pcidev. The\ncurrent use of the endpoint value is only valid for telemetry endpoint\nusage.\n\nWithout the ep, the crashlog usage causes the following NULL pointer\nexception:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nOops: Oops: 0000 [#1] SMP NOPTI\nRIP: 0010:intel_pmt_read+0x3b/0x70 [pmt_class]\nCode:\nCall Trace:\n \u003cTASK\u003e\n ? sysfs_kf_bin_read+0xc0/0xe0\n kernfs_fop_read_iter+0xac/0x1a0\n vfs_read+0x26d/0x350\n ksys_read+0x6b/0xe0\n __x64_sys_read+0x1d/0x30\n x64_sys_call+0x1bc8/0x1d70\n do_syscall_64+0x6d/0x110\n\nAugment struct intel_pmt_entry with a pointer to the pcidev to avoid\nthe NULL pointer exception.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38559",
"url": "https://www.suse.com/security/cve/CVE-2025-38559"
},
{
"category": "external",
"summary": "SUSE Bug 1248302 for CVE-2025-38559",
"url": "https://bugzilla.suse.com/1248302"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38559"
},
{
"cve": "CVE-2025-38560",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38560"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/sev: Evict cache lines during SNP memory validation\n\nAn SNP cache coherency vulnerability requires a cache line eviction\nmitigation when validating memory after a page state change to private.\nThe specific mitigation is to touch the first and last byte of each 4K\npage that is being validated. There is no need to perform the mitigation\nwhen performing a page state change to shared and rescinding validation.\n\nCPUID bit Fn8000001F_EBX[31] defines the COHERENCY_SFW_NO CPUID bit\nthat, when set, indicates that the software mitigation for this\nvulnerability is not needed.\n\nImplement the mitigation and invoke it when validating memory (making it\nprivate) and the COHERENCY_SFW_NO bit is not set, indicating the SNP\nguest is vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38560",
"url": "https://www.suse.com/security/cve/CVE-2025-38560"
},
{
"category": "external",
"summary": "SUSE Bug 1248312 for CVE-2025-38560",
"url": "https://bugzilla.suse.com/1248312"
},
{
"category": "external",
"summary": "SUSE Bug 1248313 for CVE-2025-38560",
"url": "https://bugzilla.suse.com/1248313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38560"
},
{
"cve": "CVE-2025-38563",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38563"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Prevent VMA split of buffer mappings\n\nThe perf mmap code is careful about mmap()\u0027ing the user page with the\nringbuffer and additionally the auxiliary buffer, when the event supports\nit. Once the first mapping is established, subsequent mapping have to use\nthe same offset and the same size in both cases. The reference counting for\nthe ringbuffer and the auxiliary buffer depends on this being correct.\n\nThough perf does not prevent that a related mapping is split via mmap(2),\nmunmap(2) or mremap(2). A split of a VMA results in perf_mmap_open() calls,\nwhich take reference counts, but then the subsequent perf_mmap_close()\ncalls are not longer fulfilling the offset and size checks. This leads to\nreference count leaks.\n\nAs perf already has the requirement for subsequent mappings to match the\ninitial mapping, the obvious consequence is that VMA splits, caused by\nresizing of a mapping or partial unmapping, have to be prevented.\n\nImplement the vm_operations_struct::may_split() callback and return\nunconditionally -EINVAL.\n\nThat ensures that the mapping offsets and sizes cannot be changed after the\nfact. Remapping to a different fixed address with the same size is still\npossible as it takes the references for the new mapping and drops those of\nthe old mapping.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38563",
"url": "https://www.suse.com/security/cve/CVE-2025-38563"
},
{
"category": "external",
"summary": "SUSE Bug 1248306 for CVE-2025-38563",
"url": "https://bugzilla.suse.com/1248306"
},
{
"category": "external",
"summary": "SUSE Bug 1248307 for CVE-2025-38563",
"url": "https://bugzilla.suse.com/1248307"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38563"
},
{
"cve": "CVE-2025-38564",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38564"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Handle buffer mapping fail correctly in perf_mmap()\n\nAfter successful allocation of a buffer or a successful attachment to an\nexisting buffer perf_mmap() tries to map the buffer read only into the page\ntable. If that fails, the already set up page table entries are zapped, but\nthe other perf specific side effects of that failure are not handled. The\ncalling code just cleans up the VMA and does not invoke perf_mmap_close().\n\nThis leaks reference counts, corrupts user-\u003evm accounting and also results\nin an unbalanced invocation of event::event_mapped().\n\nCure this by moving the event::event_mapped() invocation before the\nmap_range() call so that on map_range() failure perf_mmap_close() can be\ninvoked without causing an unbalanced event::event_unmapped() call.\n\nperf_mmap_close() undoes the reference counts and eventually frees buffers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38564",
"url": "https://www.suse.com/security/cve/CVE-2025-38564"
},
{
"category": "external",
"summary": "SUSE Bug 1248367 for CVE-2025-38564",
"url": "https://bugzilla.suse.com/1248367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38564"
},
{
"cve": "CVE-2025-38565",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38565"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Exit early on perf_mmap() fail\n\nWhen perf_mmap() fails to allocate a buffer, it still invokes the\nevent_mapped() callback of the related event. On X86 this might increase\nthe perf_rdpmc_allowed reference counter. But nothing undoes this as\nperf_mmap_close() is never called in this case, which causes another\nreference count leak.\n\nReturn early on failure to prevent that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38565",
"url": "https://www.suse.com/security/cve/CVE-2025-38565"
},
{
"category": "external",
"summary": "SUSE Bug 1248377 for CVE-2025-38565",
"url": "https://bugzilla.suse.com/1248377"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "low"
}
],
"title": "CVE-2025-38565"
},
{
"cve": "CVE-2025-38566",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38566"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: fix handling of server side tls alerts\n\nScott Mayhew discovered a security exploit in NFS over TLS in\ntls_alert_recv() due to its assumption it can read data from\nthe msg iterator\u0027s kvec..\n\nkTLS implementation splits TLS non-data record payload between\nthe control message buffer (which includes the type such as TLS\naler or TLS cipher change) and the rest of the payload (say TLS\nalert\u0027s level/description) which goes into the msg payload buffer.\n\nThis patch proposes to rework how control messages are setup and\nused by sock_recvmsg().\n\nIf no control message structure is setup, kTLS layer will read and\nprocess TLS data record types. As soon as it encounters a TLS control\nmessage, it would return an error. At that point, NFS can setup a\nkvec backed msg buffer and read in the control message such as a\nTLS alert. Msg iterator can advance the kvec pointer as a part of\nthe copy process thus we need to revert the iterator before calling\ninto the tls_alert_recv.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38566",
"url": "https://www.suse.com/security/cve/CVE-2025-38566"
},
{
"category": "external",
"summary": "SUSE Bug 1248374 for CVE-2025-38566",
"url": "https://bugzilla.suse.com/1248374"
},
{
"category": "external",
"summary": "SUSE Bug 1248376 for CVE-2025-38566",
"url": "https://bugzilla.suse.com/1248376"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38566"
},
{
"cve": "CVE-2025-38568",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38568"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: mqprio: fix stack out-of-bounds write in tc entry parsing\n\nTCA_MQPRIO_TC_ENTRY_INDEX is validated using\nNLA_POLICY_MAX(NLA_U32, TC_QOPT_MAX_QUEUE), which allows the value\nTC_QOPT_MAX_QUEUE (16). This leads to a 4-byte out-of-bounds stack\nwrite in the fp[] array, which only has room for 16 elements (0-15).\n\nFix this by changing the policy to allow only up to TC_QOPT_MAX_QUEUE - 1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38568",
"url": "https://www.suse.com/security/cve/CVE-2025-38568"
},
{
"category": "external",
"summary": "SUSE Bug 1248386 for CVE-2025-38568",
"url": "https://bugzilla.suse.com/1248386"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38568"
},
{
"cve": "CVE-2025-38571",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38571"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: fix client side handling of tls alerts\n\nA security exploit was discovered in NFS over TLS in tls_alert_recv\ndue to its assumption that there is valid data in the msghdr\u0027s\niterator\u0027s kvec.\n\nInstead, this patch proposes the rework how control messages are\nsetup and used by sock_recvmsg().\n\nIf no control message structure is setup, kTLS layer will read and\nprocess TLS data record types. As soon as it encounters a TLS control\nmessage, it would return an error. At that point, NFS can setup a kvec\nbacked control buffer and read in the control message such as a TLS\nalert. Scott found that a msg iterator can advance the kvec pointer\nas a part of the copy process thus we need to revert the iterator\nbefore calling into the tls_alert_recv.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38571",
"url": "https://www.suse.com/security/cve/CVE-2025-38571"
},
{
"category": "external",
"summary": "SUSE Bug 1248401 for CVE-2025-38571",
"url": "https://bugzilla.suse.com/1248401"
},
{
"category": "external",
"summary": "SUSE Bug 1248402 for CVE-2025-38571",
"url": "https://bugzilla.suse.com/1248402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38571"
},
{
"cve": "CVE-2025-38572",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38572"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: reject malicious packets in ipv6_gso_segment()\n\nsyzbot was able to craft a packet with very long IPv6 extension headers\nleading to an overflow of skb-\u003etransport_header.\n\nThis 16bit field has a limited range.\n\nAdd skb_reset_transport_header_careful() helper and use it\nfrom ipv6_gso_segment()\n\nWARNING: CPU: 0 PID: 5871 at ./include/linux/skbuff.h:3032 skb_reset_transport_header include/linux/skbuff.h:3032 [inline]\nWARNING: CPU: 0 PID: 5871 at ./include/linux/skbuff.h:3032 ipv6_gso_segment+0x15e2/0x21e0 net/ipv6/ip6_offload.c:151\nModules linked in:\nCPU: 0 UID: 0 PID: 5871 Comm: syz-executor211 Not tainted 6.16.0-rc6-syzkaller-g7abc678e3084 #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025\n RIP: 0010:skb_reset_transport_header include/linux/skbuff.h:3032 [inline]\n RIP: 0010:ipv6_gso_segment+0x15e2/0x21e0 net/ipv6/ip6_offload.c:151\nCall Trace:\n \u003cTASK\u003e\n skb_mac_gso_segment+0x31c/0x640 net/core/gso.c:53\n nsh_gso_segment+0x54a/0xe10 net/nsh/nsh.c:110\n skb_mac_gso_segment+0x31c/0x640 net/core/gso.c:53\n __skb_gso_segment+0x342/0x510 net/core/gso.c:124\n skb_gso_segment include/net/gso.h:83 [inline]\n validate_xmit_skb+0x857/0x11b0 net/core/dev.c:3950\n validate_xmit_skb_list+0x84/0x120 net/core/dev.c:4000\n sch_direct_xmit+0xd3/0x4b0 net/sched/sch_generic.c:329\n __dev_xmit_skb net/core/dev.c:4102 [inline]\n __dev_queue_xmit+0x17b6/0x3a70 net/core/dev.c:4679",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38572",
"url": "https://www.suse.com/security/cve/CVE-2025-38572"
},
{
"category": "external",
"summary": "SUSE Bug 1248399 for CVE-2025-38572",
"url": "https://bugzilla.suse.com/1248399"
},
{
"category": "external",
"summary": "SUSE Bug 1248400 for CVE-2025-38572",
"url": "https://bugzilla.suse.com/1248400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38572"
},
{
"cve": "CVE-2025-38573",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38573"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: cs42l43: Property entry should be a null-terminated array\n\nThe software node does not specify a count of property entries, so the\narray must be null-terminated.\n\nWhen unterminated, this can lead to a fault in the downstream cs35l56\namplifier driver, because the node parse walks off the end of the\narray into unknown memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38573",
"url": "https://www.suse.com/security/cve/CVE-2025-38573"
},
{
"category": "external",
"summary": "SUSE Bug 1248396 for CVE-2025-38573",
"url": "https://bugzilla.suse.com/1248396"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38573"
},
{
"cve": "CVE-2025-38574",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38574"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npptp: ensure minimal skb length in pptp_xmit()\n\nCommit aabc6596ffb3 (\"net: ppp: Add bound checking for skb data\non ppp_sync_txmung\") fixed ppp_sync_txmunge()\n\nWe need a similar fix in pptp_xmit(), otherwise we might\nread uninit data as reported by syzbot.\n\nBUG: KMSAN: uninit-value in pptp_xmit+0xc34/0x2720 drivers/net/ppp/pptp.c:193\n pptp_xmit+0xc34/0x2720 drivers/net/ppp/pptp.c:193\n ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2290 [inline]\n ppp_input+0x1d6/0xe60 drivers/net/ppp/ppp_generic.c:2314\n pppoe_rcv_core+0x1e8/0x760 drivers/net/ppp/pppoe.c:379\n sk_backlog_rcv+0x142/0x420 include/net/sock.h:1148\n __release_sock+0x1d3/0x330 net/core/sock.c:3213\n release_sock+0x6b/0x270 net/core/sock.c:3767\n pppoe_sendmsg+0x15d/0xcb0 drivers/net/ppp/pppoe.c:904\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg+0x330/0x3d0 net/socket.c:727\n ____sys_sendmsg+0x893/0xd80 net/socket.c:2566\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2620\n __sys_sendmmsg+0x2d9/0x7c0 net/socket.c:2709",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38574",
"url": "https://www.suse.com/security/cve/CVE-2025-38574"
},
{
"category": "external",
"summary": "SUSE Bug 1248365 for CVE-2025-38574",
"url": "https://bugzilla.suse.com/1248365"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38574"
},
{
"cve": "CVE-2025-38576",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38576"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/eeh: Make EEH driver device hotplug safe\n\nMultiple race conditions existed between the PCIe hotplug driver and the\nEEH driver, leading to a variety of kernel oopses of the same general\nnature:\n\n\u003cpcie device unplug\u003e\n\u003ceeh driver trigger\u003e\n\u003chotplug removal trigger\u003e\n\u003cpcie tree reconfiguration\u003e\n\u003ceeh recovery next step\u003e\n\u003coops in EEH driver bus iteration loop\u003e\n\nA second class of oops is also seen when the underlying bus disappears\nduring device recovery.\n\nRefactor the EEH module to be PCI rescan and remove safe. Also clean\nup a few minor formatting / readability issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38576",
"url": "https://www.suse.com/security/cve/CVE-2025-38576"
},
{
"category": "external",
"summary": "SUSE Bug 1248354 for CVE-2025-38576",
"url": "https://bugzilla.suse.com/1248354"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38576"
},
{
"cve": "CVE-2025-38581",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38581"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: ccp - Fix crash when rebind ccp device for ccp.ko\n\nWhen CONFIG_CRYPTO_DEV_CCP_DEBUGFS is enabled, rebinding\nthe ccp device causes the following crash:\n\n$ echo \u00270000:0a:00.2\u0027 \u003e /sys/bus/pci/drivers/ccp/unbind\n$ echo \u00270000:0a:00.2\u0027 \u003e /sys/bus/pci/drivers/ccp/bind\n\n[ 204.976930] BUG: kernel NULL pointer dereference, address: 0000000000000098\n[ 204.978026] #PF: supervisor write access in kernel mode\n[ 204.979126] #PF: error_code(0x0002) - not-present page\n[ 204.980226] PGD 0 P4D 0\n[ 204.981317] Oops: Oops: 0002 [#1] SMP NOPTI\n...\n[ 204.997852] Call Trace:\n[ 204.999074] \u003cTASK\u003e\n[ 205.000297] start_creating+0x9f/0x1c0\n[ 205.001533] debugfs_create_dir+0x1f/0x170\n[ 205.002769] ? srso_return_thunk+0x5/0x5f\n[ 205.004000] ccp5_debugfs_setup+0x87/0x170 [ccp]\n[ 205.005241] ccp5_init+0x8b2/0x960 [ccp]\n[ 205.006469] ccp_dev_init+0xd4/0x150 [ccp]\n[ 205.007709] sp_init+0x5f/0x80 [ccp]\n[ 205.008942] sp_pci_probe+0x283/0x2e0 [ccp]\n[ 205.010165] ? srso_return_thunk+0x5/0x5f\n[ 205.011376] local_pci_probe+0x4f/0xb0\n[ 205.012584] pci_device_probe+0xdb/0x230\n[ 205.013810] really_probe+0xed/0x380\n[ 205.015024] __driver_probe_device+0x7e/0x160\n[ 205.016240] device_driver_attach+0x2f/0x60\n[ 205.017457] bind_store+0x7c/0xb0\n[ 205.018663] drv_attr_store+0x28/0x40\n[ 205.019868] sysfs_kf_write+0x5f/0x70\n[ 205.021065] kernfs_fop_write_iter+0x145/0x1d0\n[ 205.022267] vfs_write+0x308/0x440\n[ 205.023453] ksys_write+0x6d/0xe0\n[ 205.024616] __x64_sys_write+0x1e/0x30\n[ 205.025778] x64_sys_call+0x16ba/0x2150\n[ 205.026942] do_syscall_64+0x56/0x1e0\n[ 205.028108] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 205.029276] RIP: 0033:0x7fbc36f10104\n[ 205.030420] Code: 89 02 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8d 05 e1 08 2e 00 8b 00 85 c0 75 13 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 54 f3 c3 66 90 41 54 55 49 89 d4 53 48 89 f5\n\nThis patch sets ccp_debugfs_dir to NULL after destroying it in\nccp5_debugfs_destroy, allowing the directory dentry to be\nrecreated when rebinding the ccp device.\n\nTested on AMD Ryzen 7 1700X.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38581",
"url": "https://www.suse.com/security/cve/CVE-2025-38581"
},
{
"category": "external",
"summary": "SUSE Bug 1248345 for CVE-2025-38581",
"url": "https://bugzilla.suse.com/1248345"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38581"
},
{
"cve": "CVE-2025-38582",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38582"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix double destruction of rsv_qp\n\nrsv_qp may be double destroyed in error flow, first in free_mr_init(),\nand then in hns_roce_exit(). Fix it by moving the free_mr_init() call\ninto hns_roce_v2_init().\n\nlist_del corruption, ffff589732eb9b50-\u003enext is LIST_POISON1 (dead000000000100)\nWARNING: CPU: 8 PID: 1047115 at lib/list_debug.c:53 __list_del_entry_valid+0x148/0x240\n...\nCall trace:\n __list_del_entry_valid+0x148/0x240\n hns_roce_qp_remove+0x4c/0x3f0 [hns_roce_hw_v2]\n hns_roce_v2_destroy_qp_common+0x1dc/0x5f4 [hns_roce_hw_v2]\n hns_roce_v2_destroy_qp+0x22c/0x46c [hns_roce_hw_v2]\n free_mr_exit+0x6c/0x120 [hns_roce_hw_v2]\n hns_roce_v2_exit+0x170/0x200 [hns_roce_hw_v2]\n hns_roce_exit+0x118/0x350 [hns_roce_hw_v2]\n __hns_roce_hw_v2_init_instance+0x1c8/0x304 [hns_roce_hw_v2]\n hns_roce_hw_v2_reset_notify_init+0x170/0x21c [hns_roce_hw_v2]\n hns_roce_hw_v2_reset_notify+0x6c/0x190 [hns_roce_hw_v2]\n hclge_notify_roce_client+0x6c/0x160 [hclge]\n hclge_reset_rebuild+0x150/0x5c0 [hclge]\n hclge_reset+0x10c/0x140 [hclge]\n hclge_reset_subtask+0x80/0x104 [hclge]\n hclge_reset_service_task+0x168/0x3ac [hclge]\n hclge_service_task+0x50/0x100 [hclge]\n process_one_work+0x250/0x9a0\n worker_thread+0x324/0x990\n kthread+0x190/0x210\n ret_from_fork+0x10/0x18",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38582",
"url": "https://www.suse.com/security/cve/CVE-2025-38582"
},
{
"category": "external",
"summary": "SUSE Bug 1248349 for CVE-2025-38582",
"url": "https://bugzilla.suse.com/1248349"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38582"
},
{
"cve": "CVE-2025-38583",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38583"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: xilinx: vcu: unregister pll_post only if registered correctly\n\nIf registration of pll_post is failed, it will be set to NULL or ERR,\nunregistering same will fail with following call trace:\n\nUnable to handle kernel NULL pointer dereference at virtual address 008\npc : clk_hw_unregister+0xc/0x20\nlr : clk_hw_unregister_fixed_factor+0x18/0x30\nsp : ffff800011923850\n...\nCall trace:\n clk_hw_unregister+0xc/0x20\n clk_hw_unregister_fixed_factor+0x18/0x30\n xvcu_unregister_clock_provider+0xcc/0xf4 [xlnx_vcu]\n xvcu_probe+0x2bc/0x53c [xlnx_vcu]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38583",
"url": "https://www.suse.com/security/cve/CVE-2025-38583"
},
{
"category": "external",
"summary": "SUSE Bug 1248350 for CVE-2025-38583",
"url": "https://bugzilla.suse.com/1248350"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38583"
},
{
"cve": "CVE-2025-38584",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38584"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npadata: Fix pd UAF once and for all\n\nThere is a race condition/UAF in padata_reorder that goes back\nto the initial commit. A reference count is taken at the start\nof the process in padata_do_parallel, and released at the end in\npadata_serial_worker.\n\nThis reference count is (and only is) required for padata_replace\nto function correctly. If padata_replace is never called then\nthere is no issue.\n\nIn the function padata_reorder which serves as the core of padata,\nas soon as padata is added to queue-\u003eserial.list, and the associated\nspin lock released, that padata may be processed and the reference\ncount on pd would go away.\n\nFix this by getting the next padata before the squeue-\u003eserial lock\nis released.\n\nIn order to make this possible, simplify padata_reorder by only\ncalling it once the next padata arrives.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38584",
"url": "https://www.suse.com/security/cve/CVE-2025-38584"
},
{
"category": "external",
"summary": "SUSE Bug 1248343 for CVE-2025-38584",
"url": "https://bugzilla.suse.com/1248343"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38584"
},
{
"cve": "CVE-2025-38585",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38585"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int()\n\nWhen gmin_get_config_var() calls efi.get_variable() and the EFI variable\nis larger than the expected buffer size, two behaviors combine to create\na stack buffer overflow:\n\n1. gmin_get_config_var() does not return the proper error code when\n efi.get_variable() fails. It returns the stale \u0027ret\u0027 value from\n earlier operations instead of indicating the EFI failure.\n\n2. When efi.get_variable() returns EFI_BUFFER_TOO_SMALL, it updates\n *out_len to the required buffer size but writes no data to the output\n buffer. However, due to bug #1, gmin_get_var_int() believes the call\n succeeded.\n\nThe caller gmin_get_var_int() then performs:\n- Allocates val[CFG_VAR_NAME_MAX + 1] (65 bytes) on stack\n- Calls gmin_get_config_var(dev, is_gmin, var, val, \u0026len) with len=64\n- If EFI variable is \u003e64 bytes, efi.get_variable() sets len=required_size\n- Due to bug #1, thinks call succeeded with len=required_size\n- Executes val[len] = 0, writing past end of 65-byte stack buffer\n\nThis creates a stack buffer overflow when EFI variables are larger than\n64 bytes. Since EFI variables can be controlled by firmware or system\nconfiguration, this could potentially be exploited for code execution.\n\nFix the bug by returning proper error codes from gmin_get_config_var()\nbased on EFI status instead of stale \u0027ret\u0027 value.\n\nThe gmin_get_var_int() function is called during device initialization\nfor camera sensor configuration on Intel Bay Trail and Cherry Trail\nplatforms using the atomisp camera stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38585",
"url": "https://www.suse.com/security/cve/CVE-2025-38585"
},
{
"category": "external",
"summary": "SUSE Bug 1248355 for CVE-2025-38585",
"url": "https://bugzilla.suse.com/1248355"
},
{
"category": "external",
"summary": "SUSE Bug 1248671 for CVE-2025-38585",
"url": "https://bugzilla.suse.com/1248671"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38585"
},
{
"cve": "CVE-2025-38586",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38586"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, arm64: Fix fp initialization for exception boundary\n\nIn the ARM64 BPF JIT when prog-\u003eaux-\u003eexception_boundary is set for a BPF\nprogram, find_used_callee_regs() is not called because for a program\nacting as exception boundary, all callee saved registers are saved.\nfind_used_callee_regs() sets `ctx-\u003efp_used = true;` when it sees FP\nbeing used in any of the instructions.\n\nFor programs acting as exception boundary, ctx-\u003efp_used remains false\neven if frame pointer is used by the program and therefore, FP is not\nset-up for such programs in the prologue. This can cause the kernel to\ncrash due to a pagefault.\n\nFix it by setting ctx-\u003efp_used = true for exception boundary programs as\nfp is always saved in such programs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38586",
"url": "https://www.suse.com/security/cve/CVE-2025-38586"
},
{
"category": "external",
"summary": "SUSE Bug 1248359 for CVE-2025-38586",
"url": "https://bugzilla.suse.com/1248359"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38586"
},
{
"cve": "CVE-2025-38587",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38587"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix possible infinite loop in fib6_info_uses_dev()\n\nfib6_info_uses_dev() seems to rely on RCU without an explicit\nprotection.\n\nLike the prior fix in rt6_nlmsg_size(),\nwe need to make sure fib6_del_route() or fib6_add_rt2node()\nhave not removed the anchor from the list, or we risk an infinite loop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38587",
"url": "https://www.suse.com/security/cve/CVE-2025-38587"
},
{
"category": "external",
"summary": "SUSE Bug 1248361 for CVE-2025-38587",
"url": "https://bugzilla.suse.com/1248361"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38587"
},
{
"cve": "CVE-2025-38588",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38588"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent infinite loop in rt6_nlmsg_size()\n\nWhile testing prior patch, I was able to trigger\nan infinite loop in rt6_nlmsg_size() in the following place:\n\nlist_for_each_entry_rcu(sibling, \u0026f6i-\u003efib6_siblings,\n\t\t\tfib6_siblings) {\n\trt6_nh_nlmsg_size(sibling-\u003efib6_nh, \u0026nexthop_len);\n}\n\nThis is because fib6_del_route() and fib6_add_rt2node()\nuses list_del_rcu(), which can confuse rcu readers,\nbecause they might no longer see the head of the list.\n\nRestart the loop if f6i-\u003efib6_nsiblings is zero.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38588",
"url": "https://www.suse.com/security/cve/CVE-2025-38588"
},
{
"category": "external",
"summary": "SUSE Bug 1248368 for CVE-2025-38588",
"url": "https://bugzilla.suse.com/1248368"
},
{
"category": "external",
"summary": "SUSE Bug 1249241 for CVE-2025-38588",
"url": "https://bugzilla.suse.com/1249241"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38588"
},
{
"cve": "CVE-2025-38591",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38591"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Reject narrower access to pointer ctx fields\n\nThe following BPF program, simplified from a syzkaller repro, causes a\nkernel warning:\n\n r0 = *(u8 *)(r1 + 169);\n exit;\n\nWith pointer field sk being at offset 168 in __sk_buff. This access is\ndetected as a narrower read in bpf_skb_is_valid_access because it\ndoesn\u0027t match offsetof(struct __sk_buff, sk). It is therefore allowed\nand later proceeds to bpf_convert_ctx_access. Note that for the\n\"is_narrower_load\" case in the convert_ctx_accesses(), the insn-\u003eoff\nis aligned, so the cnt may not be 0 because it matches the\noffsetof(struct __sk_buff, sk) in the bpf_convert_ctx_access. However,\nthe target_size stays 0 and the verifier errors with a kernel warning:\n\n verifier bug: error during ctx access conversion(1)\n\nThis patch fixes that to return a proper \"invalid bpf_context access\noff=X size=Y\" error on the load instruction.\n\nThe same issue affects multiple other fields in context structures that\nallow narrow access. Some other non-affected fields (for sk_msg,\nsk_lookup, and sockopt) were also changed to use bpf_ctx_range_ptr for\nconsistency.\n\nNote this syzkaller crash was reported in the \"Closes\" link below, which\nused to be about a different bug, fixed in\ncommit fce7bd8e385a (\"bpf/verifier: Handle BPF_LOAD_ACQ instructions\nin insn_def_regno()\"). Because syzbot somehow confused the two bugs,\nthe new crash and repro didn\u0027t get reported to the mailing list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38591",
"url": "https://www.suse.com/security/cve/CVE-2025-38591"
},
{
"category": "external",
"summary": "SUSE Bug 1248363 for CVE-2025-38591",
"url": "https://bugzilla.suse.com/1248363"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38591"
},
{
"cve": "CVE-2025-38593",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38593"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_sync: fix double free in \u0027hci_discovery_filter_clear()\u0027\n\nFunction \u0027hci_discovery_filter_clear()\u0027 frees \u0027uuids\u0027 array and then\nsets it to NULL. There is a tiny chance of the following race:\n\n\u0027hci_cmd_sync_work()\u0027\n\n \u0027update_passive_scan_sync()\u0027\n\n \u0027hci_update_passive_scan_sync()\u0027\n\n \u0027hci_discovery_filter_clear()\u0027\n kfree(uuids);\n\n \u003c-------------------------preempted--------------------------------\u003e\n \u0027start_service_discovery()\u0027\n\n \u0027hci_discovery_filter_clear()\u0027\n kfree(uuids); // DOUBLE FREE\n\n \u003c-------------------------preempted--------------------------------\u003e\n\n uuids = NULL;\n\nTo fix it let\u0027s add locking around \u0027kfree()\u0027 call and NULL pointer\nassignment. Otherwise the following backtrace fires:\n\n[ ] ------------[ cut here ]------------\n[ ] kernel BUG at mm/slub.c:547!\n[ ] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP\n[ ] CPU: 3 UID: 0 PID: 246 Comm: bluetoothd Tainted: G O 6.12.19-kernel #1\n[ ] Tainted: [O]=OOT_MODULE\n[ ] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ ] pc : __slab_free+0xf8/0x348\n[ ] lr : __slab_free+0x48/0x348\n...\n[ ] Call trace:\n[ ] __slab_free+0xf8/0x348\n[ ] kfree+0x164/0x27c\n[ ] start_service_discovery+0x1d0/0x2c0\n[ ] hci_sock_sendmsg+0x518/0x924\n[ ] __sock_sendmsg+0x54/0x60\n[ ] sock_write_iter+0x98/0xf8\n[ ] do_iter_readv_writev+0xe4/0x1c8\n[ ] vfs_writev+0x128/0x2b0\n[ ] do_writev+0xfc/0x118\n[ ] __arm64_sys_writev+0x20/0x2c\n[ ] invoke_syscall+0x68/0xf0\n[ ] el0_svc_common.constprop.0+0x40/0xe0\n[ ] do_el0_svc+0x1c/0x28\n[ ] el0_svc+0x30/0xd0\n[ ] el0t_64_sync_handler+0x100/0x12c\n[ ] el0t_64_sync+0x194/0x198\n[ ] Code: 8b0002e6 eb17031f 54fffbe1 d503201f (d4210000)\n[ ] ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38593",
"url": "https://www.suse.com/security/cve/CVE-2025-38593"
},
{
"category": "external",
"summary": "SUSE Bug 1248357 for CVE-2025-38593",
"url": "https://bugzilla.suse.com/1248357"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38593"
},
{
"cve": "CVE-2025-38595",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38595"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen: fix UAF in dmabuf_exp_from_pages()\n\n[dma_buf_fd() fixes; no preferences regarding the tree it goes through -\nup to xen folks]\n\nAs soon as we\u0027d inserted a file reference into descriptor table, another\nthread could close it. That\u0027s fine for the case when all we are doing is\nreturning that descriptor to userland (it\u0027s a race, but it\u0027s a userland\nrace and there\u0027s nothing the kernel can do about it). However, if we\nfollow fd_install() with any kind of access to objects that would be\ndestroyed on close (be it the struct file itself or anything destroyed\nby its -\u003erelease()), we have a UAF.\n\ndma_buf_fd() is a combination of reserving a descriptor and fd_install().\ngntdev dmabuf_exp_from_pages() calls it and then proceeds to access the\nobjects destroyed on close - starting with gntdev_dmabuf itself.\n\nFix that by doing reserving descriptor before anything else and do\nfd_install() only when everything had been set up.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38595",
"url": "https://www.suse.com/security/cve/CVE-2025-38595"
},
{
"category": "external",
"summary": "SUSE Bug 1248380 for CVE-2025-38595",
"url": "https://bugzilla.suse.com/1248380"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38595"
},
{
"cve": "CVE-2025-38597",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38597"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port\n\nEach window of a vop2 is usable by a specific set of video ports, so while\nbinding the vop2, we look through the list of available windows trying to\nfind one designated as primary-plane and usable by that specific port.\n\nThe code later wants to use drm_crtc_init_with_planes with that found\nprimary plane, but nothing has checked so far if a primary plane was\nactually found.\n\nFor whatever reason, the rk3576 vp2 does not have a usable primary window\n(if vp0 is also in use) which brought the issue to light and ended in a\nnull-pointer dereference further down.\n\nAs we expect a primary-plane to exist for a video-port, add a check at\nthe end of the window-iteration and fail probing if none was found.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38597",
"url": "https://www.suse.com/security/cve/CVE-2025-38597"
},
{
"category": "external",
"summary": "SUSE Bug 1248378 for CVE-2025-38597",
"url": "https://bugzilla.suse.com/1248378"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38597"
},
{
"cve": "CVE-2025-38601",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38601"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: clear initialized flag for deinit-ed srng lists\n\nIn a number of cases we see kernel panics on resume due\nto ath11k kernel page fault, which happens under the\nfollowing circumstances:\n\n1) First ath11k_hal_dump_srng_stats() call\n\n Last interrupt received for each group:\n ath11k_pci 0000:01:00.0: group_id 0 22511ms before\n ath11k_pci 0000:01:00.0: group_id 1 14440788ms before\n [..]\n ath11k_pci 0000:01:00.0: failed to receive control response completion, polling..\n ath11k_pci 0000:01:00.0: Service connect timeout\n ath11k_pci 0000:01:00.0: failed to connect to HTT: -110\n ath11k_pci 0000:01:00.0: failed to start core: -110\n ath11k_pci 0000:01:00.0: firmware crashed: MHI_CB_EE_RDDM\n ath11k_pci 0000:01:00.0: already resetting count 2\n ath11k_pci 0000:01:00.0: failed to wait wlan mode request (mode 4): -110\n ath11k_pci 0000:01:00.0: qmi failed to send wlan mode off: -110\n ath11k_pci 0000:01:00.0: failed to reconfigure driver on crash recovery\n [..]\n\n2) At this point reconfiguration fails (we have 2 resets) and\n ath11k_core_reconfigure_on_crash() calls ath11k_hal_srng_deinit()\n which destroys srng lists. However, it does not reset per-list\n -\u003einitialized flag.\n\n3) Second ath11k_hal_dump_srng_stats() call sees stale -\u003einitialized\n flag and attempts to dump srng stats:\n\n Last interrupt received for each group:\n ath11k_pci 0000:01:00.0: group_id 0 66785ms before\n ath11k_pci 0000:01:00.0: group_id 1 14485062ms before\n ath11k_pci 0000:01:00.0: group_id 2 14485062ms before\n ath11k_pci 0000:01:00.0: group_id 3 14485062ms before\n ath11k_pci 0000:01:00.0: group_id 4 14780845ms before\n ath11k_pci 0000:01:00.0: group_id 5 14780845ms before\n ath11k_pci 0000:01:00.0: group_id 6 14485062ms before\n ath11k_pci 0000:01:00.0: group_id 7 66814ms before\n ath11k_pci 0000:01:00.0: group_id 8 68997ms before\n ath11k_pci 0000:01:00.0: group_id 9 67588ms before\n ath11k_pci 0000:01:00.0: group_id 10 69511ms before\n BUG: unable to handle page fault for address: ffffa007404eb010\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 100000067 P4D 100000067 PUD 10022d067 PMD 100b01067 PTE 0\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n RIP: 0010:ath11k_hal_dump_srng_stats+0x2b4/0x3b0 [ath11k]\n Call Trace:\n \u003cTASK\u003e\n ? __die_body+0xae/0xb0\n ? page_fault_oops+0x381/0x3e0\n ? exc_page_fault+0x69/0xa0\n ? asm_exc_page_fault+0x22/0x30\n ? ath11k_hal_dump_srng_stats+0x2b4/0x3b0 [ath11k (HASH:6cea 4)]\n ath11k_qmi_driver_event_work+0xbd/0x1050 [ath11k (HASH:6cea 4)]\n worker_thread+0x389/0x930\n kthread+0x149/0x170\n\nClear per-list -\u003einitialized flag in ath11k_hal_srng_deinit().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38601",
"url": "https://www.suse.com/security/cve/CVE-2025-38601"
},
{
"category": "external",
"summary": "SUSE Bug 1248340 for CVE-2025-38601",
"url": "https://bugzilla.suse.com/1248340"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38601"
},
{
"cve": "CVE-2025-38602",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38602"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niwlwifi: Add missing check for alloc_ordered_workqueue\n\nAdd check for the return value of alloc_ordered_workqueue since it may\nreturn NULL pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38602",
"url": "https://www.suse.com/security/cve/CVE-2025-38602"
},
{
"category": "external",
"summary": "SUSE Bug 1248341 for CVE-2025-38602",
"url": "https://bugzilla.suse.com/1248341"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38602"
},
{
"cve": "CVE-2025-38604",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38604"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtl818x: Kill URBs before clearing tx status queue\n\nIn rtl8187_stop() move the call of usb_kill_anchored_urbs() before clearing\nb_tx_status.queue. This change prevents callbacks from using already freed\nskb due to anchor was not killed before freeing such skb.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000080\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0000 [#1] SMP NOPTI\n CPU: 7 UID: 0 PID: 0 Comm: swapper/7 Not tainted 6.15.0 #8 PREEMPT(voluntary)\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 0.0.0 02/06/2015\n RIP: 0010:ieee80211_tx_status_irqsafe+0x21/0xc0 [mac80211]\n Call Trace:\n \u003cIRQ\u003e\n rtl8187_tx_cb+0x116/0x150 [rtl8187]\n __usb_hcd_giveback_urb+0x9d/0x120\n usb_giveback_urb_bh+0xbb/0x140\n process_one_work+0x19b/0x3c0\n bh_worker+0x1a7/0x210\n tasklet_action+0x10/0x30\n handle_softirqs+0xf0/0x340\n __irq_exit_rcu+0xcd/0xf0\n common_interrupt+0x85/0xa0\n \u003c/IRQ\u003e\n\nTested on RTL8187BvE device.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38604",
"url": "https://www.suse.com/security/cve/CVE-2025-38604"
},
{
"category": "external",
"summary": "SUSE Bug 1248333 for CVE-2025-38604",
"url": "https://bugzilla.suse.com/1248333"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38604"
},
{
"cve": "CVE-2025-38605",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38605"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type()\n\nIn ath12k_dp_tx_get_encap_type(), the arvif parameter is only used to\nretrieve the ab pointer. In vdev delete sequence the arvif-\u003ear could\nbecome NULL and that would trigger kernel panic.\nSince the caller ath12k_dp_tx() already has a valid ab pointer, pass it\ndirectly to avoid panic and unnecessary dereferencing.\n\nPC points to \"ath12k_dp_tx+0x228/0x988 [ath12k]\"\nLR points to \"ath12k_dp_tx+0xc8/0x988 [ath12k]\".\nThe Backtrace obtained is as follows:\nath12k_dp_tx+0x228/0x988 [ath12k]\nath12k_mac_tx_check_max_limit+0x608/0x920 [ath12k]\nieee80211_process_measurement_req+0x320/0x348 [mac80211]\nieee80211_tx_dequeue+0x9ac/0x1518 [mac80211]\nieee80211_tx_dequeue+0xb14/0x1518 [mac80211]\nieee80211_tx_prepare_skb+0x224/0x254 [mac80211]\nieee80211_xmit+0xec/0x100 [mac80211]\n__ieee80211_subif_start_xmit+0xc50/0xf40 [mac80211]\nieee80211_subif_start_xmit+0x2e8/0x308 [mac80211]\nnetdev_start_xmit+0x150/0x18c\ndev_hard_start_xmit+0x74/0xc0\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38605",
"url": "https://www.suse.com/security/cve/CVE-2025-38605"
},
{
"category": "external",
"summary": "SUSE Bug 1248334 for CVE-2025-38605",
"url": "https://bugzilla.suse.com/1248334"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38605"
},
{
"cve": "CVE-2025-38608",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38608"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls\n\nWhen sending plaintext data, we initially calculated the corresponding\nciphertext length. However, if we later reduced the plaintext data length\nvia socket policy, we failed to recalculate the ciphertext length.\n\nThis results in transmitting buffers containing uninitialized data during\nciphertext transmission.\n\nThis causes uninitialized bytes to be appended after a complete\n\"Application Data\" packet, leading to errors on the receiving end when\nparsing TLS record.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38608",
"url": "https://www.suse.com/security/cve/CVE-2025-38608"
},
{
"category": "external",
"summary": "SUSE Bug 1248338 for CVE-2025-38608",
"url": "https://bugzilla.suse.com/1248338"
},
{
"category": "external",
"summary": "SUSE Bug 1248670 for CVE-2025-38608",
"url": "https://bugzilla.suse.com/1248670"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38608"
},
{
"cve": "CVE-2025-38609",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38609"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPM / devfreq: Check governor before using governor-\u003ename\n\nCommit 96ffcdf239de (\"PM / devfreq: Remove redundant governor_name from\nstruct devfreq\") removes governor_name and uses governor-\u003ename to replace\nit. But devfreq-\u003egovernor may be NULL and directly using\ndevfreq-\u003egovernor-\u003ename may cause null pointer exception. Move the check of\ngovernor to before using governor-\u003ename.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38609",
"url": "https://www.suse.com/security/cve/CVE-2025-38609"
},
{
"category": "external",
"summary": "SUSE Bug 1248337 for CVE-2025-38609",
"url": "https://bugzilla.suse.com/1248337"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38609"
},
{
"cve": "CVE-2025-38610",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38610"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw()\n\nThe get_pd_power_uw() function can crash with a NULL pointer dereference\nwhen em_cpu_get() returns NULL. This occurs when a CPU becomes impossible\nduring runtime, causing get_cpu_device() to return NULL, which propagates\nthrough em_cpu_get() and leads to a crash when em_span_cpus() dereferences\nthe NULL pointer.\n\nAdd a NULL check after em_cpu_get() and return 0 if unavailable,\nmatching the existing fallback behavior in __dtpm_cpu_setup().\n\n[ rjw: Drop an excess empty code line ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38610",
"url": "https://www.suse.com/security/cve/CVE-2025-38610"
},
{
"category": "external",
"summary": "SUSE Bug 1248395 for CVE-2025-38610",
"url": "https://bugzilla.suse.com/1248395"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38610"
},
{
"cve": "CVE-2025-38612",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38612"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc()\n\nIn the error paths after fb_info structure is successfully allocated,\nthe memory allocated in fb_deferred_io_init() for info-\u003epagerefs is not\nfreed. Fix that by adding the cleanup function on the error path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38612",
"url": "https://www.suse.com/security/cve/CVE-2025-38612"
},
{
"category": "external",
"summary": "SUSE Bug 1248390 for CVE-2025-38612",
"url": "https://bugzilla.suse.com/1248390"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38612"
},
{
"cve": "CVE-2025-38614",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38614"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\neventpoll: Fix semi-unbounded recursion\n\nEnsure that epoll instances can never form a graph deeper than\nEP_MAX_NESTS+1 links.\n\nCurrently, ep_loop_check_proc() ensures that the graph is loop-free and\ndoes some recursion depth checks, but those recursion depth checks don\u0027t\nlimit the depth of the resulting tree for two reasons:\n\n - They don\u0027t look upwards in the tree.\n - If there are multiple downwards paths of different lengths, only one of\n the paths is actually considered for the depth check since commit\n 28d82dc1c4ed (\"epoll: limit paths\").\n\nEssentially, the current recursion depth check in ep_loop_check_proc() just\nserves to prevent it from recursing too deeply while checking for loops.\n\nA more thorough check is done in reverse_path_check() after the new graph\nedge has already been created; this checks, among other things, that no\npaths going upwards from any non-epoll file with a length of more than 5\nedges exist. However, this check does not apply to non-epoll files.\n\nAs a result, it is possible to recurse to a depth of at least roughly 500,\ntested on v6.15. (I am unsure if deeper recursion is possible; and this may\nhave changed with commit 8c44dac8add7 (\"eventpoll: Fix priority inversion\nproblem\").)\n\nTo fix it:\n\n1. In ep_loop_check_proc(), note the subtree depth of each visited node,\nand use subtree depths for the total depth calculation even when a subtree\nhas already been visited.\n2. Add ep_get_upwards_depth_proc() for similarly determining the maximum\ndepth of an upwards walk.\n3. In ep_loop_check(), use these values to limit the total path length\nbetween epoll nodes to EP_MAX_NESTS edges.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38614",
"url": "https://www.suse.com/security/cve/CVE-2025-38614"
},
{
"category": "external",
"summary": "SUSE Bug 1248392 for CVE-2025-38614",
"url": "https://bugzilla.suse.com/1248392"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38614"
},
{
"cve": "CVE-2025-38616",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38616"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: handle data disappearing from under the TLS ULP\n\nTLS expects that it owns the receive queue of the TCP socket.\nThis cannot be guaranteed in case the reader of the TCP socket\nentered before the TLS ULP was installed, or uses some non-standard\nread API (eg. zerocopy ones). Replace the WARN_ON() and a buggy\nearly exit (which leaves anchor pointing to a freed skb) with real\nerror handling. Wipe the parsing state and tell the reader to retry.\n\nWe already reload the anchor every time we (re)acquire the socket lock,\nso the only condition we need to avoid is an out of bounds read\n(not having enough bytes in the socket for previously parsed record len).\n\nIf some data was read from under TLS but there\u0027s enough in the queue\nwe\u0027ll reload and decrypt what is most likely not a valid TLS record.\nLeading to some undefined behavior from TLS perspective (corrupting\na stream? missing an alert? missing an attack?) but no kernel crash\nshould take place.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38616",
"url": "https://www.suse.com/security/cve/CVE-2025-38616"
},
{
"category": "external",
"summary": "SUSE Bug 1248512 for CVE-2025-38616",
"url": "https://bugzilla.suse.com/1248512"
},
{
"category": "external",
"summary": "SUSE Bug 1249537 for CVE-2025-38616",
"url": "https://bugzilla.suse.com/1249537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38616"
},
{
"cve": "CVE-2025-38617",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38617"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/packet: fix a race in packet_set_ring() and packet_notifier()\n\nWhen packet_set_ring() releases po-\u003ebind_lock, another thread can\nrun packet_notifier() and process an NETDEV_UP event.\n\nThis race and the fix are both similar to that of commit 15fe076edea7\n(\"net/packet: fix a race in packet_bind() and packet_notifier()\").\n\nThere too the packet_notifier NETDEV_UP event managed to run while a\npo-\u003ebind_lock critical section had to be temporarily released. And\nthe fix was similarly to temporarily set po-\u003enum to zero to keep\nthe socket unhooked until the lock is retaken.\n\nThe po-\u003ebind_lock in packet_set_ring and packet_notifier precede the\nintroduction of git history.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38617",
"url": "https://www.suse.com/security/cve/CVE-2025-38617"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-38617",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1248621 for CVE-2025-38617",
"url": "https://bugzilla.suse.com/1248621"
},
{
"category": "external",
"summary": "SUSE Bug 1249208 for CVE-2025-38617",
"url": "https://bugzilla.suse.com/1249208"
},
{
"category": "external",
"summary": "SUSE Bug 1253291 for CVE-2025-38617",
"url": "https://bugzilla.suse.com/1253291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38617"
},
{
"cve": "CVE-2025-38618",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38618"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Do not allow binding to VMADDR_PORT_ANY\n\nIt is possible for a vsock to autobind to VMADDR_PORT_ANY. This can\ncause a use-after-free when a connection is made to the bound socket.\nThe socket returned by accept() also has port VMADDR_PORT_ANY but is not\non the list of unbound sockets. Binding it will result in an extra\nrefcount decrement similar to the one fixed in fcdd2242c023 (vsock: Keep\nthe binding until socket destruction).\n\nModify the check in __vsock_bind_connectible() to also prevent binding\nto VMADDR_PORT_ANY.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38618",
"url": "https://www.suse.com/security/cve/CVE-2025-38618"
},
{
"category": "external",
"summary": "SUSE Bug 1248511 for CVE-2025-38618",
"url": "https://bugzilla.suse.com/1248511"
},
{
"category": "external",
"summary": "SUSE Bug 1249207 for CVE-2025-38618",
"url": "https://bugzilla.suse.com/1249207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38618"
},
{
"cve": "CVE-2025-38619",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38619"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: ti: j721e-csi2rx: fix list_del corruption\n\nIf ti_csi2rx_start_dma() fails in ti_csi2rx_dma_callback(), the buffer is\nmarked done with VB2_BUF_STATE_ERROR but is not removed from the DMA queue.\nThis causes the same buffer to be retried in the next iteration, resulting\nin a double list_del() and eventual list corruption.\n\nFix this by removing the buffer from the queue before calling\nvb2_buffer_done() on error.\n\nThis resolves a crash due to list_del corruption:\n[ 37.811243] j721e-csi2rx 30102000.ticsi2rx: Failed to queue the next buffer for DMA\n[ 37.832187] slab kmalloc-2k start ffff00000255b000 pointer offset 1064 size 2048\n[ 37.839761] list_del corruption. next-\u003eprev should be ffff00000255bc28, but was ffff00000255d428. (next=ffff00000255b428)\n[ 37.850799] ------------[ cut here ]------------\n[ 37.855424] kernel BUG at lib/list_debug.c:65!\n[ 37.859876] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP\n[ 37.866061] Modules linked in: i2c_dev usb_f_rndis u_ether libcomposite dwc3 udc_core usb_common aes_ce_blk aes_ce_cipher ghash_ce gf128mul sha1_ce cpufreq_dt dwc3_am62 phy_gmii_sel sa2ul\n[ 37.882830] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.16.0-rc3+ #28 VOLUNTARY\n[ 37.890851] Hardware name: Bosch STLA-GSRV2-B0 (DT)\n[ 37.895737] pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 37.902703] pc : __list_del_entry_valid_or_report+0xdc/0x114\n[ 37.908390] lr : __list_del_entry_valid_or_report+0xdc/0x114\n[ 37.914059] sp : ffff800080003db0\n[ 37.917375] x29: ffff800080003db0 x28: 0000000000000007 x27: ffff800080e50000\n[ 37.924521] x26: 0000000000000000 x25: ffff0000016abb50 x24: dead000000000122\n[ 37.931666] x23: ffff0000016abb78 x22: ffff0000016ab080 x21: ffff800080003de0\n[ 37.938810] x20: ffff00000255bc00 x19: ffff00000255b800 x18: 000000000000000a\n[ 37.945956] x17: 20747562202c3832 x16: 6362353532303030 x15: 0720072007200720\n[ 37.953101] x14: 0720072007200720 x13: 0720072007200720 x12: 00000000ffffffea\n[ 37.960248] x11: ffff800080003b18 x10: 00000000ffffefff x9 : ffff800080f5b568\n[ 37.967396] x8 : ffff800080f5b5c0 x7 : 0000000000017fe8 x6 : c0000000ffffefff\n[ 37.974542] x5 : ffff00000fea6688 x4 : 0000000000000000 x3 : 0000000000000000\n[ 37.981686] x2 : 0000000000000000 x1 : ffff800080ef2b40 x0 : 000000000000006d\n[ 37.988832] Call trace:\n[ 37.991281] __list_del_entry_valid_or_report+0xdc/0x114 (P)\n[ 37.996959] ti_csi2rx_dma_callback+0x84/0x1c4\n[ 38.001419] udma_vchan_complete+0x1e0/0x344\n[ 38.005705] tasklet_action_common+0x118/0x310\n[ 38.010163] tasklet_action+0x30/0x3c\n[ 38.013832] handle_softirqs+0x10c/0x2e0\n[ 38.017761] __do_softirq+0x14/0x20\n[ 38.021256] ____do_softirq+0x10/0x20\n[ 38.024931] call_on_irq_stack+0x24/0x60\n[ 38.028873] do_softirq_own_stack+0x1c/0x40\n[ 38.033064] __irq_exit_rcu+0x130/0x15c\n[ 38.036909] irq_exit_rcu+0x10/0x20\n[ 38.040403] el1_interrupt+0x38/0x60\n[ 38.043987] el1h_64_irq_handler+0x18/0x24\n[ 38.048091] el1h_64_irq+0x6c/0x70\n[ 38.051501] default_idle_call+0x34/0xe0 (P)\n[ 38.055783] do_idle+0x1f8/0x250\n[ 38.059021] cpu_startup_entry+0x34/0x3c\n[ 38.062951] rest_init+0xb4/0xc0\n[ 38.066186] console_on_rootfs+0x0/0x6c\n[ 38.070031] __primary_switched+0x88/0x90\n[ 38.074059] Code: b00037e0 91378000 f9400462 97e9bf49 (d4210000)\n[ 38.080168] ---[ end trace 0000000000000000 ]---\n[ 38.084795] Kernel panic - not syncing: Oops - BUG: Fatal exception in interrupt\n[ 38.092197] SMP: stopping secondary CPUs\n[ 38.096139] Kernel Offset: disabled\n[ 38.099631] CPU features: 0x0000,00002000,02000801,0400420b\n[ 38.105202] Memory Limit: none\n[ 38.108260] ---[ end Kernel panic - not syncing: Oops - BUG: Fatal exception in interrupt ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38619",
"url": "https://www.suse.com/security/cve/CVE-2025-38619"
},
{
"category": "external",
"summary": "SUSE Bug 1248664 for CVE-2025-38619",
"url": "https://bugzilla.suse.com/1248664"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38619"
},
{
"cve": "CVE-2025-38621",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38621"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: make rdev_addable usable for rcu mode\n\nOur testcase trigger panic:\n\nBUG: kernel NULL pointer dereference, address: 00000000000000e0\n...\nOops: Oops: 0000 [#1] SMP NOPTI\nCPU: 2 UID: 0 PID: 85 Comm: kworker/2:1 Not tainted 6.16.0+ #94\nPREEMPT(none)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.16.1-2.fc37 04/01/2014\nWorkqueue: md_misc md_start_sync\nRIP: 0010:rdev_addable+0x4d/0xf0\n...\nCall Trace:\n \u003cTASK\u003e\n md_start_sync+0x329/0x480\n process_one_work+0x226/0x6d0\n worker_thread+0x19e/0x340\n kthread+0x10f/0x250\n ret_from_fork+0x14d/0x180\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\nModules linked in: raid10\nCR2: 00000000000000e0\n---[ end trace 0000000000000000 ]---\nRIP: 0010:rdev_addable+0x4d/0xf0\n\nmd_spares_need_change in md_start_sync will call rdev_addable which\nprotected by rcu_read_lock/rcu_read_unlock. This rcu context will help\nprotect rdev won\u0027t be released, but rdev-\u003emddev will be set to NULL\nbefore we call synchronize_rcu in md_kick_rdev_from_array. Fix this by\nusing READ_ONCE and check does rdev-\u003emddev still alive.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38621",
"url": "https://www.suse.com/security/cve/CVE-2025-38621"
},
{
"category": "external",
"summary": "SUSE Bug 1248609 for CVE-2025-38621",
"url": "https://bugzilla.suse.com/1248609"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38621"
},
{
"cve": "CVE-2025-38622",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38622"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: drop UFO packets in udp_rcv_segment()\n\nWhen sending a packet with virtio_net_hdr to tun device, if the gso_type\nin virtio_net_hdr is SKB_GSO_UDP and the gso_size is less than udphdr\nsize, below crash may happen.\n\n ------------[ cut here ]------------\n kernel BUG at net/core/skbuff.c:4572!\n Oops: invalid opcode: 0000 [#1] SMP NOPTI\n CPU: 0 UID: 0 PID: 62 Comm: mytest Not tainted 6.16.0-rc7 #203 PREEMPT(voluntary)\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n RIP: 0010:skb_pull_rcsum+0x8e/0xa0\n Code: 00 00 5b c3 cc cc cc cc 8b 93 88 00 00 00 f7 da e8 37 44 38 00 f7 d8 89 83 88 00 00 00 48 8b 83 c8 00 00 00 5b c3 cc cc cc cc \u003c0f\u003e 0b 0f 0b 66 66 2e 0f 1f 84 00 000\n RSP: 0018:ffffc900001fba38 EFLAGS: 00000297\n RAX: 0000000000000004 RBX: ffff8880040c1000 RCX: ffffc900001fb948\n RDX: ffff888003e6d700 RSI: 0000000000000008 RDI: ffff88800411a062\n RBP: ffff8880040c1000 R08: 0000000000000000 R09: 0000000000000001\n R10: ffff888003606c00 R11: 0000000000000001 R12: 0000000000000000\n R13: ffff888004060900 R14: ffff888004050000 R15: ffff888004060900\n FS: 000000002406d3c0(0000) GS:ffff888084a19000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000020000040 CR3: 0000000004007000 CR4: 00000000000006f0\n Call Trace:\n \u003cTASK\u003e\n udp_queue_rcv_one_skb+0x176/0x4b0 net/ipv4/udp.c:2445\n udp_queue_rcv_skb+0x155/0x1f0 net/ipv4/udp.c:2475\n udp_unicast_rcv_skb+0x71/0x90 net/ipv4/udp.c:2626\n __udp4_lib_rcv+0x433/0xb00 net/ipv4/udp.c:2690\n ip_protocol_deliver_rcu+0xa6/0x160 net/ipv4/ip_input.c:205\n ip_local_deliver_finish+0x72/0x90 net/ipv4/ip_input.c:233\n ip_sublist_rcv_finish+0x5f/0x70 net/ipv4/ip_input.c:579\n ip_sublist_rcv+0x122/0x1b0 net/ipv4/ip_input.c:636\n ip_list_rcv+0xf7/0x130 net/ipv4/ip_input.c:670\n __netif_receive_skb_list_core+0x21d/0x240 net/core/dev.c:6067\n netif_receive_skb_list_internal+0x186/0x2b0 net/core/dev.c:6210\n napi_complete_done+0x78/0x180 net/core/dev.c:6580\n tun_get_user+0xa63/0x1120 drivers/net/tun.c:1909\n tun_chr_write_iter+0x65/0xb0 drivers/net/tun.c:1984\n vfs_write+0x300/0x420 fs/read_write.c:593\n ksys_write+0x60/0xd0 fs/read_write.c:686\n do_syscall_64+0x50/0x1c0 arch/x86/entry/syscall_64.c:63\n \u003c/TASK\u003e\n\nTo trigger gso segment in udp_queue_rcv_skb(), we should also set option\nUDP_ENCAP_ESPINUDP to enable udp_sk(sk)-\u003eencap_rcv. When the encap_rcv\nhook return 1 in udp_queue_rcv_one_skb(), udp_csum_pull_header() will try\nto pull udphdr, but the skb size has been segmented to gso size, which\nleads to this crash.\n\nPrevious commit cf329aa42b66 (\"udp: cope with UDP GRO packet misdirection\")\nintroduces segmentation in UDP receive path only for GRO, which was never\nintended to be used for UFO, so drop UFO packets in udp_rcv_segment().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38622",
"url": "https://www.suse.com/security/cve/CVE-2025-38622"
},
{
"category": "external",
"summary": "SUSE Bug 1248619 for CVE-2025-38622",
"url": "https://bugzilla.suse.com/1248619"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38622"
},
{
"cve": "CVE-2025-38623",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38623"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: pnv_php: Fix surprise plug detection and recovery\n\nThe existing PowerNV hotplug code did not handle surprise plug events\ncorrectly, leading to a complete failure of the hotplug system after device\nremoval and a required reboot to detect new devices.\n\nThis comes down to two issues:\n\n 1) When a device is surprise removed, often the bridge upstream\n port will cause a PE freeze on the PHB. If this freeze is not\n cleared, the MSI interrupts from the bridge hotplug notification\n logic will not be received by the kernel, stalling all plug events\n on all slots associated with the PE.\n\n 2) When a device is removed from a slot, regardless of surprise or\n programmatic removal, the associated PHB/PE ls left frozen.\n If this freeze is not cleared via a fundamental reset, skiboot\n is unable to clear the freeze and cannot retrain / rescan the\n slot. This also requires a reboot to clear the freeze and redetect\n the device in the slot.\n\nIssue the appropriate unfreeze and rescan commands on hotplug events,\nand don\u0027t oops on hotplug if pci_bus_to_OF_node() returns NULL.\n\n[bhelgaas: tidy comments]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38623",
"url": "https://www.suse.com/security/cve/CVE-2025-38623"
},
{
"category": "external",
"summary": "SUSE Bug 1248610 for CVE-2025-38623",
"url": "https://bugzilla.suse.com/1248610"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "low"
}
],
"title": "CVE-2025-38623"
},
{
"cve": "CVE-2025-38624",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38624"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: pnv_php: Clean up allocated IRQs on unplug\n\nWhen the root of a nested PCIe bridge configuration is unplugged, the\npnv_php driver leaked the allocated IRQ resources for the child bridges\u0027\nhotplug event notifications, resulting in a panic.\n\nFix this by walking all child buses and deallocating all its IRQ resources\nbefore calling pci_hp_remove_devices().\n\nAlso modify the lifetime of the workqueue at struct pnv_php_slot::wq so\nthat it is only destroyed in pnv_php_free_slot(), instead of\npnv_php_disable_irq(). This is required since pnv_php_disable_irq() will\nnow be called by workers triggered by hot unplug interrupts, so the\nworkqueue needs to stay allocated.\n\nThe abridged kernel panic that occurs without this patch is as follows:\n\n WARNING: CPU: 0 PID: 687 at kernel/irq/msi.c:292 msi_device_data_release+0x6c/0x9c\n CPU: 0 UID: 0 PID: 687 Comm: bash Not tainted 6.14.0-rc5+ #2\n Call Trace:\n msi_device_data_release+0x34/0x9c (unreliable)\n release_nodes+0x64/0x13c\n devres_release_all+0xc0/0x140\n device_del+0x2d4/0x46c\n pci_destroy_dev+0x5c/0x194\n pci_hp_remove_devices+0x90/0x128\n pci_hp_remove_devices+0x44/0x128\n pnv_php_disable_slot+0x54/0xd4\n power_write_file+0xf8/0x18c\n pci_slot_attr_store+0x40/0x5c\n sysfs_kf_write+0x64/0x78\n kernfs_fop_write_iter+0x1b0/0x290\n vfs_write+0x3bc/0x50c\n ksys_write+0x84/0x140\n system_call_exception+0x124/0x230\n system_call_vectored_common+0x15c/0x2ec\n\n[bhelgaas: tidy comments]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38624",
"url": "https://www.suse.com/security/cve/CVE-2025-38624"
},
{
"category": "external",
"summary": "SUSE Bug 1248617 for CVE-2025-38624",
"url": "https://bugzilla.suse.com/1248617"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38624"
},
{
"cve": "CVE-2025-38628",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38628"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa/mlx5: Fix release of uninitialized resources on error path\n\nThe commit in the fixes tag made sure that mlx5_vdpa_free()\nis the single entrypoint for removing the vdpa device resources\nadded in mlx5_vdpa_dev_add(), even in the cleanup path of\nmlx5_vdpa_dev_add().\n\nThis means that all functions from mlx5_vdpa_free() should be able to\nhandle uninitialized resources. This was not the case though:\nmlx5_vdpa_destroy_mr_resources() and mlx5_cmd_cleanup_async_ctx()\nwere not able to do so. This caused the splat below when adding\na vdpa device without a MAC address.\n\nThis patch fixes these remaining issues:\n\n- Makes mlx5_vdpa_destroy_mr_resources() return early if called on\n uninitialized resources.\n\n- Moves mlx5_cmd_init_async_ctx() early on during device addition\n because it can\u0027t fail. This means that mlx5_cmd_cleanup_async_ctx()\n also can\u0027t fail. To mirror this, move the call site of\n mlx5_cmd_cleanup_async_ctx() in mlx5_vdpa_free().\n\nAn additional comment was added in mlx5_vdpa_free() to document\nthe expectations of functions called from this context.\n\nSplat:\n\n mlx5_core 0000:b5:03.2: mlx5_vdpa_dev_add:3950:(pid 2306) warning: No mac address provisioned?\n ------------[ cut here ]------------\n WARNING: CPU: 13 PID: 2306 at kernel/workqueue.c:4207 __flush_work+0x9a/0xb0\n [...]\n Call Trace:\n \u003cTASK\u003e\n ? __try_to_del_timer_sync+0x61/0x90\n ? __timer_delete_sync+0x2b/0x40\n mlx5_vdpa_destroy_mr_resources+0x1c/0x40 [mlx5_vdpa]\n mlx5_vdpa_free+0x45/0x160 [mlx5_vdpa]\n vdpa_release_dev+0x1e/0x50 [vdpa]\n device_release+0x31/0x90\n kobject_cleanup+0x37/0x130\n mlx5_vdpa_dev_add+0x327/0x890 [mlx5_vdpa]\n vdpa_nl_cmd_dev_add_set_doit+0x2c1/0x4d0 [vdpa]\n genl_family_rcv_msg_doit+0xd8/0x130\n genl_family_rcv_msg+0x14b/0x220\n ? __pfx_vdpa_nl_cmd_dev_add_set_doit+0x10/0x10 [vdpa]\n genl_rcv_msg+0x47/0xa0\n ? __pfx_genl_rcv_msg+0x10/0x10\n netlink_rcv_skb+0x53/0x100\n genl_rcv+0x24/0x40\n netlink_unicast+0x27b/0x3b0\n netlink_sendmsg+0x1f7/0x430\n __sys_sendto+0x1fa/0x210\n ? ___pte_offset_map+0x17/0x160\n ? next_uptodate_folio+0x85/0x2b0\n ? percpu_counter_add_batch+0x51/0x90\n ? filemap_map_pages+0x515/0x660\n __x64_sys_sendto+0x20/0x30\n do_syscall_64+0x7b/0x2c0\n ? do_read_fault+0x108/0x220\n ? do_pte_missing+0x14a/0x3e0\n ? __handle_mm_fault+0x321/0x730\n ? count_memcg_events+0x13f/0x180\n ? handle_mm_fault+0x1fb/0x2d0\n ? do_user_addr_fault+0x20c/0x700\n ? syscall_exit_work+0x104/0x140\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n RIP: 0033:0x7f0c25b0feca\n [...]\n ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38628",
"url": "https://www.suse.com/security/cve/CVE-2025-38628"
},
{
"category": "external",
"summary": "SUSE Bug 1248616 for CVE-2025-38628",
"url": "https://bugzilla.suse.com/1248616"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38628"
},
{
"cve": "CVE-2025-38630",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38630"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref\n\nfb_add_videomode() can fail with -ENOMEM when its internal kmalloc() cannot\nallocate a struct fb_modelist. If that happens, the modelist stays empty but\nthe driver continues to register. Add a check for its return value to prevent\npoteintial null-ptr-deref, which is similar to the commit 17186f1f90d3 (\"fbdev:\nFix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38630",
"url": "https://www.suse.com/security/cve/CVE-2025-38630"
},
{
"category": "external",
"summary": "SUSE Bug 1248575 for CVE-2025-38630",
"url": "https://bugzilla.suse.com/1248575"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38630"
},
{
"cve": "CVE-2025-38631",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38631"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: imx95-blk-ctl: Fix synchronous abort\n\nWhen enabling runtime PM for clock suppliers that also belong to a power\ndomain, the following crash is thrown:\nerror: synchronous external abort: 0000000096000010 [#1] PREEMPT SMP\nWorkqueue: events_unbound deferred_probe_work_func\npstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : clk_mux_get_parent+0x60/0x90\nlr : clk_core_reparent_orphans_nolock+0x58/0xd8\n Call trace:\n clk_mux_get_parent+0x60/0x90\n clk_core_reparent_orphans_nolock+0x58/0xd8\n of_clk_add_hw_provider.part.0+0x90/0x100\n of_clk_add_hw_provider+0x1c/0x38\n imx95_bc_probe+0x2e0/0x3f0\n platform_probe+0x70/0xd8\n\nEnabling runtime PM without explicitly resuming the device caused\nthe power domain cut off after clk_register() is called. As a result,\na crash happens when the clock hardware provider is added and attempts\nto access the BLK_CTL register.\n\nFix this by using devm_pm_runtime_enable() instead of pm_runtime_enable()\nand getting rid of the pm_runtime_disable() in the cleanup path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38631",
"url": "https://www.suse.com/security/cve/CVE-2025-38631"
},
{
"category": "external",
"summary": "SUSE Bug 1248662 for CVE-2025-38631",
"url": "https://bugzilla.suse.com/1248662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38631"
},
{
"cve": "CVE-2025-38632",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38632"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npinmux: fix race causing mux_owner NULL with active mux_usecount\n\ncommit 5a3e85c3c397 (\"pinmux: Use sequential access to access\ndesc-\u003epinmux data\") tried to address the issue when two client of the\nsame gpio calls pinctrl_select_state() for the same functionality, was\nresulting in NULL pointer issue while accessing desc-\u003emux_owner.\nHowever, issue was not completely fixed due to the way it was handled\nand it can still result in the same NULL pointer.\n\nThe issue occurs due to the following interleaving:\n\n cpu0 (process A) cpu1 (process B)\n\n pin_request() { pin_free() {\n\n mutex_lock()\n desc-\u003emux_usecount--; //becomes 0\n ..\n mutex_unlock()\n\n mutex_lock(desc-\u003emux)\n desc-\u003emux_usecount++; // becomes 1\n desc-\u003emux_owner = owner;\n mutex_unlock(desc-\u003emux)\n\n mutex_lock(desc-\u003emux)\n desc-\u003emux_owner = NULL;\n mutex_unlock(desc-\u003emux)\n\nThis sequence leads to a state where the pin appears to be in use\n(`mux_usecount == 1`) but has no owner (`mux_owner == NULL`), which can\ncause NULL pointer on next pin_request on the same pin.\n\nEnsure that updates to mux_usecount and mux_owner are performed\natomically under the same lock. Only clear mux_owner when mux_usecount\nreaches zero and no new owner has been assigned.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38632",
"url": "https://www.suse.com/security/cve/CVE-2025-38632"
},
{
"category": "external",
"summary": "SUSE Bug 1248669 for CVE-2025-38632",
"url": "https://bugzilla.suse.com/1248669"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38632"
},
{
"cve": "CVE-2025-38634",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38634"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npower: supply: cpcap-charger: Fix null check for power_supply_get_by_name\n\nIn the cpcap_usb_detect() function, the power_supply_get_by_name()\nfunction may return `NULL` instead of an error pointer.\nTo prevent potential null pointer dereferences, Added a null check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38634",
"url": "https://www.suse.com/security/cve/CVE-2025-38634"
},
{
"category": "external",
"summary": "SUSE Bug 1248666 for CVE-2025-38634",
"url": "https://bugzilla.suse.com/1248666"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38634"
},
{
"cve": "CVE-2025-38635",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38635"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: davinci: Add NULL check in davinci_lpsc_clk_register()\n\ndevm_kasprintf() returns NULL when memory allocation fails. Currently,\ndavinci_lpsc_clk_register() does not check for this case, which results\nin a NULL pointer dereference.\n\nAdd NULL check after devm_kasprintf() to prevent this issue and ensuring\nno resources are left allocated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38635",
"url": "https://www.suse.com/security/cve/CVE-2025-38635"
},
{
"category": "external",
"summary": "SUSE Bug 1248573 for CVE-2025-38635",
"url": "https://bugzilla.suse.com/1248573"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38635"
},
{
"cve": "CVE-2025-38639",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38639"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: xt_nfacct: don\u0027t assume acct name is null-terminated\n\nBUG: KASAN: slab-out-of-bounds in .. lib/vsprintf.c:721\nRead of size 1 at addr ffff88801eac95c8 by task syz-executor183/5851\n[..]\n string+0x231/0x2b0 lib/vsprintf.c:721\n vsnprintf+0x739/0xf00 lib/vsprintf.c:2874\n [..]\n nfacct_mt_checkentry+0xd2/0xe0 net/netfilter/xt_nfacct.c:41\n xt_check_match+0x3d1/0xab0 net/netfilter/x_tables.c:523\n\nnfnl_acct_find_get() handles non-null input, but the error\nprintk relied on its presence.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38639",
"url": "https://www.suse.com/security/cve/CVE-2025-38639"
},
{
"category": "external",
"summary": "SUSE Bug 1248674 for CVE-2025-38639",
"url": "https://bugzilla.suse.com/1248674"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38639"
},
{
"cve": "CVE-2025-38640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38640"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Disable migration in nf_hook_run_bpf().\n\nsyzbot reported that the netfilter bpf prog can be called without\nmigration disabled in xmit path.\n\nThen the assertion in __bpf_prog_run() fails, triggering the splat\nbelow. [0]\n\nLet\u0027s use bpf_prog_run_pin_on_cpu() in nf_hook_run_bpf().\n\n[0]:\nBUG: assuming non migratable context at ./include/linux/filter.h:703\nin_atomic(): 0, irqs_disabled(): 0, migration_disabled() 0 pid: 5829, name: sshd-session\n3 locks held by sshd-session/5829:\n #0: ffff88807b4e4218 (sk_lock-AF_INET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1667 [inline]\n #0: ffff88807b4e4218 (sk_lock-AF_INET){+.+.}-{0:0}, at: tcp_sendmsg+0x20/0x50 net/ipv4/tcp.c:1395\n #1: ffffffff8e5c4e00 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]\n #1: ffffffff8e5c4e00 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]\n #1: ffffffff8e5c4e00 (rcu_read_lock){....}-{1:3}, at: __ip_queue_xmit+0x69/0x26c0 net/ipv4/ip_output.c:470\n #2: ffffffff8e5c4e00 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]\n #2: ffffffff8e5c4e00 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]\n #2: ffffffff8e5c4e00 (rcu_read_lock){....}-{1:3}, at: nf_hook+0xb2/0x680 include/linux/netfilter.h:241\nCPU: 0 UID: 0 PID: 5829 Comm: sshd-session Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120\n __cant_migrate kernel/sched/core.c:8860 [inline]\n __cant_migrate+0x1c7/0x250 kernel/sched/core.c:8834\n __bpf_prog_run include/linux/filter.h:703 [inline]\n bpf_prog_run include/linux/filter.h:725 [inline]\n nf_hook_run_bpf+0x83/0x1e0 net/netfilter/nf_bpf_link.c:20\n nf_hook_entry_hookfn include/linux/netfilter.h:157 [inline]\n nf_hook_slow+0xbb/0x200 net/netfilter/core.c:623\n nf_hook+0x370/0x680 include/linux/netfilter.h:272\n NF_HOOK_COND include/linux/netfilter.h:305 [inline]\n ip_output+0x1bc/0x2a0 net/ipv4/ip_output.c:433\n dst_output include/net/dst.h:459 [inline]\n ip_local_out net/ipv4/ip_output.c:129 [inline]\n __ip_queue_xmit+0x1d7d/0x26c0 net/ipv4/ip_output.c:527\n __tcp_transmit_skb+0x2686/0x3e90 net/ipv4/tcp_output.c:1479\n tcp_transmit_skb net/ipv4/tcp_output.c:1497 [inline]\n tcp_write_xmit+0x1274/0x84e0 net/ipv4/tcp_output.c:2838\n __tcp_push_pending_frames+0xaf/0x390 net/ipv4/tcp_output.c:3021\n tcp_push+0x225/0x700 net/ipv4/tcp.c:759\n tcp_sendmsg_locked+0x1870/0x42b0 net/ipv4/tcp.c:1359\n tcp_sendmsg+0x2e/0x50 net/ipv4/tcp.c:1396\n inet_sendmsg+0xb9/0x140 net/ipv4/af_inet.c:851\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg net/socket.c:727 [inline]\n sock_write_iter+0x4aa/0x5b0 net/socket.c:1131\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x6c7/0x1150 fs/read_write.c:686\n ksys_write+0x1f8/0x250 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fe7d365d407\nCode: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 \u003c5b\u003e c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff\nRSP:",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38640",
"url": "https://www.suse.com/security/cve/CVE-2025-38640"
},
{
"category": "external",
"summary": "SUSE Bug 1248622 for CVE-2025-38640",
"url": "https://bugzilla.suse.com/1248622"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38640"
},
{
"cve": "CVE-2025-38643",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38643"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac()\n\nCallers of wdev_chandef() must hold the wiphy mutex.\n\nBut the worker cfg80211_propagate_cac_done_wk() never takes the lock.\nWhich triggers the warning below with the mesh_peer_connected_dfs\ntest from hostapd and not (yet) released mac80211 code changes:\n\nWARNING: CPU: 0 PID: 495 at net/wireless/chan.c:1552 wdev_chandef+0x60/0x165\nModules linked in:\nCPU: 0 UID: 0 PID: 495 Comm: kworker/u4:2 Not tainted 6.14.0-rc5-wt-g03960e6f9d47 #33 13c287eeabfe1efea01c0bcc863723ab082e17cf\nWorkqueue: cfg80211 cfg80211_propagate_cac_done_wk\nStack:\n 00000000 00000001 ffffff00 6093267c\n 00000000 6002ec30 6d577c50 60037608\n 00000000 67e8d108 6063717b 00000000\nCall Trace:\n [\u003c6002ec30\u003e] ? _printk+0x0/0x98\n [\u003c6003c2b3\u003e] show_stack+0x10e/0x11a\n [\u003c6002ec30\u003e] ? _printk+0x0/0x98\n [\u003c60037608\u003e] dump_stack_lvl+0x71/0xb8\n [\u003c6063717b\u003e] ? wdev_chandef+0x60/0x165\n [\u003c6003766d\u003e] dump_stack+0x1e/0x20\n [\u003c6005d1b7\u003e] __warn+0x101/0x20f\n [\u003c6005d3a8\u003e] warn_slowpath_fmt+0xe3/0x15d\n [\u003c600b0c5c\u003e] ? mark_lock.part.0+0x0/0x4ec\n [\u003c60751191\u003e] ? __this_cpu_preempt_check+0x0/0x16\n [\u003c600b11a2\u003e] ? mark_held_locks+0x5a/0x6e\n [\u003c6005d2c5\u003e] ? warn_slowpath_fmt+0x0/0x15d\n [\u003c60052e53\u003e] ? unblock_signals+0x3a/0xe7\n [\u003c60052f2d\u003e] ? um_set_signals+0x2d/0x43\n [\u003c60751191\u003e] ? __this_cpu_preempt_check+0x0/0x16\n [\u003c607508b2\u003e] ? lock_is_held_type+0x207/0x21f\n [\u003c6063717b\u003e] wdev_chandef+0x60/0x165\n [\u003c605f89b4\u003e] regulatory_propagate_dfs_state+0x247/0x43f\n [\u003c60052f00\u003e] ? um_set_signals+0x0/0x43\n [\u003c605e6bfd\u003e] cfg80211_propagate_cac_done_wk+0x3a/0x4a\n [\u003c6007e460\u003e] process_scheduled_works+0x3bc/0x60e\n [\u003c6007d0ec\u003e] ? move_linked_works+0x4d/0x81\n [\u003c6007d120\u003e] ? assign_work+0x0/0xaa\n [\u003c6007f81f\u003e] worker_thread+0x220/0x2dc\n [\u003c600786ef\u003e] ? set_pf_worker+0x0/0x57\n [\u003c60087c96\u003e] ? to_kthread+0x0/0x43\n [\u003c6008ab3c\u003e] kthread+0x2d3/0x2e2\n [\u003c6007f5ff\u003e] ? worker_thread+0x0/0x2dc\n [\u003c6006c05b\u003e] ? calculate_sigpending+0x0/0x56\n [\u003c6003b37d\u003e] new_thread_handler+0x4a/0x64\nirq event stamp: 614611\nhardirqs last enabled at (614621): [\u003c00000000600bc96b\u003e] __up_console_sem+0x82/0xaf\nhardirqs last disabled at (614630): [\u003c00000000600bc92c\u003e] __up_console_sem+0x43/0xaf\nsoftirqs last enabled at (614268): [\u003c00000000606c55c6\u003e] __ieee80211_wake_queue+0x933/0x985\nsoftirqs last disabled at (614266): [\u003c00000000606c52d6\u003e] __ieee80211_wake_queue+0x643/0x985",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38643",
"url": "https://www.suse.com/security/cve/CVE-2025-38643"
},
{
"category": "external",
"summary": "SUSE Bug 1248681 for CVE-2025-38643",
"url": "https://bugzilla.suse.com/1248681"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38643"
},
{
"cve": "CVE-2025-38644",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38644"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: reject TDLS operations when station is not associated\n\nsyzbot triggered a WARN in ieee80211_tdls_oper() by sending\nNL80211_TDLS_ENABLE_LINK immediately after NL80211_CMD_CONNECT,\nbefore association completed and without prior TDLS setup.\n\nThis left internal state like sdata-\u003eu.mgd.tdls_peer uninitialized,\nleading to a WARN_ON() in code paths that assumed it was valid.\n\nReject the operation early if not in station mode or not associated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38644",
"url": "https://www.suse.com/security/cve/CVE-2025-38644"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-38644",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1248748 for CVE-2025-38644",
"url": "https://bugzilla.suse.com/1248748"
},
{
"category": "external",
"summary": "SUSE Bug 1248749 for CVE-2025-38644",
"url": "https://bugzilla.suse.com/1248749"
},
{
"category": "external",
"summary": "SUSE Bug 1253291 for CVE-2025-38644",
"url": "https://bugzilla.suse.com/1253291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38644"
},
{
"cve": "CVE-2025-38646",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38646"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band\n\nWith a quite rare chance, RX report might be problematic to make SW think\na packet is received on 6 GHz band even if the chip does not support 6 GHz\nband actually. Since SW won\u0027t initialize stuffs for unsupported bands, NULL\ndereference will happen then in the sequence, rtw89_vif_rx_stats_iter() -\u003e\nrtw89_core_cancel_6ghz_probe_tx(). So, add a check to avoid it.\n\nThe following is a crash log for this case.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000032\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 1 PID: 1907 Comm: irq/131-rtw89_p Tainted: G U 6.6.56-05896-g89f5fb0eb30b #1 (HASH:1400 4)\n Hardware name: Google Telith/Telith, BIOS Google_Telith.15217.747.0 11/12/2024\n RIP: 0010:rtw89_vif_rx_stats_iter+0xd2/0x310 [rtw89_core]\n Code: 4c 89 7d c8 48 89 55 c0 49 8d 44 24 02 48 89 45 b8 45 31 ff eb 11\n 41 c6 45 3a 01 41 b7 01 4d 8b 6d 00 4d 39 f5 74 42 8b 43 10 \u003c41\u003e 33 45\n 32 0f b7 4b 14 66 41 33 4d 36 0f b7 c9 09 c1 74 d8 4d 85\n RSP: 0018:ffff9f3080138ca0 EFLAGS: 00010246\n RAX: 00000000b8bf5770 RBX: ffff91b5e8c639c0 RCX: 0000000000000011\n RDX: ffff91b582de1be8 RSI: 0000000000000000 RDI: ffff91b5e8c639e6\n RBP: ffff9f3080138d00 R08: 0000000000000000 R09: 0000000000000000\n R10: ffff91b59de70000 R11: ffffffffc069be50 R12: ffff91b5e8c639e4\n R13: 0000000000000000 R14: ffff91b5828020b8 R15: 0000000000000000\n FS: 0000000000000000(0000) GS:ffff91b8efa40000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000032 CR3: 00000002bf838000 CR4: 0000000000750ee0\n PKRU: 55555554\n Call Trace:\n \u003cIRQ\u003e\n ? __die_body+0x68/0xb0\n ? page_fault_oops+0x379/0x3e0\n ? exc_page_fault+0x4f/0xa0\n ? asm_exc_page_fault+0x22/0x30\n ? __pfx_rtw89_vif_rx_stats_iter+0x10/0x10 [rtw89_core (HASH:1400 5)]\n ? rtw89_vif_rx_stats_iter+0xd2/0x310 [rtw89_core (HASH:1400 5)]\n __iterate_interfaces+0x59/0x110 [mac80211 (HASH:1400 6)]\n ? __pfx_rtw89_vif_rx_stats_iter+0x10/0x10 [rtw89_core (HASH:1400 5)]\n ? __pfx_rtw89_vif_rx_stats_iter+0x10/0x10 [rtw89_core (HASH:1400 5)]\n ieee80211_iterate_active_interfaces_atomic+0x36/0x50 [mac80211 (HASH:1400 6)]\n rtw89_core_rx_to_mac80211+0xfd/0x1b0 [rtw89_core (HASH:1400 5)]\n rtw89_core_rx+0x43a/0x980 [rtw89_core (HASH:1400 5)]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38646",
"url": "https://www.suse.com/security/cve/CVE-2025-38646"
},
{
"category": "external",
"summary": "SUSE Bug 1248577 for CVE-2025-38646",
"url": "https://bugzilla.suse.com/1248577"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38646"
},
{
"cve": "CVE-2025-38648",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38648"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: stm32: Check for cfg availability in stm32_spi_probe\n\nThe stm32_spi_probe function now includes a check to ensure that the\npointer returned by of_device_get_match_data is not NULL before\naccessing its members. This resolves a warning where a potential NULL\npointer dereference could occur when accessing cfg-\u003ehas_device_mode.\n\nBefore accessing the \u0027has_device_mode\u0027 member, we verify that \u0027cfg\u0027 is\nnot NULL. If \u0027cfg\u0027 is NULL, an error message is logged.\n\nThis change ensures that the driver does not attempt to access\nconfiguration data if it is not available, thus preventing a potential\nsystem crash due to a NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38648",
"url": "https://www.suse.com/security/cve/CVE-2025-38648"
},
{
"category": "external",
"summary": "SUSE Bug 1248624 for CVE-2025-38648",
"url": "https://bugzilla.suse.com/1248624"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38648"
},
{
"cve": "CVE-2025-38656",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38656"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start()\n\nPreserve the error code if iwl_setup_deferred_work() fails. The current\ncode returns ERR_PTR(0) (which is NULL) on this path. I believe the\nmissing error code potentially leads to a use after free involving\ndebugfs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38656",
"url": "https://www.suse.com/security/cve/CVE-2025-38656"
},
{
"category": "external",
"summary": "SUSE Bug 1248643 for CVE-2025-38656",
"url": "https://bugzilla.suse.com/1248643"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38656"
},
{
"cve": "CVE-2025-38658",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38658"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: pci-epf: Do not complete commands twice if nvmet_req_init() fails\n\nHave nvmet_req_init() and req-\u003eexecute() complete failed commands.\n\nDescription of the problem:\nnvmet_req_init() calls __nvmet_req_complete() internally upon failure,\ne.g., unsupported opcode, which calls the \"queue_response\" callback,\nthis results in nvmet_pci_epf_queue_response() being called, which will\ncall nvmet_pci_epf_complete_iod() if data_len is 0 or if dma_dir is\ndifferent from DMA_TO_DEVICE. This results in a double completion as\nnvmet_pci_epf_exec_iod_work() also calls nvmet_pci_epf_complete_iod()\nwhen nvmet_req_init() fails.\n\nSteps to reproduce:\nOn the host send a command with an unsupported opcode with nvme-cli,\nFor example the admin command \"security receive\"\n$ sudo nvme security-recv /dev/nvme0n1 -n1 -x4096\n\nThis triggers a double completion as nvmet_req_init() fails and\nnvmet_pci_epf_queue_response() is called, here iod-\u003edma_dir is still\nin the default state of \"DMA_NONE\" as set by default in\nnvmet_pci_epf_alloc_iod(), so nvmet_pci_epf_complete_iod() is called.\nBecause nvmet_req_init() failed nvmet_pci_epf_complete_iod() is also\ncalled in nvmet_pci_epf_exec_iod_work() leading to a double completion.\nThis not only sends two completions to the host but also corrupts the\nstate of the PCI NVMe target leading to kernel oops.\n\nThis patch lets nvmet_req_init() and req-\u003eexecute() complete all failed\ncommands, and removes the double completion case in\nnvmet_pci_epf_exec_iod_work() therefore fixing the edge cases where\ndouble completions occurred.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38658",
"url": "https://www.suse.com/security/cve/CVE-2025-38658"
},
{
"category": "external",
"summary": "SUSE Bug 1248627 for CVE-2025-38658",
"url": "https://bugzilla.suse.com/1248627"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38658"
},
{
"cve": "CVE-2025-38659",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38659"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: No more self recovery\n\nWhen a node withdraws and it turns out that it is the only node that has\nthe filesystem mounted, gfs2 currently tries to replay the local journal\nto bring the filesystem back into a consistent state. Not only is that\na very bad idea, it has also never worked because gfs2_recover_func()\nwill refuse to do anything during a withdraw.\n\nHowever, before even getting to this point, gfs2_recover_func()\ndereferences sdp-\u003esd_jdesc-\u003ejd_inode. This was a use-after-free before\ncommit 04133b607a78 (\"gfs2: Prevent double iput for journal on error\")\nand is a NULL pointer dereference since then.\n\nSimply get rid of self recovery to fix that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38659",
"url": "https://www.suse.com/security/cve/CVE-2025-38659"
},
{
"category": "external",
"summary": "SUSE Bug 1248639 for CVE-2025-38659",
"url": "https://bugzilla.suse.com/1248639"
},
{
"category": "external",
"summary": "SUSE Bug 1248759 for CVE-2025-38659",
"url": "https://bugzilla.suse.com/1248759"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38659"
},
{
"cve": "CVE-2025-38660",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38660"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\n[ceph] parse_longname(): strrchr() expects NUL-terminated string\n\n... and parse_longname() is not guaranteed that. That\u0027s the reason\nwhy it uses kmemdup_nul() to build the argument for kstrtou64();\nthe problem is, kstrtou64() is not the only thing that need it.\n\nJust get a NUL-terminated copy of the entire thing and be done\nwith that...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38660",
"url": "https://www.suse.com/security/cve/CVE-2025-38660"
},
{
"category": "external",
"summary": "SUSE Bug 1248634 for CVE-2025-38660",
"url": "https://bugzilla.suse.com/1248634"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38660"
},
{
"cve": "CVE-2025-38662",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38662"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mediatek: mt8365-dai-i2s: pass correct size to mt8365_dai_set_priv\n\nGiven mt8365_dai_set_priv allocate priv_size space to copy priv_data which\nmeans we should pass mt8365_i2s_priv[i] or \"struct mtk_afe_i2s_priv\"\ninstead of afe_priv which has the size of \"struct mt8365_afe_private\".\n\nOtherwise the KASAN complains about.\n\n[ 59.389765] BUG: KASAN: global-out-of-bounds in mt8365_dai_set_priv+0xc8/0x168 [snd_soc_mt8365_pcm]\n...\n[ 59.394789] Call trace:\n[ 59.395167] dump_backtrace+0xa0/0x128\n[ 59.395733] show_stack+0x20/0x38\n[ 59.396238] dump_stack_lvl+0xe8/0x148\n[ 59.396806] print_report+0x37c/0x5e0\n[ 59.397358] kasan_report+0xac/0xf8\n[ 59.397885] kasan_check_range+0xe8/0x190\n[ 59.398485] asan_memcpy+0x3c/0x98\n[ 59.399022] mt8365_dai_set_priv+0xc8/0x168 [snd_soc_mt8365_pcm]\n[ 59.399928] mt8365_dai_i2s_register+0x1e8/0x2b0 [snd_soc_mt8365_pcm]\n[ 59.400893] mt8365_afe_pcm_dev_probe+0x4d0/0xdf0 [snd_soc_mt8365_pcm]\n[ 59.401873] platform_probe+0xcc/0x228\n[ 59.402442] really_probe+0x340/0x9e8\n[ 59.402992] driver_probe_device+0x16c/0x3f8\n[ 59.403638] driver_probe_device+0x64/0x1d8\n[ 59.404256] driver_attach+0x1dc/0x4c8\n[ 59.404840] bus_for_each_dev+0x100/0x190\n[ 59.405442] driver_attach+0x44/0x68\n[ 59.405980] bus_add_driver+0x23c/0x500\n[ 59.406550] driver_register+0xf8/0x3d0\n[ 59.407122] platform_driver_register+0x68/0x98\n[ 59.407810] mt8365_afe_pcm_driver_init+0x2c/0xff8 [snd_soc_mt8365_pcm]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38662",
"url": "https://www.suse.com/security/cve/CVE-2025-38662"
},
{
"category": "external",
"summary": "SUSE Bug 1248635 for CVE-2025-38662",
"url": "https://bugzilla.suse.com/1248635"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38662"
},
{
"cve": "CVE-2025-38664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38664"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix a null pointer dereference in ice_copy_and_init_pkg()\n\nAdd check for the return value of devm_kmemdup()\nto prevent potential null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38664",
"url": "https://www.suse.com/security/cve/CVE-2025-38664"
},
{
"category": "external",
"summary": "SUSE Bug 1248628 for CVE-2025-38664",
"url": "https://bugzilla.suse.com/1248628"
},
{
"category": "external",
"summary": "SUSE Bug 1248631 for CVE-2025-38664",
"url": "https://bugzilla.suse.com/1248631"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38664"
},
{
"cve": "CVE-2025-38665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38665"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode\n\nAndrei Lalaev reported a NULL pointer deref when a CAN device is\nrestarted from Bus Off and the driver does not implement the struct\ncan_priv::do_set_mode callback.\n\nThere are 2 code path that call struct can_priv::do_set_mode:\n- directly by a manual restart from the user space, via\n can_changelink()\n- delayed automatic restart after bus off (deactivated by default)\n\nTo prevent the NULL pointer deference, refuse a manual restart or\nconfigure the automatic restart delay in can_changelink() and report\nthe error via extack to user space.\n\nAs an additional safety measure let can_restart() return an error if\ncan_priv::do_set_mode is not set instead of dereferencing it\nunchecked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38665",
"url": "https://www.suse.com/security/cve/CVE-2025-38665"
},
{
"category": "external",
"summary": "SUSE Bug 1248648 for CVE-2025-38665",
"url": "https://bugzilla.suse.com/1248648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38665"
},
{
"cve": "CVE-2025-38668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38668"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: core: fix NULL dereference on unbind due to stale coupling data\n\nFailing to reset coupling_desc.n_coupled after freeing coupled_rdevs can\nlead to NULL pointer dereference when regulators are accessed post-unbind.\n\nThis can happen during runtime PM or other regulator operations that rely\non coupling metadata.\n\nFor example, on ridesx4, unbinding the \u0027reg-dummy\u0027 platform device triggers\na panic in regulator_lock_recursive() due to stale coupling state.\n\nEnsure n_coupled is set to 0 to prevent access to invalid pointers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38668",
"url": "https://www.suse.com/security/cve/CVE-2025-38668"
},
{
"category": "external",
"summary": "SUSE Bug 1248647 for CVE-2025-38668",
"url": "https://bugzilla.suse.com/1248647"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38668"
},
{
"cve": "CVE-2025-38670",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38670"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack()\n\n`cpu_switch_to()` and `call_on_irq_stack()` manipulate SP to change\nto different stacks along with the Shadow Call Stack if it is enabled.\nThose two stack changes cannot be done atomically and both functions\ncan be interrupted by SErrors or Debug Exceptions which, though unlikely,\nis very much broken : if interrupted, we can end up with mismatched stacks\nand Shadow Call Stack leading to clobbered stacks.\n\nIn `cpu_switch_to()`, it can happen when SP_EL0 points to the new task,\nbut x18 stills points to the old task\u0027s SCS. When the interrupt handler\ntries to save the task\u0027s SCS pointer, it will save the old task\nSCS pointer (x18) into the new task struct (pointed to by SP_EL0),\nclobbering it.\n\nIn `call_on_irq_stack()`, it can happen when switching from the task stack\nto the IRQ stack and when switching back. In both cases, we can be\ninterrupted when the SCS pointer points to the IRQ SCS, but SP points to\nthe task stack. The nested interrupt handler pushes its return addresses\non the IRQ SCS. It then detects that SP points to the task stack,\ncalls `call_on_irq_stack()` and clobbers the task SCS pointer with\nthe IRQ SCS pointer, which it will also use !\n\nThis leads to tasks returning to addresses on the wrong SCS,\nor even on the IRQ SCS, triggering kernel panics via CONFIG_VMAP_STACK\nor FPAC if enabled.\n\nThis is possible on a default config, but unlikely.\nHowever, when enabling CONFIG_ARM64_PSEUDO_NMI, DAIF is unmasked and\ninstead the GIC is responsible for filtering what interrupts the CPU\nshould receive based on priority.\nGiven the goal of emulating NMIs, pseudo-NMIs can be received by the CPU\neven in `cpu_switch_to()` and `call_on_irq_stack()`, possibly *very*\nfrequently depending on the system configuration and workload, leading\nto unpredictable kernel panics.\n\nCompletely mask DAIF in `cpu_switch_to()` and restore it when returning.\nDo the same in `call_on_irq_stack()`, but restore and mask around\nthe branch.\nMask DAIF even if CONFIG_SHADOW_CALL_STACK is not enabled for consistency\nof behaviour between all configurations.\n\nIntroduce and use an assembly macro for saving and masking DAIF,\nas the existing one saves but only masks IF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38670",
"url": "https://www.suse.com/security/cve/CVE-2025-38670"
},
{
"category": "external",
"summary": "SUSE Bug 1248655 for CVE-2025-38670",
"url": "https://bugzilla.suse.com/1248655"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38670"
},
{
"cve": "CVE-2025-38671",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38671"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: qup: jump out of the loop in case of timeout\n\nOriginal logic only sets the return value but doesn\u0027t jump out of the\nloop if the bus is kept active by a client. This is not expected. A\nmalicious or buggy i2c client can hang the kernel in this case and\nshould be avoided. This is observed during a long time test with a\nPCA953x GPIO extender.\n\nFix it by changing the logic to not only sets the return value, but also\njumps out of the loop and return to the caller with -ETIMEDOUT.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38671",
"url": "https://www.suse.com/security/cve/CVE-2025-38671"
},
{
"category": "external",
"summary": "SUSE Bug 1248652 for CVE-2025-38671",
"url": "https://bugzilla.suse.com/1248652"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38671"
},
{
"cve": "CVE-2025-38676",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38676"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/amd: Avoid stack buffer overflow from kernel cmdline\n\nWhile the kernel command line is considered trusted in most environments,\navoid writing 1 byte past the end of \"acpiid\" if the \"str\" argument is\nmaximum length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38676",
"url": "https://www.suse.com/security/cve/CVE-2025-38676"
},
{
"category": "external",
"summary": "SUSE Bug 1248775 for CVE-2025-38676",
"url": "https://bugzilla.suse.com/1248775"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38676"
},
{
"cve": "CVE-2025-38678",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38678"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: reject duplicate device on updates\n\nA chain/flowtable update with duplicated devices in the same batch is\npossible. Unfortunately, netdev event path only removes the first\ndevice that is found, leaving unregistered the hook of the duplicated\ndevice.\n\nCheck if a duplicated device exists in the transaction batch, bail out\nwith EEXIST in such case.\n\nWARNING is hit when unregistering the hook:\n\n [49042.221275] WARNING: CPU: 4 PID: 8425 at net/netfilter/core.c:340 nf_hook_entry_head+0xaa/0x150\n [49042.221375] CPU: 4 UID: 0 PID: 8425 Comm: nft Tainted: G S 6.16.0+ #170 PREEMPT(full)\n [...]\n [49042.221382] RIP: 0010:nf_hook_entry_head+0xaa/0x150",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38678",
"url": "https://www.suse.com/security/cve/CVE-2025-38678"
},
{
"category": "external",
"summary": "SUSE Bug 1249126 for CVE-2025-38678",
"url": "https://bugzilla.suse.com/1249126"
},
{
"category": "external",
"summary": "SUSE Bug 1249534 for CVE-2025-38678",
"url": "https://bugzilla.suse.com/1249534"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38678"
},
{
"cve": "CVE-2025-38679",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38679"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: Fix OOB read due to missing payload bound check\n\nCurrently, The event_seq_changed() handler processes a variable number\nof properties sent by the firmware. The number of properties is indicated\nby the firmware and used to iterate over the payload. However, the\npayload size is not being validated against the actual message length.\n\nThis can lead to out-of-bounds memory access if the firmware provides a\nproperty count that exceeds the data available in the payload. Such a\ncondition can result in kernel crashes or potential information leaks if\nmemory beyond the buffer is accessed.\n\nFix this by properly validating the remaining size of the payload before\neach property access and updating bounds accordingly as properties are\nparsed.\n\nThis ensures that property parsing is safely bounded within the received\nmessage buffer and protects against malformed or malicious firmware\nbehavior.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38679",
"url": "https://www.suse.com/security/cve/CVE-2025-38679"
},
{
"category": "external",
"summary": "SUSE Bug 1249202 for CVE-2025-38679",
"url": "https://bugzilla.suse.com/1249202"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38679"
},
{
"cve": "CVE-2025-38680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38680"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format()\n\nThe buffer length check before calling uvc_parse_format() only ensured\nthat the buffer has at least 3 bytes (buflen \u003e 2), buf the function\naccesses buffer[3], requiring at least 4 bytes.\n\nThis can lead to an out-of-bounds read if the buffer has exactly 3 bytes.\n\nFix it by checking that the buffer has at least 4 bytes in\nuvc_parse_format().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38680",
"url": "https://www.suse.com/security/cve/CVE-2025-38680"
},
{
"category": "external",
"summary": "SUSE Bug 1249203 for CVE-2025-38680",
"url": "https://bugzilla.suse.com/1249203"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38680"
},
{
"cve": "CVE-2025-38681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38681"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd()\n\nMemory hot remove unmaps and tears down various kernel page table regions\nas required. The ptdump code can race with concurrent modifications of\nthe kernel page tables. When leaf entries are modified concurrently, the\ndump code may log stale or inconsistent information for a VA range, but\nthis is otherwise not harmful.\n\nBut when intermediate levels of kernel page table are freed, the dump code\nwill continue to use memory that has been freed and potentially\nreallocated for another purpose. In such cases, the ptdump code may\ndereference bogus addresses, leading to a number of potential problems.\n\nTo avoid the above mentioned race condition, platforms such as arm64,\nriscv and s390 take memory hotplug lock, while dumping kernel page table\nvia the sysfs interface /sys/kernel/debug/kernel_page_tables.\n\nSimilar race condition exists while checking for pages that might have\nbeen marked W+X via /sys/kernel/debug/kernel_page_tables/check_wx_pages\nwhich in turn calls ptdump_check_wx(). Instead of solving this race\ncondition again, let\u0027s just move the memory hotplug lock inside generic\nptdump_check_wx() which will benefit both the scenarios.\n\nDrop get_online_mems() and put_online_mems() combination from all existing\nplatform ptdump code paths.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38681",
"url": "https://www.suse.com/security/cve/CVE-2025-38681"
},
{
"category": "external",
"summary": "SUSE Bug 1249204 for CVE-2025-38681",
"url": "https://bugzilla.suse.com/1249204"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38681"
},
{
"cve": "CVE-2025-38683",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38683"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhv_netvsc: Fix panic during namespace deletion with VF\n\nThe existing code move the VF NIC to new namespace when NETDEV_REGISTER is\nreceived on netvsc NIC. During deletion of the namespace,\ndefault_device_exit_batch() \u003e\u003e default_device_exit_net() is called. When\nnetvsc NIC is moved back and registered to the default namespace, it\nautomatically brings VF NIC back to the default namespace. This will cause\nthe default_device_exit_net() \u003e\u003e for_each_netdev_safe loop unable to detect\nthe list end, and hit NULL ptr:\n\n[ 231.449420] mana 7870:00:00.0 enP30832s1: Moved VF to namespace with: eth0\n[ 231.449656] BUG: kernel NULL pointer dereference, address: 0000000000000010\n[ 231.450246] #PF: supervisor read access in kernel mode\n[ 231.450579] #PF: error_code(0x0000) - not-present page\n[ 231.450916] PGD 17b8a8067 P4D 0\n[ 231.451163] Oops: Oops: 0000 [#1] SMP NOPTI\n[ 231.451450] CPU: 82 UID: 0 PID: 1394 Comm: kworker/u768:1 Not tainted 6.16.0-rc4+ #3 VOLUNTARY\n[ 231.452042] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 11/21/2024\n[ 231.452692] Workqueue: netns cleanup_net\n[ 231.452947] RIP: 0010:default_device_exit_batch+0x16c/0x3f0\n[ 231.453326] Code: c0 0c f5 b3 e8 d5 db fe ff 48 85 c0 74 15 48 c7 c2 f8 fd ca b2 be 10 00 00 00 48 8d 7d c0 e8 7b 77 25 00 49 8b 86 28 01 00 00 \u003c48\u003e 8b 50 10 4c 8b 2a 4c 8d 62 f0 49 83 ed 10 4c 39 e0 0f 84 d6 00\n[ 231.454294] RSP: 0018:ff75fc7c9bf9fd00 EFLAGS: 00010246\n[ 231.454610] RAX: 0000000000000000 RBX: 0000000000000002 RCX: 61c8864680b583eb\n[ 231.455094] RDX: ff1fa9f71462d800 RSI: ff75fc7c9bf9fd38 RDI: 0000000030766564\n[ 231.455686] RBP: ff75fc7c9bf9fd78 R08: 0000000000000000 R09: 0000000000000000\n[ 231.456126] R10: 0000000000000001 R11: 0000000000000004 R12: ff1fa9f70088e340\n[ 231.456621] R13: ff1fa9f70088e340 R14: ffffffffb3f50c20 R15: ff1fa9f7103e6340\n[ 231.457161] FS: 0000000000000000(0000) GS:ff1faa6783a08000(0000) knlGS:0000000000000000\n[ 231.457707] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 231.458031] CR2: 0000000000000010 CR3: 0000000179ab2006 CR4: 0000000000b73ef0\n[ 231.458434] Call Trace:\n[ 231.458600] \u003cTASK\u003e\n[ 231.458777] ops_undo_list+0x100/0x220\n[ 231.459015] cleanup_net+0x1b8/0x300\n[ 231.459285] process_one_work+0x184/0x340\n\nTo fix it, move the ns change to a workqueue, and take rtnl_lock to avoid\nchanging the netdev list when default_device_exit_net() is using it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38683",
"url": "https://www.suse.com/security/cve/CVE-2025-38683"
},
{
"category": "external",
"summary": "SUSE Bug 1249159 for CVE-2025-38683",
"url": "https://bugzilla.suse.com/1249159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38683"
},
{
"cve": "CVE-2025-38684",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38684"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: ets: use old \u0027nbands\u0027 while purging unused classes\n\nShuang reported sch_ets test-case [1] crashing in ets_class_qlen_notify()\nafter recent changes from Lion [2]. The problem is: in ets_qdisc_change()\nwe purge unused DWRR queues; the value of \u0027q-\u003enbands\u0027 is the new one, and\nthe cleanup should be done with the old one. The problem is here since my\nfirst attempts to fix ets_qdisc_change(), but it surfaced again after the\nrecent qdisc len accounting fixes. Fix it purging idle DWRR queues before\nassigning a new value of \u0027q-\u003enbands\u0027, so that all purge operations find a\nconsistent configuration:\n\n - old \u0027q-\u003enbands\u0027 because it\u0027s needed by ets_class_find()\n - old \u0027q-\u003enstrict\u0027 because it\u0027s needed by ets_class_is_strict()\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0000 [#1] SMP NOPTI\n CPU: 62 UID: 0 PID: 39457 Comm: tc Kdump: loaded Not tainted 6.12.0-116.el10.x86_64 #1 PREEMPT(voluntary)\n Hardware name: Dell Inc. PowerEdge R640/06DKY5, BIOS 2.12.2 07/09/2021\n RIP: 0010:__list_del_entry_valid_or_report+0x4/0x80\n Code: ff 4c 39 c7 0f 84 39 19 8e ff b8 01 00 00 00 c3 cc cc cc cc 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa \u003c48\u003e 8b 17 48 8b 4f 08 48 85 d2 0f 84 56 19 8e ff 48 85 c9 0f 84 ab\n RSP: 0018:ffffba186009f400 EFLAGS: 00010202\n RAX: 00000000000000d6 RBX: 0000000000000000 RCX: 0000000000000004\n RDX: ffff9f0fa29b69c0 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffffffffc12c2400 R08: 0000000000000008 R09: 0000000000000004\n R10: ffffffffffffffff R11: 0000000000000004 R12: 0000000000000000\n R13: ffff9f0f8cfe0000 R14: 0000000000100005 R15: 0000000000000000\n FS: 00007f2154f37480(0000) GS:ffff9f269c1c0000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 00000001530be001 CR4: 00000000007726f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ets_class_qlen_notify+0x65/0x90 [sch_ets]\n qdisc_tree_reduce_backlog+0x74/0x110\n ets_qdisc_change+0x630/0xa40 [sch_ets]\n __tc_modify_qdisc.constprop.0+0x216/0x7f0\n tc_modify_qdisc+0x7c/0x120\n rtnetlink_rcv_msg+0x145/0x3f0\n netlink_rcv_skb+0x53/0x100\n netlink_unicast+0x245/0x390\n netlink_sendmsg+0x21b/0x470\n ____sys_sendmsg+0x39d/0x3d0\n ___sys_sendmsg+0x9a/0xe0\n __sys_sendmsg+0x7a/0xd0\n do_syscall_64+0x7d/0x160\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n RIP: 0033:0x7f2155114084\n Code: 89 02 b8 ff ff ff ff eb bb 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 80 3d 25 f0 0c 00 00 74 13 b8 2e 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 54 c3 0f 1f 00 48 83 ec 28 89 54 24 1c 48 89\n RSP: 002b:00007fff1fd7a988 EFLAGS: 00000202 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 0000560ec063e5e0 RCX: 00007f2155114084\n RDX: 0000000000000000 RSI: 00007fff1fd7a9f0 RDI: 0000000000000003\n RBP: 00007fff1fd7aa60 R08: 0000000000000010 R09: 000000000000003f\n R10: 0000560ee9b3a010 R11: 0000000000000202 R12: 00007fff1fd7aae0\n R13: 000000006891ccde R14: 0000560ec063e5e0 R15: 00007fff1fd7aad0\n \u003c/TASK\u003e\n\n [1] https://lore.kernel.org/netdev/e08c7f4a6882f260011909a868311c6e9b54f3e4.1639153474.git.dcaratti@redhat.com/\n [2] https://lore.kernel.org/netdev/d912cbd7-193b-4269-9857-525bee8bbb6a@gmail.com/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38684",
"url": "https://www.suse.com/security/cve/CVE-2025-38684"
},
{
"category": "external",
"summary": "SUSE Bug 1249156 for CVE-2025-38684",
"url": "https://bugzilla.suse.com/1249156"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38684"
},
{
"cve": "CVE-2025-38685",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38685"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: Fix vmalloc out-of-bounds write in fast_imageblit\n\nThis issue triggers when a userspace program does an ioctl\nFBIOPUT_CON2FBMAP by passing console number and frame buffer number.\nIdeally this maps console to frame buffer and updates the screen if\nconsole is visible.\n\nAs part of mapping it has to do resize of console according to frame\nbuffer info. if this resize fails and returns from vc_do_resize() and\ncontinues further. At this point console and new frame buffer are mapped\nand sets display vars. Despite failure still it continue to proceed\nupdating the screen at later stages where vc_data is related to previous\nframe buffer and frame buffer info and display vars are mapped to new\nframe buffer and eventully leading to out-of-bounds write in\nfast_imageblit(). This bheviour is excepted only when fg_console is\nequal to requested console which is a visible console and updates screen\nwith invalid struct references in fbcon_putcs().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38685",
"url": "https://www.suse.com/security/cve/CVE-2025-38685"
},
{
"category": "external",
"summary": "SUSE Bug 1249220 for CVE-2025-38685",
"url": "https://bugzilla.suse.com/1249220"
},
{
"category": "external",
"summary": "SUSE Bug 1249240 for CVE-2025-38685",
"url": "https://bugzilla.suse.com/1249240"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38685"
},
{
"cve": "CVE-2025-38686",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38686"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nuserfaultfd: fix a crash in UFFDIO_MOVE when PMD is a migration entry\n\nWhen UFFDIO_MOVE encounters a migration PMD entry, it proceeds with\nobtaining a folio and accessing it even though the entry is swp_entry_t. \nAdd the missing check and let split_huge_pmd() handle migration entries. \nWhile at it also remove unnecessary folio check.\n\n[surenb@google.com: remove extra folio check, per David]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38686",
"url": "https://www.suse.com/security/cve/CVE-2025-38686"
},
{
"category": "external",
"summary": "SUSE Bug 1249160 for CVE-2025-38686",
"url": "https://bugzilla.suse.com/1249160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38686"
},
{
"cve": "CVE-2025-38687",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38687"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: fix race between polling and detaching\n\nsyzbot reports a use-after-free in comedi in the below link, which is\ndue to comedi gladly removing the allocated async area even though poll\nrequests are still active on the wait_queue_head inside of it. This can\ncause a use-after-free when the poll entries are later triggered or\nremoved, as the memory for the wait_queue_head has been freed. We need\nto check there are no tasks queued on any of the subdevices\u0027 wait queues\nbefore allowing the device to be detached by the `COMEDI_DEVCONFIG`\nioctl.\n\nTasks will read-lock `dev-\u003eattach_lock` before adding themselves to the\nsubdevice wait queue, so fix the problem in the `COMEDI_DEVCONFIG` ioctl\nhandler by write-locking `dev-\u003eattach_lock` before checking that all of\nthe subdevices are safe to be deleted. This includes testing for any\nsleepers on the subdevices\u0027 wait queues. It remains locked until the\ndevice has been detached. This requires the `comedi_device_detach()`\nfunction to be refactored slightly, moving the bulk of it into new\nfunction `comedi_device_detach_locked()`.\n\nNote that the refactor of `comedi_device_detach()` results in\n`comedi_device_cancel_all()` now being called while `dev-\u003eattach_lock`\nis write-locked, which wasn\u0027t the case previously, but that does not\nmatter.\n\nThanks to Jens Axboe for diagnosing the problem and co-developing this\npatch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38687",
"url": "https://www.suse.com/security/cve/CVE-2025-38687"
},
{
"category": "external",
"summary": "SUSE Bug 1249177 for CVE-2025-38687",
"url": "https://bugzilla.suse.com/1249177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38687"
},
{
"cve": "CVE-2025-38691",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38691"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npNFS: Fix uninited ptr deref in block/scsi layout\n\nThe error occurs on the third attempt to encode extents. When function\next_tree_prepare_commit() reallocates a larger buffer to retry encoding\nextents, the \"layoutupdate_pages\" page array is initialized only after the\nretry loop. But ext_tree_free_commitdata() is called on every iteration\nand tries to put pages in the array, thus dereferencing uninitialized\npointers.\n\nAn additional problem is that there is no limit on the maximum possible\nbuffer_size. When there are too many extents, the client may create a\nlayoutcommit that is larger than the maximum possible RPC size accepted\nby the server.\n\nDuring testing, we observed two typical scenarios. First, one memory page\nfor extents is enough when we work with small files, append data to the\nend of the file, or preallocate extents before writing. But when we fill\na new large file without preallocating, the number of extents can be huge,\nand counting the number of written extents in ext_tree_encode_commit()\ndoes not help much. Since this number increases even more between\nunlocking and locking of ext_tree, the reallocated buffer may not be\nlarge enough again and again.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38691",
"url": "https://www.suse.com/security/cve/CVE-2025-38691"
},
{
"category": "external",
"summary": "SUSE Bug 1249215 for CVE-2025-38691",
"url": "https://bugzilla.suse.com/1249215"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38691"
},
{
"cve": "CVE-2025-38692",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38692"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: add cluster chain loop check for dir\n\nAn infinite loop may occur if the following conditions occur due to\nfile system corruption.\n\n(1) Condition for exfat_count_dir_entries() to loop infinitely.\n - The cluster chain includes a loop.\n - There is no UNUSED entry in the cluster chain.\n\n(2) Condition for exfat_create_upcase_table() to loop infinitely.\n - The cluster chain of the root directory includes a loop.\n - There are no UNUSED entry and up-case table entry in the cluster\n chain of the root directory.\n\n(3) Condition for exfat_load_bitmap() to loop infinitely.\n - The cluster chain of the root directory includes a loop.\n - There are no UNUSED entry and bitmap entry in the cluster chain\n of the root directory.\n\n(4) Condition for exfat_find_dir_entry() to loop infinitely.\n - The cluster chain includes a loop.\n - The unused directory entries were exhausted by some operation.\n\n(5) Condition for exfat_check_dir_empty() to loop infinitely.\n - The cluster chain includes a loop.\n - The unused directory entries were exhausted by some operation.\n - All files and sub-directories under the directory are deleted.\n\nThis commit adds checks to break the above infinite loop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38692",
"url": "https://www.suse.com/security/cve/CVE-2025-38692"
},
{
"category": "external",
"summary": "SUSE Bug 1249221 for CVE-2025-38692",
"url": "https://bugzilla.suse.com/1249221"
},
{
"category": "external",
"summary": "SUSE Bug 1249239 for CVE-2025-38692",
"url": "https://bugzilla.suse.com/1249239"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38692"
},
{
"cve": "CVE-2025-38693",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38693"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar\n\nIn w7090p_tuner_write_serpar, msg is controlled by user. When msg[0].buf is null and msg[0].len is zero, former checks on msg[0].buf would be passed. If accessing msg[0].buf[2] without sanity check, null pointer deref would happen. We add\ncheck on msg[0].len to prevent crash.\n\nSimilar commit: commit 0ed554fd769a (\"media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()\")",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38693",
"url": "https://www.suse.com/security/cve/CVE-2025-38693"
},
{
"category": "external",
"summary": "SUSE Bug 1249190 for CVE-2025-38693",
"url": "https://bugzilla.suse.com/1249190"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38693"
},
{
"cve": "CVE-2025-38694",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38694"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb()\n\nIn dib7090p_rw_on_apb, msg is controlled by user. When msg[0].buf is null and\nmsg[0].len is zero, former checks on msg[0].buf would be passed. If accessing\nmsg[0].buf[2] without sanity check, null pointer deref would happen. We add\ncheck on msg[0].len to prevent crash. Similar issue occurs when access\nmsg[1].buf[0] and msg[1].buf[1].\n\nSimilar commit: commit 0ed554fd769a (\"media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()\")",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38694",
"url": "https://www.suse.com/security/cve/CVE-2025-38694"
},
{
"category": "external",
"summary": "SUSE Bug 1249272 for CVE-2025-38694",
"url": "https://bugzilla.suse.com/1249272"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38694"
},
{
"cve": "CVE-2025-38695",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38695"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure\n\nIf a call to lpfc_sli4_read_rev() from lpfc_sli4_hba_setup() fails, the\nresultant cleanup routine lpfc_sli4_vport_delete_fcp_xri_aborted() may\noccur before sli4_hba.hdwqs are allocated. This may result in a null\npointer dereference when attempting to take the abts_io_buf_list_lock for\nthe first hardware queue. Fix by adding a null ptr check on\nphba-\u003esli4_hba.hdwq and early return because this situation means there\nmust have been an error during port initialization.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38695",
"url": "https://www.suse.com/security/cve/CVE-2025-38695"
},
{
"category": "external",
"summary": "SUSE Bug 1249285 for CVE-2025-38695",
"url": "https://bugzilla.suse.com/1249285"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38695"
},
{
"cve": "CVE-2025-38700",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38700"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: libiscsi: Initialize iscsi_conn-\u003edd_data only if memory is allocated\n\nIn case of an ib_fast_reg_mr allocation failure during iSER setup, the\nmachine hits a panic because iscsi_conn-\u003edd_data is initialized\nunconditionally, even when no memory is allocated (dd_size == 0). This\nleads invalid pointer dereference during connection teardown.\n\nFix by setting iscsi_conn-\u003edd_data only if memory is actually allocated.\n\nPanic trace:\n------------\n iser: iser_create_fastreg_desc: Failed to allocate ib_fast_reg_mr err=-12\n iser: iser_alloc_rx_descriptors: failed allocating rx descriptors / data buffers\n BUG: unable to handle page fault for address: fffffffffffffff8\n RIP: 0010:swake_up_locked.part.5+0xa/0x40\n Call Trace:\n complete+0x31/0x40\n iscsi_iser_conn_stop+0x88/0xb0 [ib_iser]\n iscsi_stop_conn+0x66/0xc0 [scsi_transport_iscsi]\n iscsi_if_stop_conn+0x14a/0x150 [scsi_transport_iscsi]\n iscsi_if_rx+0x1135/0x1834 [scsi_transport_iscsi]\n ? netlink_lookup+0x12f/0x1b0\n ? netlink_deliver_tap+0x2c/0x200\n netlink_unicast+0x1ab/0x280\n netlink_sendmsg+0x257/0x4f0\n ? _copy_from_user+0x29/0x60\n sock_sendmsg+0x5f/0x70",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38700",
"url": "https://www.suse.com/security/cve/CVE-2025-38700"
},
{
"category": "external",
"summary": "SUSE Bug 1249182 for CVE-2025-38700",
"url": "https://bugzilla.suse.com/1249182"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38700"
},
{
"cve": "CVE-2025-38701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38701"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: do not BUG when INLINE_DATA_FL lacks system.data xattr\n\nA syzbot fuzzed image triggered a BUG_ON in ext4_update_inline_data()\nwhen an inode had the INLINE_DATA_FL flag set but was missing the\nsystem.data extended attribute.\n\nSince this can happen due to a maiciouly fuzzed file system, we\nshouldn\u0027t BUG, but rather, report it as a corrupted file system.\n\nAdd similar replacements of BUG_ON with EXT4_ERROR_INODE() ii\next4_create_inline_data() and ext4_inline_data_truncate().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38701",
"url": "https://www.suse.com/security/cve/CVE-2025-38701"
},
{
"category": "external",
"summary": "SUSE Bug 1249258 for CVE-2025-38701",
"url": "https://bugzilla.suse.com/1249258"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38701"
},
{
"cve": "CVE-2025-38702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38702"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: fix potential buffer overflow in do_register_framebuffer()\n\nThe current implementation may lead to buffer overflow when:\n1. Unregistration creates NULL gaps in registered_fb[]\n2. All array slots become occupied despite num_registered_fb \u003c FB_MAX\n3. The registration loop exceeds array bounds\n\nAdd boundary check to prevent registered_fb[FB_MAX] access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38702",
"url": "https://www.suse.com/security/cve/CVE-2025-38702"
},
{
"category": "external",
"summary": "SUSE Bug 1249254 for CVE-2025-38702",
"url": "https://bugzilla.suse.com/1249254"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38702"
},
{
"cve": "CVE-2025-38703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38703"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Make dma-fences compliant with the safe access rules\n\nXe can free some of the data pointed to by the dma-fences it exports. Most\nnotably the timeline name can get freed if userspace closes the associated\nsubmit queue. At the same time the fence could have been exported to a\nthird party (for example a sync_fence fd) which will then cause an use-\nafter-free on subsequent access.\n\nTo make this safe we need to make the driver compliant with the newly\ndocumented dma-fence rules. Driver has to ensure a RCU grace period\nbetween signalling a fence and freeing any data pointed to by said fence.\n\nFor the timeline name we simply make the queue be freed via kfree_rcu and\nfor the shared lock associated with multiple queues we add a RCU grace\nperiod before freeing the per GT structure holding the lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38703",
"url": "https://www.suse.com/security/cve/CVE-2025-38703"
},
{
"category": "external",
"summary": "SUSE Bug 1249193 for CVE-2025-38703",
"url": "https://bugzilla.suse.com/1249193"
},
{
"category": "external",
"summary": "SUSE Bug 1249763 for CVE-2025-38703",
"url": "https://bugzilla.suse.com/1249763"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38703"
},
{
"cve": "CVE-2025-38705",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38705"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: fix null pointer access\n\nWriting a string without delimiters (\u0027 \u0027, \u0027\\n\u0027, \u0027\\0\u0027) to the under\ngpu_od/fan_ctrl sysfs or pp_power_profile_mode for the CUSTOM profile\nwill result in a null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38705",
"url": "https://www.suse.com/security/cve/CVE-2025-38705"
},
{
"category": "external",
"summary": "SUSE Bug 1249334 for CVE-2025-38705",
"url": "https://bugzilla.suse.com/1249334"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38705"
},
{
"cve": "CVE-2025-38706",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38706"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime()\n\nsnd_soc_remove_pcm_runtime() might be called with rtd == NULL which will\nleads to null pointer dereference.\nThis was reproduced with topology loading and marking a link as ignore\ndue to missing hardware component on the system.\nOn module removal the soc_tplg_remove_link() would call\nsnd_soc_remove_pcm_runtime() with rtd == NULL since the link was ignored,\nno runtime was created.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38706",
"url": "https://www.suse.com/security/cve/CVE-2025-38706"
},
{
"category": "external",
"summary": "SUSE Bug 1249195 for CVE-2025-38706",
"url": "https://bugzilla.suse.com/1249195"
},
{
"category": "external",
"summary": "SUSE Bug 1250193 for CVE-2025-38706",
"url": "https://bugzilla.suse.com/1250193"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38706"
},
{
"cve": "CVE-2025-38709",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38709"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nloop: Avoid updating block size under exclusive owner\n\nSyzbot came up with a reproducer where a loop device block size is\nchanged underneath a mounted filesystem. This causes a mismatch between\nthe block device block size and the block size stored in the superblock\ncausing confusion in various places such as fs/buffer.c. The particular\nissue triggered by syzbot was a warning in __getblk_slow() due to\nrequested buffer size not matching block device block size.\n\nFix the problem by getting exclusive hold of the loop device to change\nits block size. This fails if somebody (such as filesystem) has already\nan exclusive ownership of the block device and thus prevents modifying\nthe loop device under some exclusive owner which doesn\u0027t expect it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38709",
"url": "https://www.suse.com/security/cve/CVE-2025-38709"
},
{
"category": "external",
"summary": "SUSE Bug 1249199 for CVE-2025-38709",
"url": "https://bugzilla.suse.com/1249199"
},
{
"category": "external",
"summary": "SUSE Bug 1249535 for CVE-2025-38709",
"url": "https://bugzilla.suse.com/1249535"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38709"
},
{
"cve": "CVE-2025-38710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38710"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Validate i_depth for exhash directories\n\nA fuzzer test introduced corruption that ends up with a depth of 0 in\ndir_e_read(), causing an undefined shift by 32 at:\n\n index = hash \u003e\u003e (32 - dip-\u003ei_depth);\n\nAs calculated in an open-coded way in dir_make_exhash(), the minimum\ndepth for an exhash directory is ilog2(sdp-\u003esd_hash_ptrs) and 0 is\ninvalid as sdp-\u003esd_hash_ptrs is fixed as sdp-\u003ebsize / 16 at mount time.\n\nSo we can avoid the undefined behaviour by checking for depth values\nlower than the minimum in gfs2_dinode_in(). Values greater than the\nmaximum are already being checked for there.\n\nAlso switch the calculation in dir_make_exhash() to use ilog2() to\nclarify how the depth is calculated.\n\nTested with the syzkaller repro.c and xfstests \u0027-g quick\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38710",
"url": "https://www.suse.com/security/cve/CVE-2025-38710"
},
{
"category": "external",
"summary": "SUSE Bug 1249201 for CVE-2025-38710",
"url": "https://bugzilla.suse.com/1249201"
},
{
"category": "external",
"summary": "SUSE Bug 1249536 for CVE-2025-38710",
"url": "https://bugzilla.suse.com/1249536"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-38710"
},
{
"cve": "CVE-2025-38717",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38717"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: kcm: Fix race condition in kcm_unattach()\n\nsyzbot found a race condition when kcm_unattach(psock)\nand kcm_release(kcm) are executed at the same time.\n\nkcm_unattach() is missing a check of the flag\nkcm-\u003etx_stopped before calling queue_work().\n\nIf the kcm has a reserved psock, kcm_unattach() might get executed\nbetween cancel_work_sync() and unreserve_psock() in kcm_release(),\nrequeuing kcm-\u003etx_work right before kcm gets freed in kcm_done().\n\nRemove kcm-\u003etx_stopped and replace it by the less\nerror-prone disable_work_sync().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38717",
"url": "https://www.suse.com/security/cve/CVE-2025-38717"
},
{
"category": "external",
"summary": "SUSE Bug 1249167 for CVE-2025-38717",
"url": "https://bugzilla.suse.com/1249167"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38717"
},
{
"cve": "CVE-2025-38721",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38721"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ctnetlink: fix refcount leak on table dump\n\nThere is a reference count leak in ctnetlink_dump_table():\n if (res \u003c 0) {\n nf_conntrack_get(\u0026ct-\u003ect_general); // HERE\n cb-\u003eargs[1] = (unsigned long)ct;\n ...\n\nWhile its very unlikely, its possible that ct == last.\nIf this happens, then the refcount of ct was already incremented.\nThis 2nd increment is never undone.\n\nThis prevents the conntrack object from being released, which in turn\nkeeps prevents cnet-\u003ecount from dropping back to 0.\n\nThis will then block the netns dismantle (or conntrack rmmod) as\nnf_conntrack_cleanup_net_list() will wait forever.\n\nThis can be reproduced by running conntrack_resize.sh selftest in a loop.\nIt takes ~20 minutes for me on a preemptible kernel on average before\nI see a runaway kworker spinning in nf_conntrack_cleanup_net_list.\n\nOne fix would to change this to:\n if (res \u003c 0) {\n\t\tif (ct != last)\n\t nf_conntrack_get(\u0026ct-\u003ect_general);\n\nBut this reference counting isn\u0027t needed in the first place.\nWe can just store a cookie value instead.\n\nA followup patch will do the same for ctnetlink_exp_dump_table,\nit looks to me as if this has the same problem and like\nctnetlink_dump_table, we only need a \u0027skip hint\u0027, not the actual\nobject so we can apply the same cookie strategy there as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38721",
"url": "https://www.suse.com/security/cve/CVE-2025-38721"
},
{
"category": "external",
"summary": "SUSE Bug 1249176 for CVE-2025-38721",
"url": "https://bugzilla.suse.com/1249176"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38721"
},
{
"cve": "CVE-2025-38722",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38722"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhabanalabs: fix UAF in export_dmabuf()\n\nAs soon as we\u0027d inserted a file reference into descriptor table, another\nthread could close it. That\u0027s fine for the case when all we are doing is\nreturning that descriptor to userland (it\u0027s a race, but it\u0027s a userland\nrace and there\u0027s nothing the kernel can do about it). However, if we\nfollow fd_install() with any kind of access to objects that would be\ndestroyed on close (be it the struct file itself or anything destroyed\nby its -\u003erelease()), we have a UAF.\n\ndma_buf_fd() is a combination of reserving a descriptor and fd_install().\nhabanalabs export_dmabuf() calls it and then proceeds to access the\nobjects destroyed on close. In particular, it grabs an extra reference to\nanother struct file that will be dropped as part of -\u003erelease() for ours;\nthat \"will be\" is actually \"might have already been\".\n\nFix that by reserving descriptor before anything else and do fd_install()\nonly when everything had been set up. As a side benefit, we no longer\nhave the failure exit with file already created, but reference to\nunderlying file (as well as -\u003edmabuf_export_cnt, etc.) not grabbed yet;\nunlike dma_buf_fd(), fd_install() can\u0027t fail.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38722",
"url": "https://www.suse.com/security/cve/CVE-2025-38722"
},
{
"category": "external",
"summary": "SUSE Bug 1249163 for CVE-2025-38722",
"url": "https://bugzilla.suse.com/1249163"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38722"
},
{
"cve": "CVE-2025-38724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38724"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()\n\nLei Lu recently reported that nfsd4_setclientid_confirm() did not check\nthe return value from get_client_locked(). a SETCLIENTID_CONFIRM could\nrace with a confirmed client expiring and fail to get a reference. That\ncould later lead to a UAF.\n\nFix this by getting a reference early in the case where there is an\nextant confirmed client. If that fails then treat it as if there were no\nconfirmed client found at all.\n\nIn the case where the unconfirmed client is expiring, just fail and\nreturn the result from get_client_locked().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38724",
"url": "https://www.suse.com/security/cve/CVE-2025-38724"
},
{
"category": "external",
"summary": "SUSE Bug 1249169 for CVE-2025-38724",
"url": "https://bugzilla.suse.com/1249169"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38724"
},
{
"cve": "CVE-2025-38725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38725"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: asix_devices: add phy_mask for ax88772 mdio bus\n\nWithout setting phy_mask for ax88772 mdio bus, current driver may create\nat most 32 mdio phy devices with phy address range from 0x00 ~ 0x1f.\nDLink DUB-E100 H/W Ver B1 is such a device. However, only one main phy\ndevice will bind to net phy driver. This is creating issue during system\nsuspend/resume since phy_polling_mode() in phy_state_machine() will\ndirectly deference member of phydev-\u003edrv for non-main phy devices. Then\nNULL pointer dereference issue will occur. Due to only external phy or\ninternal phy is necessary, add phy_mask for ax88772 mdio bus to workarnoud\nthe issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38725",
"url": "https://www.suse.com/security/cve/CVE-2025-38725"
},
{
"category": "external",
"summary": "SUSE Bug 1249170 for CVE-2025-38725",
"url": "https://bugzilla.suse.com/1249170"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38725"
},
{
"cve": "CVE-2025-38727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38727"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: avoid infinite retry looping in netlink_unicast()\n\nnetlink_attachskb() checks for the socket\u0027s read memory allocation\nconstraints. Firstly, it has:\n\n rmem \u003c READ_ONCE(sk-\u003esk_rcvbuf)\n\nto check if the just increased rmem value fits into the socket\u0027s receive\nbuffer. If not, it proceeds and tries to wait for the memory under:\n\n rmem + skb-\u003etruesize \u003e READ_ONCE(sk-\u003esk_rcvbuf)\n\nThe checks don\u0027t cover the case when skb-\u003etruesize + sk-\u003esk_rmem_alloc is\nequal to sk-\u003esk_rcvbuf. Thus the function neither successfully accepts\nthese conditions, nor manages to reschedule the task - and is called in\nretry loop for indefinite time which is caught as:\n\n rcu: INFO: rcu_sched self-detected stall on CPU\n rcu: 0-....: (25999 ticks this GP) idle=ef2/1/0x4000000000000000 softirq=262269/262269 fqs=6212\n (t=26000 jiffies g=230833 q=259957)\n NMI backtrace for cpu 0\n CPU: 0 PID: 22 Comm: kauditd Not tainted 5.10.240 #68\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-4.fc42 04/01/2014\n Call Trace:\n \u003cIRQ\u003e\n dump_stack lib/dump_stack.c:120\n nmi_cpu_backtrace.cold lib/nmi_backtrace.c:105\n nmi_trigger_cpumask_backtrace lib/nmi_backtrace.c:62\n rcu_dump_cpu_stacks kernel/rcu/tree_stall.h:335\n rcu_sched_clock_irq.cold kernel/rcu/tree.c:2590\n update_process_times kernel/time/timer.c:1953\n tick_sched_handle kernel/time/tick-sched.c:227\n tick_sched_timer kernel/time/tick-sched.c:1399\n __hrtimer_run_queues kernel/time/hrtimer.c:1652\n hrtimer_interrupt kernel/time/hrtimer.c:1717\n __sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1113\n asm_call_irq_on_stack arch/x86/entry/entry_64.S:808\n \u003c/IRQ\u003e\n\n netlink_attachskb net/netlink/af_netlink.c:1234\n netlink_unicast net/netlink/af_netlink.c:1349\n kauditd_send_queue kernel/audit.c:776\n kauditd_thread kernel/audit.c:897\n kthread kernel/kthread.c:328\n ret_from_fork arch/x86/entry/entry_64.S:304\n\nRestore the original behavior of the check which commit in Fixes\naccidentally missed when restructuring the code.\n\nFound by Linux Verification Center (linuxtesting.org).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38727",
"url": "https://www.suse.com/security/cve/CVE-2025-38727"
},
{
"category": "external",
"summary": "SUSE Bug 1249166 for CVE-2025-38727",
"url": "https://bugzilla.suse.com/1249166"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38727"
},
{
"cve": "CVE-2025-38729",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38729"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Validate UAC3 power domain descriptors, too\n\nUAC3 power domain descriptors need to be verified with its variable\nbLength for avoiding the unexpected OOB accesses by malicious\nfirmware, too.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38729",
"url": "https://www.suse.com/security/cve/CVE-2025-38729"
},
{
"category": "external",
"summary": "SUSE Bug 1249164 for CVE-2025-38729",
"url": "https://bugzilla.suse.com/1249164"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38729"
},
{
"cve": "CVE-2025-38730",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38730"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/net: commit partial buffers on retry\n\nRing provided buffers are potentially only valid within the single\nexecution context in which they were acquired. io_uring deals with this\nand invalidates them on retry. But on the networking side, if\nMSG_WAITALL is set, or if the socket is of the streaming type and too\nlittle was processed, then it will hang on to the buffer rather than\nrecycle or commit it. This is problematic for two reasons:\n\n1) If someone unregisters the provided buffer ring before a later retry,\n then the req-\u003ebuf_list will no longer be valid.\n\n2) If multiple sockers are using the same buffer group, then multiple\n receives can consume the same memory. This can cause data corruption\n in the application, as either receive could land in the same\n userspace buffer.\n\nFix this by disallowing partial retries from pinning a provided buffer\nacross multiple executions, if ring provided buffers are used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38730",
"url": "https://www.suse.com/security/cve/CVE-2025-38730"
},
{
"category": "external",
"summary": "SUSE Bug 1249172 for CVE-2025-38730",
"url": "https://bugzilla.suse.com/1249172"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38730"
},
{
"cve": "CVE-2025-38732",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38732"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_reject: don\u0027t leak dst refcount for loopback packets\n\nrecent patches to add a WARN() when replacing skb dst entry found an\nold bug:\n\nWARNING: include/linux/skbuff.h:1165 skb_dst_check_unset include/linux/skbuff.h:1164 [inline]\nWARNING: include/linux/skbuff.h:1165 skb_dst_set include/linux/skbuff.h:1210 [inline]\nWARNING: include/linux/skbuff.h:1165 nf_reject_fill_skb_dst+0x2a4/0x330 net/ipv4/netfilter/nf_reject_ipv4.c:234\n[..]\nCall Trace:\n nf_send_unreach+0x17b/0x6e0 net/ipv4/netfilter/nf_reject_ipv4.c:325\n nft_reject_inet_eval+0x4bc/0x690 net/netfilter/nft_reject_inet.c:27\n expr_call_ops_eval net/netfilter/nf_tables_core.c:237 [inline]\n ..\n\nThis is because blamed commit forgot about loopback packets.\nSuch packets already have a dst_entry attached, even at PRE_ROUTING stage.\n\nInstead of checking hook just check if the skb already has a route\nattached to it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38732",
"url": "https://www.suse.com/security/cve/CVE-2025-38732"
},
{
"category": "external",
"summary": "SUSE Bug 1249262 for CVE-2025-38732",
"url": "https://bugzilla.suse.com/1249262"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38732"
},
{
"cve": "CVE-2025-38733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38733"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/mm: Do not map lowcore with identity mapping\n\nSince the identity mapping is pinned to address zero the lowcore is always\nalso mapped to address zero, this happens regardless of the relocate_lowcore\ncommand line option. If the option is specified the lowcore is mapped\ntwice, instead of only once.\n\nThis means that NULL pointer accesses will succeed instead of causing an\nexception (low address protection still applies, but covers only parts).\nTo fix this never map the first two pages of physical memory with the\nidentity mapping.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38733",
"url": "https://www.suse.com/security/cve/CVE-2025-38733"
},
{
"category": "external",
"summary": "SUSE Bug 1249313 for CVE-2025-38733",
"url": "https://bugzilla.suse.com/1249313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38733"
},
{
"cve": "CVE-2025-38734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38734"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix UAF on smcsk after smc_listen_out()\n\nBPF CI testing report a UAF issue:\n\n [ 16.446633] BUG: kernel NULL pointer dereference, address: 000000000000003 0\n [ 16.447134] #PF: supervisor read access in kernel mod e\n [ 16.447516] #PF: error_code(0x0000) - not-present pag e\n [ 16.447878] PGD 0 P4D 0\n [ 16.448063] Oops: Oops: 0000 [#1] PREEMPT SMP NOPT I\n [ 16.448409] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:1 Tainted: G OE 6.13.0-rc3-g89e8a75fda73-dirty #4 2\n [ 16.449124] Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODUL E\n [ 16.449502] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/201 4\n [ 16.450201] Workqueue: smc_hs_wq smc_listen_wor k\n [ 16.450531] RIP: 0010:smc_listen_work+0xc02/0x159 0\n [ 16.452158] RSP: 0018:ffffb5ab40053d98 EFLAGS: 0001024 6\n [ 16.452526] RAX: 0000000000000001 RBX: 0000000000000002 RCX: 000000000000030 0\n [ 16.452994] RDX: 0000000000000280 RSI: 00003513840053f0 RDI: 000000000000000 0\n [ 16.453492] RBP: ffffa097808e3800 R08: ffffa09782dba1e0 R09: 000000000000000 5\n [ 16.453987] R10: 0000000000000000 R11: 0000000000000000 R12: ffffa0978274640 0\n [ 16.454497] R13: 0000000000000000 R14: 0000000000000000 R15: ffffa09782d4092 0\n [ 16.454996] FS: 0000000000000000(0000) GS:ffffa097bbc00000(0000) knlGS:000000000000000 0\n [ 16.455557] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003 3\n [ 16.455961] CR2: 0000000000000030 CR3: 0000000102788004 CR4: 0000000000770ef 0\n [ 16.456459] PKRU: 5555555 4\n [ 16.456654] Call Trace :\n [ 16.456832] \u003cTASK \u003e\n [ 16.456989] ? __die+0x23/0x7 0\n [ 16.457215] ? page_fault_oops+0x180/0x4c 0\n [ 16.457508] ? __lock_acquire+0x3e6/0x249 0\n [ 16.457801] ? exc_page_fault+0x68/0x20 0\n [ 16.458080] ? asm_exc_page_fault+0x26/0x3 0\n [ 16.458389] ? smc_listen_work+0xc02/0x159 0\n [ 16.458689] ? smc_listen_work+0xc02/0x159 0\n [ 16.458987] ? lock_is_held_type+0x8f/0x10 0\n [ 16.459284] process_one_work+0x1ea/0x6d 0\n [ 16.459570] worker_thread+0x1c3/0x38 0\n [ 16.459839] ? __pfx_worker_thread+0x10/0x1 0\n [ 16.460144] kthread+0xe0/0x11 0\n [ 16.460372] ? __pfx_kthread+0x10/0x1 0\n [ 16.460640] ret_from_fork+0x31/0x5 0\n [ 16.460896] ? __pfx_kthread+0x10/0x1 0\n [ 16.461166] ret_from_fork_asm+0x1a/0x3 0\n [ 16.461453] \u003c/TASK \u003e\n [ 16.461616] Modules linked in: bpf_testmod(OE) [last unloaded: bpf_testmod(OE) ]\n [ 16.462134] CR2: 000000000000003 0\n [ 16.462380] ---[ end trace 0000000000000000 ]---\n [ 16.462710] RIP: 0010:smc_listen_work+0xc02/0x1590\n\nThe direct cause of this issue is that after smc_listen_out_connected(),\nnewclcsock-\u003esk may be NULL since it will releases the smcsk. Therefore,\nif the application closes the socket immediately after accept,\nnewclcsock-\u003esk can be NULL. A possible execution order could be as\nfollows:\n\nsmc_listen_work | userspace\n-----------------------------------------------------------------\nlock_sock(sk) |\nsmc_listen_out_connected() |\n| \\- smc_listen_out |\n| | \\- release_sock |\n | |- sk-\u003esk_data_ready() |\n | fd = accept();\n | close(fd);\n | \\- socket-\u003esk = NULL;\n/* newclcsock-\u003esk is NULL now */\nSMC_STAT_SERV_SUCC_INC(sock_net(newclcsock-\u003esk))\n\nSince smc_listen_out_connected() will not fail, simply swapping the order\nof the code can easily fix this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38734",
"url": "https://www.suse.com/security/cve/CVE-2025-38734"
},
{
"category": "external",
"summary": "SUSE Bug 1249324 for CVE-2025-38734",
"url": "https://bugzilla.suse.com/1249324"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38734"
},
{
"cve": "CVE-2025-38735",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38735"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngve: prevent ethtool ops after shutdown\n\nA crash can occur if an ethtool operation is invoked\nafter shutdown() is called.\n\nshutdown() is invoked during system shutdown to stop DMA operations\nwithout performing expensive deallocations. It is discouraged to\nunregister the netdev in this path, so the device may still be visible\nto userspace and kernel helpers.\n\nIn gve, shutdown() tears down most internal data structures. If an\nethtool operation is dispatched after shutdown(), it will dereference\nfreed or NULL pointers, leading to a kernel panic. While graceful\nshutdown normally quiesces userspace before invoking the reboot\nsyscall, forced shutdowns (as observed on GCP VMs) can still trigger\nthis path.\n\nFix by calling netif_device_detach() in shutdown().\nThis marks the device as detached so the ethtool ioctl handler\nwill skip dispatching operations to the driver.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38735",
"url": "https://www.suse.com/security/cve/CVE-2025-38735"
},
{
"category": "external",
"summary": "SUSE Bug 1249288 for CVE-2025-38735",
"url": "https://bugzilla.suse.com/1249288"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38735"
},
{
"cve": "CVE-2025-38736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38736"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: asix_devices: Fix PHY address mask in MDIO bus initialization\n\nSyzbot reported shift-out-of-bounds exception on MDIO bus initialization.\n\nThe PHY address should be masked to 5 bits (0-31). Without this\nmask, invalid PHY addresses could be used, potentially causing issues\nwith MDIO bus operations.\n\nFix this by masking the PHY address with 0x1f (31 decimal) to ensure\nit stays within the valid range.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38736",
"url": "https://www.suse.com/security/cve/CVE-2025-38736"
},
{
"category": "external",
"summary": "SUSE Bug 1249318 for CVE-2025-38736",
"url": "https://bugzilla.suse.com/1249318"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38736"
},
{
"cve": "CVE-2025-39673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39673"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nppp: fix race conditions in ppp_fill_forward_path\n\nppp_fill_forward_path() has two race conditions:\n\n1. The ppp-\u003echannels list can change between list_empty() and\n list_first_entry(), as ppp_lock() is not held. If the only channel\n is deleted in ppp_disconnect_channel(), list_first_entry() may\n access an empty head or a freed entry, and trigger a panic.\n\n2. pch-\u003echan can be NULL. When ppp_unregister_channel() is called,\n pch-\u003echan is set to NULL before pch is removed from ppp-\u003echannels.\n\nFix these by using a lockless RCU approach:\n- Use list_first_or_null_rcu() to safely test and access the first list\n entry.\n- Convert list modifications on ppp-\u003echannels to their RCU variants and\n add synchronize_net() after removal.\n- Check for a NULL pch-\u003echan before dereferencing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39673",
"url": "https://www.suse.com/security/cve/CVE-2025-39673"
},
{
"category": "external",
"summary": "SUSE Bug 1249320 for CVE-2025-39673",
"url": "https://bugzilla.suse.com/1249320"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39673"
},
{
"cve": "CVE-2025-39675",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39675"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session()\n\nThe function mod_hdcp_hdcp1_create_session() calls the function\nget_first_active_display(), but does not check its return value.\nThe return value is a null pointer if the display list is empty.\nThis will lead to a null pointer dereference.\n\nAdd a null pointer check for get_first_active_display() and return\nMOD_HDCP_STATUS_DISPLAY_NOT_FOUND if the function return null.\n\nThis is similar to the commit c3e9826a2202\n(\"drm/amd/display: Add null pointer check for get_first_active_display()\").\n\n(cherry picked from commit 5e43eb3cd731649c4f8b9134f857be62a416c893)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39675",
"url": "https://www.suse.com/security/cve/CVE-2025-39675"
},
{
"category": "external",
"summary": "SUSE Bug 1249263 for CVE-2025-39675",
"url": "https://bugzilla.suse.com/1249263"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39675"
},
{
"cve": "CVE-2025-39677",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39677"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Fix backlog accounting in qdisc_dequeue_internal\n\nThis issue applies for the following qdiscs: hhf, fq, fq_codel, and\nfq_pie, and occurs in their change handlers when adjusting to the new\nlimit. The problem is the following in the values passed to the\nsubsequent qdisc_tree_reduce_backlog call given a tbf parent:\n\n When the tbf parent runs out of tokens, skbs of these qdiscs will\n be placed in gso_skb. Their peek handlers are qdisc_peek_dequeued,\n which accounts for both qlen and backlog. However, in the case of\n qdisc_dequeue_internal, ONLY qlen is accounted for when pulling\n from gso_skb. This means that these qdiscs are missing a\n qdisc_qstats_backlog_dec when dropping packets to satisfy the\n new limit in their change handlers.\n\n One can observe this issue with the following (with tc patched to\n support a limit of 0):\n\n export TARGET=fq\n tc qdisc del dev lo root\n tc qdisc add dev lo root handle 1: tbf rate 8bit burst 100b latency 1ms\n tc qdisc replace dev lo handle 3: parent 1:1 $TARGET limit 1000\n echo \u0027\u0027; echo \u0027add child\u0027; tc -s -d qdisc show dev lo\n ping -I lo -f -c2 -s32 -W0.001 127.0.0.1 2\u003e\u00261 \u003e/dev/null\n echo \u0027\u0027; echo \u0027after ping\u0027; tc -s -d qdisc show dev lo\n tc qdisc change dev lo handle 3: parent 1:1 $TARGET limit 0\n echo \u0027\u0027; echo \u0027after limit drop\u0027; tc -s -d qdisc show dev lo\n tc qdisc replace dev lo handle 2: parent 1:1 sfq\n echo \u0027\u0027; echo \u0027post graft\u0027; tc -s -d qdisc show dev lo\n\n The second to last show command shows 0 packets but a positive\n number (74) of backlog bytes. The problem becomes clearer in the\n last show command, where qdisc_purge_queue triggers\n qdisc_tree_reduce_backlog with the positive backlog and causes an\n underflow in the tbf parent\u0027s backlog (4096 Mb instead of 0).\n\nTo fix this issue, the codepath for all clients of qdisc_dequeue_internal\nhas been simplified: codel, pie, hhf, fq, fq_pie, and fq_codel.\nqdisc_dequeue_internal handles the backlog adjustments for all cases that\ndo not directly use the dequeue handler.\n\nThe old fq_codel_change limit adjustment loop accumulated the arguments to\nthe subsequent qdisc_tree_reduce_backlog call through the cstats field.\nHowever, this is confusing and error prone as fq_codel_dequeue could also\npotentially mutate this field (which qdisc_dequeue_internal calls in the\nnon gso_skb case), so we have unified the code here with other qdiscs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39677",
"url": "https://www.suse.com/security/cve/CVE-2025-39677"
},
{
"category": "external",
"summary": "SUSE Bug 1249300 for CVE-2025-39677",
"url": "https://bugzilla.suse.com/1249300"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39677"
},
{
"cve": "CVE-2025-39678",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39678"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86/amd/hsmp: Ensure sock-\u003emetric_tbl_addr is non-NULL\n\nIf metric table address is not allocated, accessing metrics_bin will\nresult in a NULL pointer dereference, so add a check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39678",
"url": "https://www.suse.com/security/cve/CVE-2025-39678"
},
{
"category": "external",
"summary": "SUSE Bug 1249290 for CVE-2025-39678",
"url": "https://bugzilla.suse.com/1249290"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39678"
},
{
"cve": "CVE-2025-39679",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39679"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor().\n\nWhen the nvif_vmm_type is invalid, we will return error directly\nwithout freeing the args in nvif_vmm_ctor(), which leading a memory\nleak. Fix it by setting the ret -EINVAL and goto done.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39679",
"url": "https://www.suse.com/security/cve/CVE-2025-39679"
},
{
"category": "external",
"summary": "SUSE Bug 1249338 for CVE-2025-39679",
"url": "https://bugzilla.suse.com/1249338"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39679"
},
{
"cve": "CVE-2025-39681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39681"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper\n\nSince\n\n 923f3a2b48bd (\"x86/resctrl: Query LLC monitoring properties once during boot\")\n\nresctrl_cpu_detect() has been moved from common CPU initialization code to\nthe vendor-specific BSP init helper, while Hygon didn\u0027t put that call in their\ncode.\n\nThis triggers a division by zero fault during early booting stage on our\nmachines with X86_FEATURE_CQM* supported, where get_rdt_mon_resources() tries\nto calculate mon_l3_config with uninitialized boot_cpu_data.x86_cache_occ_scale.\n\nAdd the missing resctrl_cpu_detect() in the Hygon BSP init helper.\n\n [ bp: Massage commit message. ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39681",
"url": "https://www.suse.com/security/cve/CVE-2025-39681"
},
{
"category": "external",
"summary": "SUSE Bug 1249303 for CVE-2025-39681",
"url": "https://bugzilla.suse.com/1249303"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39681"
},
{
"cve": "CVE-2025-39682",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39682"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: fix handling of zero-length records on the rx_list\n\nEach recvmsg() call must process either\n - only contiguous DATA records (any number of them)\n - one non-DATA record\n\nIf the next record has different type than what has already been\nprocessed we break out of the main processing loop. If the record\nhas already been decrypted (which may be the case for TLS 1.3 where\nwe don\u0027t know type until decryption) we queue the pending record\nto the rx_list. Next recvmsg() will pick it up from there.\n\nQueuing the skb to rx_list after zero-copy decrypt is not possible,\nsince in that case we decrypted directly to the user space buffer,\nand we don\u0027t have an skb to queue (darg.skb points to the ciphertext\nskb for access to metadata like length).\n\nOnly data records are allowed zero-copy, and we break the processing\nloop after each non-data record. So we should never zero-copy and\nthen find out that the record type has changed. The corner case\nwe missed is when the initial record comes from rx_list, and it\u0027s\nzero length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39682",
"url": "https://www.suse.com/security/cve/CVE-2025-39682"
},
{
"category": "external",
"summary": "SUSE Bug 1249284 for CVE-2025-39682",
"url": "https://bugzilla.suse.com/1249284"
},
{
"category": "external",
"summary": "SUSE Bug 1250192 for CVE-2025-39682",
"url": "https://bugzilla.suse.com/1250192"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-39682"
},
{
"cve": "CVE-2025-39683",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39683"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Limit access to parser-\u003ebuffer when trace_get_user failed\n\nWhen the length of the string written to set_ftrace_filter exceeds\nFTRACE_BUFF_MAX, the following KASAN alarm will be triggered:\n\nBUG: KASAN: slab-out-of-bounds in strsep+0x18c/0x1b0\nRead of size 1 at addr ffff0000d00bd5ba by task ash/165\n\nCPU: 1 UID: 0 PID: 165 Comm: ash Not tainted 6.16.0-g6bcdbd62bd56-dirty\nHardware name: linux,dummy-virt (DT)\nCall trace:\n show_stack+0x34/0x50 (C)\n dump_stack_lvl+0xa0/0x158\n print_address_description.constprop.0+0x88/0x398\n print_report+0xb0/0x280\n kasan_report+0xa4/0xf0\n __asan_report_load1_noabort+0x20/0x30\n strsep+0x18c/0x1b0\n ftrace_process_regex.isra.0+0x100/0x2d8\n ftrace_regex_release+0x484/0x618\n __fput+0x364/0xa58\n ____fput+0x28/0x40\n task_work_run+0x154/0x278\n do_notify_resume+0x1f0/0x220\n el0_svc+0xec/0xf0\n el0t_64_sync_handler+0xa0/0xe8\n el0t_64_sync+0x1ac/0x1b0\n\nThe reason is that trace_get_user will fail when processing a string\nlonger than FTRACE_BUFF_MAX, but not set the end of parser-\u003ebuffer to 0.\nThen an OOB access will be triggered in ftrace_regex_release-\u003e\nftrace_process_regex-\u003estrsep-\u003estrpbrk. We can solve this problem by\nlimiting access to parser-\u003ebuffer when trace_get_user failed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39683",
"url": "https://www.suse.com/security/cve/CVE-2025-39683"
},
{
"category": "external",
"summary": "SUSE Bug 1249286 for CVE-2025-39683",
"url": "https://bugzilla.suse.com/1249286"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39683"
},
{
"cve": "CVE-2025-39684",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39684"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl()\n\nsyzbot reports a KMSAN kernel-infoleak in `do_insn_ioctl()`. A kernel\nbuffer is allocated to hold `insn-\u003en` samples (each of which is an\n`unsigned int`). For some instruction types, `insn-\u003en` samples are\ncopied back to user-space, unless an error code is being returned. The\nproblem is that not all the instruction handlers that need to return\ndata to userspace fill in the whole `insn-\u003en` samples, so that there is\nan information leak. There is a similar syzbot report for\n`do_insnlist_ioctl()`, although it does not have a reproducer for it at\nthe time of writing.\n\nOne culprit is `insn_rw_emulate_bits()` which is used as the handler for\n`INSN_READ` or `INSN_WRITE` instructions for subdevices that do not have\na specific handler for that instruction, but do have an `INSN_BITS`\nhandler. For `INSN_READ` it only fills in at most 1 sample, so if\n`insn-\u003en` is greater than 1, the remaining `insn-\u003en - 1` samples copied\nto userspace will be uninitialized kernel data.\n\nAnother culprit is `vm80xx_ai_insn_read()` in the \"vm80xx\" driver. It\nnever returns an error, even if it fails to fill the buffer.\n\nFix it in `do_insn_ioctl()` and `do_insnlist_ioctl()` by making sure\nthat uninitialized parts of the allocated buffer are zeroed before\nhandling each instruction.\n\nThanks to Arnaud Lecomte for their fix to `do_insn_ioctl()`. That fix\nreplaced the call to `kmalloc_array()` with `kcalloc()`, but it is not\nalways necessary to clear the whole buffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39684",
"url": "https://www.suse.com/security/cve/CVE-2025-39684"
},
{
"category": "external",
"summary": "SUSE Bug 1249281 for CVE-2025-39684",
"url": "https://bugzilla.suse.com/1249281"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39684"
},
{
"cve": "CVE-2025-39685",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39685"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: pcl726: Prevent invalid irq number\n\nThe reproducer passed in an irq number(0x80008000) that was too large,\nwhich triggered the oob.\n\nAdded an interrupt number check to prevent users from passing in an irq\nnumber that was too large.\n\nIf `it-\u003eoptions[1]` is 31, then `1 \u003c\u003c it-\u003eoptions[1]` is still invalid\nbecause it shifts a 1-bit into the sign bit (which is UB in C).\nPossible solutions include reducing the upper bound on the\n`it-\u003eoptions[1]` value to 30 or lower, or using `1U \u003c\u003c it-\u003eoptions[1]`.\n\nThe old code would just not attempt to request the IRQ if the\n`options[1]` value were invalid. And it would still configure the\ndevice without interrupts even if the call to `request_irq` returned an\nerror. So it would be better to combine this test with the test below.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39685",
"url": "https://www.suse.com/security/cve/CVE-2025-39685"
},
{
"category": "external",
"summary": "SUSE Bug 1249282 for CVE-2025-39685",
"url": "https://bugzilla.suse.com/1249282"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39685"
},
{
"cve": "CVE-2025-39686",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39686"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: Make insn_rw_emulate_bits() do insn-\u003en samples\n\nThe `insn_rw_emulate_bits()` function is used as a default handler for\n`INSN_READ` instructions for subdevices that have a handler for\n`INSN_BITS` but not for `INSN_READ`. Similarly, it is used as a default\nhandler for `INSN_WRITE` instructions for subdevices that have a handler\nfor `INSN_BITS` but not for `INSN_WRITE`. It works by emulating the\n`INSN_READ` or `INSN_WRITE` instruction handling with a constructed\n`INSN_BITS` instruction. However, `INSN_READ` and `INSN_WRITE`\ninstructions are supposed to be able read or write multiple samples,\nindicated by the `insn-\u003en` value, but `insn_rw_emulate_bits()` currently\nonly handles a single sample. For `INSN_READ`, the comedi core will\ncopy `insn-\u003en` samples back to user-space. (That triggered KASAN\nkernel-infoleak errors when `insn-\u003en` was greater than 1, but that is\nbeing fixed more generally elsewhere in the comedi core.)\n\nMake `insn_rw_emulate_bits()` either handle `insn-\u003en` samples, or return\nan error, to conform to the general expectation for `INSN_READ` and\n`INSN_WRITE` handlers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39686",
"url": "https://www.suse.com/security/cve/CVE-2025-39686"
},
{
"category": "external",
"summary": "SUSE Bug 1249312 for CVE-2025-39686",
"url": "https://bugzilla.suse.com/1249312"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39686"
},
{
"cve": "CVE-2025-39687",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39687"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: light: as73211: Ensure buffer holes are zeroed\n\nGiven that the buffer is copied to a kfifo that ultimately user space\ncan read, ensure we zero it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39687",
"url": "https://www.suse.com/security/cve/CVE-2025-39687"
},
{
"category": "external",
"summary": "SUSE Bug 1249316 for CVE-2025-39687",
"url": "https://bugzilla.suse.com/1249316"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39687"
},
{
"cve": "CVE-2025-39691",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39691"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/buffer: fix use-after-free when call bh_read() helper\n\nThere\u0027s issue as follows:\nBUG: KASAN: stack-out-of-bounds in end_buffer_read_sync+0xe3/0x110\nRead of size 8 at addr ffffc9000168f7f8 by task swapper/3/0\nCPU: 3 UID: 0 PID: 0 Comm: swapper/3 Not tainted 6.16.0-862.14.0.6.x86_64\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996)\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x55/0x70\n print_address_description.constprop.0+0x2c/0x390\n print_report+0xb4/0x270\n kasan_report+0xb8/0xf0\n end_buffer_read_sync+0xe3/0x110\n end_bio_bh_io_sync+0x56/0x80\n blk_update_request+0x30a/0x720\n scsi_end_request+0x51/0x2b0\n scsi_io_completion+0xe3/0x480\n ? scsi_device_unbusy+0x11e/0x160\n blk_complete_reqs+0x7b/0x90\n handle_softirqs+0xef/0x370\n irq_exit_rcu+0xa5/0xd0\n sysvec_apic_timer_interrupt+0x6e/0x90\n \u003c/IRQ\u003e\n\n Above issue happens when do ntfs3 filesystem mount, issue may happens\n as follows:\n mount IRQ\nntfs_fill_super\n read_cache_page\n do_read_cache_folio\n filemap_read_folio\n mpage_read_folio\n\t do_mpage_readpage\n\t ntfs_get_block_vbo\n\t bh_read\n\t submit_bh\n\t wait_on_buffer(bh);\n\t blk_complete_reqs\n\t\t\t\t scsi_io_completion\n\t\t\t\t scsi_end_request\n\t\t\t\t blk_update_request\n\t\t\t\t end_bio_bh_io_sync\n\t\t\t\t\t end_buffer_read_sync\n\t\t\t\t\t __end_buffer_read_notouch\n\t\t\t\t\t unlock_buffer\n\n wait_on_buffer(bh);--\u003e return will return to caller\n\n\t\t\t\t\t put_bh\n\t\t\t\t\t --\u003e trigger stack-out-of-bounds\nIn the mpage_read_folio() function, the stack variable \u0027map_bh\u0027 is\npassed to ntfs_get_block_vbo(). Once unlock_buffer() unlocks and\nwait_on_buffer() returns to continue processing, the stack variable\nis likely to be reclaimed. Consequently, during the end_buffer_read_sync()\nprocess, calling put_bh() may result in stack overrun.\n\nIf the bh is not allocated on the stack, it belongs to a folio. Freeing\na buffer head which belongs to a folio is done by drop_buffers() which\nwill fail to free buffers which are still locked. So it is safe to call\nput_bh() before __end_buffer_read_notouch().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39691",
"url": "https://www.suse.com/security/cve/CVE-2025-39691"
},
{
"category": "external",
"summary": "SUSE Bug 1249374 for CVE-2025-39691",
"url": "https://bugzilla.suse.com/1249374"
},
{
"category": "external",
"summary": "SUSE Bug 1249392 for CVE-2025-39691",
"url": "https://bugzilla.suse.com/1249392"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39691"
},
{
"cve": "CVE-2025-39693",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39693"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid a NULL pointer dereference\n\n[WHY]\nAlthough unlikely drm_atomic_get_new_connector_state() or\ndrm_atomic_get_old_connector_state() can return NULL.\n\n[HOW]\nCheck returns before dereference.\n\n(cherry picked from commit 1e5e8d672fec9f2ab352be121be971877bff2af9)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39693",
"url": "https://www.suse.com/security/cve/CVE-2025-39693"
},
{
"category": "external",
"summary": "SUSE Bug 1249279 for CVE-2025-39693",
"url": "https://bugzilla.suse.com/1249279"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39693"
},
{
"cve": "CVE-2025-39694",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39694"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/sclp: Fix SCCB present check\n\nTracing code called by the SCLP interrupt handler contains early exits\nif the SCCB address associated with an interrupt is NULL. This check is\nperformed after physical to virtual address translation.\n\nIf the kernel identity mapping does not start at address zero, the\nresulting virtual address is never zero, so that the NULL checks won\u0027t\nwork. Subsequently this may result in incorrect accesses to the first\npage of the identity mapping.\n\nFix this by introducing a function that handles the NULL case before\naddress translation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39694",
"url": "https://www.suse.com/security/cve/CVE-2025-39694"
},
{
"category": "external",
"summary": "SUSE Bug 1249299 for CVE-2025-39694",
"url": "https://bugzilla.suse.com/1249299"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39694"
},
{
"cve": "CVE-2025-39695",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39695"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Flush delayed SKBs while releasing RXE resources\n\nWhen skb packets are sent out, these skb packets still depends on\nthe rxe resources, for example, QP, sk, when these packets are\ndestroyed.\n\nIf these rxe resources are released when the skb packets are destroyed,\nthe call traces will appear.\n\nTo avoid skb packets hang too long time in some network devices,\na timestamp is added when these skb packets are created. If these\nskb packets hang too long time in network devices, these network\ndevices can free these skb packets to release rxe resources.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39695",
"url": "https://www.suse.com/security/cve/CVE-2025-39695"
},
{
"category": "external",
"summary": "SUSE Bug 1249306 for CVE-2025-39695",
"url": "https://bugzilla.suse.com/1249306"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39695"
},
{
"cve": "CVE-2025-39697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Fix a race when updating an existing write\n\nAfter nfs_lock_and_join_requests() tests for whether the request is\nstill attached to the mapping, nothing prevents a call to\nnfs_inode_remove_request() from succeeding until we actually lock the\npage group.\nThe reason is that whoever called nfs_inode_remove_request() doesn\u0027t\nnecessarily have a lock on the page group head.\n\nSo in order to avoid races, let\u0027s take the page group lock earlier in\nnfs_lock_and_join_requests(), and hold it across the removal of the\nrequest in nfs_inode_remove_request().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39697",
"url": "https://www.suse.com/security/cve/CVE-2025-39697"
},
{
"category": "external",
"summary": "SUSE Bug 1249319 for CVE-2025-39697",
"url": "https://bugzilla.suse.com/1249319"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39697"
},
{
"cve": "CVE-2025-39698",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39698"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/futex: ensure io_futex_wait() cleans up properly on failure\n\nThe io_futex_data is allocated upfront and assigned to the io_kiocb\nasync_data field, but the request isn\u0027t marked with REQ_F_ASYNC_DATA\nat that point. Those two should always go together, as the flag tells\nio_uring whether the field is valid or not.\n\nAdditionally, on failure cleanup, the futex handler frees the data but\ndoes not clear -\u003easync_data. Clear the data and the flag in the error\npath as well.\n\nThanks to Trend Micro Zero Day Initiative and particularly ReDress for\nreporting this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39698",
"url": "https://www.suse.com/security/cve/CVE-2025-39698"
},
{
"category": "external",
"summary": "SUSE Bug 1249322 for CVE-2025-39698",
"url": "https://bugzilla.suse.com/1249322"
},
{
"category": "external",
"summary": "SUSE Bug 1250190 for CVE-2025-39698",
"url": "https://bugzilla.suse.com/1250190"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-39698"
},
{
"cve": "CVE-2025-39700",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39700"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/ops-common: ignore migration request to invalid nodes\n\ndamon_migrate_pages() tries migration even if the target node is invalid. \nIf users mistakenly make such invalid requests via\nDAMOS_MIGRATE_{HOT,COLD} action, the below kernel BUG can happen.\n\n [ 7831.883495] BUG: unable to handle page fault for address: 0000000000001f48\n [ 7831.884160] #PF: supervisor read access in kernel mode\n [ 7831.884681] #PF: error_code(0x0000) - not-present page\n [ 7831.885203] PGD 0 P4D 0\n [ 7831.885468] Oops: Oops: 0000 [#1] SMP PTI\n [ 7831.885852] CPU: 31 UID: 0 PID: 94202 Comm: kdamond.0 Not tainted 6.16.0-rc5-mm-new-damon+ #93 PREEMPT(voluntary)\n [ 7831.886913] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-4.el9 04/01/2014\n [ 7831.887777] RIP: 0010:__alloc_frozen_pages_noprof (include/linux/mmzone.h:1724 include/linux/mmzone.h:1750 mm/page_alloc.c:4936 mm/page_alloc.c:5137)\n [...]\n [ 7831.895953] Call Trace:\n [ 7831.896195] \u003cTASK\u003e\n [ 7831.896397] __folio_alloc_noprof (mm/page_alloc.c:5183 mm/page_alloc.c:5192)\n [ 7831.896787] migrate_pages_batch (mm/migrate.c:1189 mm/migrate.c:1851)\n [ 7831.897228] ? __pfx_alloc_migration_target (mm/migrate.c:2137)\n [ 7831.897735] migrate_pages (mm/migrate.c:2078)\n [ 7831.898141] ? __pfx_alloc_migration_target (mm/migrate.c:2137)\n [ 7831.898664] damon_migrate_folio_list (mm/damon/ops-common.c:321 mm/damon/ops-common.c:354)\n [ 7831.899140] damon_migrate_pages (mm/damon/ops-common.c:405)\n [...]\n\nAdd a target node validity check in damon_migrate_pages(). The validity\ncheck is stolen from that of do_pages_move(), which is being used for the\nmove_pages() system call.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39700",
"url": "https://www.suse.com/security/cve/CVE-2025-39700"
},
{
"category": "external",
"summary": "SUSE Bug 1249309 for CVE-2025-39700",
"url": "https://bugzilla.suse.com/1249309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39700"
},
{
"cve": "CVE-2025-39701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39701"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: pfr_update: Fix the driver update version check\n\nThe security-version-number check should be used rather\nthan the runtime version check for driver updates.\n\nOtherwise, the firmware update would fail when the update binary had\na lower runtime version number than the current one.\n\n[ rjw: Changelog edits ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39701",
"url": "https://www.suse.com/security/cve/CVE-2025-39701"
},
{
"category": "external",
"summary": "SUSE Bug 1249308 for CVE-2025-39701",
"url": "https://bugzilla.suse.com/1249308"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39701"
},
{
"cve": "CVE-2025-39703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39703"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet, hsr: reject HSR frame if skb can\u0027t hold tag\n\nReceiving HSR frame with insufficient space to hold HSR tag in the skb\ncan result in a crash (kernel BUG):\n\n[ 45.390915] skbuff: skb_under_panic: text:ffffffff86f32cac len:26 put:14 head:ffff888042418000 data:ffff888042417ff4 tail:0xe end:0x180 dev:bridge_slave_1\n[ 45.392559] ------------[ cut here ]------------\n[ 45.392912] kernel BUG at net/core/skbuff.c:211!\n[ 45.393276] Oops: invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN NOPTI\n[ 45.393809] CPU: 1 UID: 0 PID: 2496 Comm: reproducer Not tainted 6.15.0 #12 PREEMPT(undef)\n[ 45.394433] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\n[ 45.395273] RIP: 0010:skb_panic+0x15b/0x1d0\n\n\u003csnip registers, remove unreliable trace\u003e\n\n[ 45.402911] Call Trace:\n[ 45.403105] \u003cIRQ\u003e\n[ 45.404470] skb_push+0xcd/0xf0\n[ 45.404726] br_dev_queue_push_xmit+0x7c/0x6c0\n[ 45.406513] br_forward_finish+0x128/0x260\n[ 45.408483] __br_forward+0x42d/0x590\n[ 45.409464] maybe_deliver+0x2eb/0x420\n[ 45.409763] br_flood+0x174/0x4a0\n[ 45.410030] br_handle_frame_finish+0xc7c/0x1bc0\n[ 45.411618] br_handle_frame+0xac3/0x1230\n[ 45.413674] __netif_receive_skb_core.constprop.0+0x808/0x3df0\n[ 45.422966] __netif_receive_skb_one_core+0xb4/0x1f0\n[ 45.424478] __netif_receive_skb+0x22/0x170\n[ 45.424806] process_backlog+0x242/0x6d0\n[ 45.425116] __napi_poll+0xbb/0x630\n[ 45.425394] net_rx_action+0x4d1/0xcc0\n[ 45.427613] handle_softirqs+0x1a4/0x580\n[ 45.427926] do_softirq+0x74/0x90\n[ 45.428196] \u003c/IRQ\u003e\n\nThis issue was found by syzkaller.\n\nThe panic happens in br_dev_queue_push_xmit() once it receives a\ncorrupted skb with ETH header already pushed in linear data. When it\nattempts the skb_push() call, there\u0027s not enough headroom and\nskb_push() panics.\n\nThe corrupted skb is put on the queue by HSR layer, which makes a\nsequence of unintended transformations when it receives a specific\ncorrupted HSR frame (with incomplete TAG).\n\nFix it by dropping and consuming frames that are not long enough to\ncontain both ethernet and hsr headers.\n\nAlternative fix would be to check for enough headroom before skb_push()\nin br_dev_queue_push_xmit().\n\nIn the reproducer, this is injected via AF_PACKET, but I don\u0027t easily\nsee why it couldn\u0027t be sent over the wire from adjacent network.\n\nFurther Details:\n\nIn the reproducer, the following network interface chain is set up:\n\n \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\n| veth0_to_hsr \u251c\u2500\u2500\u2500\u2524 hsr_slave0 \u253c\u2500\u2500\u2500\u2510\n \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 |\n | \u2500\u2500\u2500\u2500\u2500\u2500\u2510\n \u251c\u2500\u2524 hsr0 \u251c\u2500\u2500\u2500\u2510\n | \u2500\u2500\u2500\u2500\u2500\u2500\u2518 |\n \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | | \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\n| veth1_to_hsr \u253c\u2500\u2500\u2500\u2524 hsr_slave1 \u251c\u2500\u2500\u2500\u2518 \u2524 |\n \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u253c bridge |\n || |\n | \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n |\n \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 |\n | ... \u251c\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n\nTo trigger the events leading up to crash, reproducer sends a corrupted\nHSR fr\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39703",
"url": "https://www.suse.com/security/cve/CVE-2025-39703"
},
{
"category": "external",
"summary": "SUSE Bug 1249315 for CVE-2025-39703",
"url": "https://bugzilla.suse.com/1249315"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39703"
},
{
"cve": "CVE-2025-39705",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39705"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix a Null pointer dereference vulnerability\n\n[Why]\nA null pointer dereference vulnerability exists in the AMD display driver\u0027s\n(DC module) cleanup function dc_destruct().\nWhen display control context (dc-\u003ectx) construction fails\n(due to memory allocation failure), this pointer remains NULL.\nDuring subsequent error handling when dc_destruct() is called,\nthere\u0027s no NULL check before dereferencing the perf_trace member\n(dc-\u003ectx-\u003eperf_trace), causing a kernel null pointer dereference crash.\n\n[How]\nCheck if dc-\u003ectx is non-NULL before dereferencing.\n\n(Updated commit text and removed unnecessary error message)\n(cherry picked from commit 9dd8e2ba268c636c240a918e0a31e6feaee19404)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39705",
"url": "https://www.suse.com/security/cve/CVE-2025-39705"
},
{
"category": "external",
"summary": "SUSE Bug 1249295 for CVE-2025-39705",
"url": "https://bugzilla.suse.com/1249295"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39705"
},
{
"cve": "CVE-2025-39706",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39706"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Destroy KFD debugfs after destroy KFD wq\n\nSince KFD proc content was moved to kernel debugfs, we can\u0027t destroy KFD\ndebugfs before kfd_process_destroy_wq. Move kfd_process_destroy_wq prior\nto kfd_debugfs_fini to fix a kernel NULL pointer problem. It happens\nwhen /sys/kernel/debug/kfd was already destroyed in kfd_debugfs_fini but\nkfd_process_destroy_wq calls kfd_debugfs_remove_process. This line\n debugfs_remove_recursive(entry-\u003eproc_dentry);\ntries to remove /sys/kernel/debug/kfd/proc/\u003cpid\u003e while\n/sys/kernel/debug/kfd is already gone. It hangs the kernel by kernel\nNULL pointer.\n\n(cherry picked from commit 0333052d90683d88531558dcfdbf2525cc37c233)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39706",
"url": "https://www.suse.com/security/cve/CVE-2025-39706"
},
{
"category": "external",
"summary": "SUSE Bug 1249413 for CVE-2025-39706",
"url": "https://bugzilla.suse.com/1249413"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39706"
},
{
"cve": "CVE-2025-39707",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39707"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities\n\nHUBBUB structure is not initialized on DCE hardware, so check if it is NULL\nto avoid null dereference while accessing amdgpu_dm_capabilities file in\ndebugfs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39707",
"url": "https://www.suse.com/security/cve/CVE-2025-39707"
},
{
"category": "external",
"summary": "SUSE Bug 1249333 for CVE-2025-39707",
"url": "https://bugzilla.suse.com/1249333"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39707"
},
{
"cve": "CVE-2025-39709",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39709"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: protect against spurious interrupts during probe\n\nMake sure the interrupt handler is initialized before the interrupt is\nregistered.\n\nIf the IRQ is registered before hfi_create(), it\u0027s possible that an\ninterrupt fires before the handler setup is complete, leading to a NULL\ndereference.\n\nThis error condition has been observed during system boot on Rb3Gen2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39709",
"url": "https://www.suse.com/security/cve/CVE-2025-39709"
},
{
"category": "external",
"summary": "SUSE Bug 1249278 for CVE-2025-39709",
"url": "https://bugzilla.suse.com/1249278"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39709"
},
{
"cve": "CVE-2025-39710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39710"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: Add a check for packet size after reading from shared memory\n\nAdd a check to ensure that the packet size does not exceed the number of\navailable words after reading the packet header from shared memory. This\nensures that the size provided by the firmware is safe to process and\nprevent potential out-of-bounds memory access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39710",
"url": "https://www.suse.com/security/cve/CVE-2025-39710"
},
{
"category": "external",
"summary": "SUSE Bug 1249304 for CVE-2025-39710",
"url": "https://bugzilla.suse.com/1249304"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39710"
},
{
"cve": "CVE-2025-39711",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39711"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls\n\nBoth the ACE and CSI driver are missing a mei_cldev_disable() call in\ntheir remove() function.\n\nThis causes the mei_cl client to stay part of the mei_device-\u003efile_list\nlist even though its memory is freed by mei_cl_bus_dev_release() calling\nkfree(cldev-\u003ecl).\n\nThis leads to a use-after-free when mei_vsc_remove() runs mei_stop()\nwhich first removes all mei bus devices calling mei_ace_remove() and\nmei_csi_remove() followed by mei_cl_bus_dev_release() and then calls\nmei_cl_all_disconnect() which walks over mei_device-\u003efile_list dereferecing\nthe just freed cldev-\u003ecl.\n\nAnd mei_vsc_remove() it self is run at shutdown because of the\nplatform_device_unregister(tp-\u003epdev) in vsc_tp_shutdown()\n\nWhen building a kernel with KASAN this leads to the following KASAN report:\n\n[ 106.634504] ==================================================================\n[ 106.634623] BUG: KASAN: slab-use-after-free in mei_cl_set_disconnected (drivers/misc/mei/client.c:783) mei\n[ 106.634683] Read of size 4 at addr ffff88819cb62018 by task systemd-shutdow/1\n[ 106.634729]\n[ 106.634767] Tainted: [E]=UNSIGNED_MODULE\n[ 106.634770] Hardware name: Dell Inc. XPS 16 9640/09CK4V, BIOS 1.12.0 02/10/2025\n[ 106.634773] Call Trace:\n[ 106.634777] \u003cTASK\u003e\n...\n[ 106.634871] kasan_report (mm/kasan/report.c:221 mm/kasan/report.c:636)\n[ 106.634901] mei_cl_set_disconnected (drivers/misc/mei/client.c:783) mei\n[ 106.634921] mei_cl_all_disconnect (drivers/misc/mei/client.c:2165 (discriminator 4)) mei\n[ 106.634941] mei_reset (drivers/misc/mei/init.c:163) mei\n...\n[ 106.635042] mei_stop (drivers/misc/mei/init.c:348) mei\n[ 106.635062] mei_vsc_remove (drivers/misc/mei/mei_dev.h:784 drivers/misc/mei/platform-vsc.c:393) mei_vsc\n[ 106.635066] platform_remove (drivers/base/platform.c:1424)\n\nAdd the missing mei_cldev_disable() calls so that the mei_cl gets removed\nfrom mei_device-\u003efile_list before it is freed to fix this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39711",
"url": "https://www.suse.com/security/cve/CVE-2025-39711"
},
{
"category": "external",
"summary": "SUSE Bug 1249274 for CVE-2025-39711",
"url": "https://bugzilla.suse.com/1249274"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39711"
},
{
"cve": "CVE-2025-39712",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39712"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mt9m114: Fix deadlock in get_frame_interval/set_frame_interval\n\nGetting / Setting the frame interval using the V4L2 subdev pad ops\nget_frame_interval/set_frame_interval causes a deadlock, as the\nsubdev state is locked in the [1] but also in the driver itself.\n\nIn [2] it\u0027s described that the caller is responsible to acquire and\nrelease the lock in this case. Therefore, acquiring the lock in the\ndriver is wrong.\n\nRemove the lock acquisitions/releases from mt9m114_ifp_get_frame_interval()\nand mt9m114_ifp_set_frame_interval().\n\n[1] drivers/media/v4l2-core/v4l2-subdev.c - line 1129\n[2] Documentation/driver-api/media/v4l2-subdev.rst",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39712",
"url": "https://www.suse.com/security/cve/CVE-2025-39712"
},
{
"category": "external",
"summary": "SUSE Bug 1249269 for CVE-2025-39712",
"url": "https://bugzilla.suse.com/1249269"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39712"
},
{
"cve": "CVE-2025-39713",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39713"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: rainshadow-cec: fix TOCTOU race condition in rain_interrupt()\n\nIn the interrupt handler rain_interrupt(), the buffer full check on\nrain-\u003ebuf_len is performed before acquiring rain-\u003ebuf_lock. This\ncreates a Time-of-Check to Time-of-Use (TOCTOU) race condition, as\nrain-\u003ebuf_len is concurrently accessed and modified in the work\nhandler rain_irq_work_handler() under the same lock.\n\nMultiple interrupt invocations can race, with each reading buf_len\nbefore it becomes full and then proceeding. This can lead to both\ninterrupts attempting to write to the buffer, incrementing buf_len\nbeyond its capacity (DATA_SIZE) and causing a buffer overflow.\n\nFix this bug by moving the spin_lock() to before the buffer full\ncheck. This ensures that the check and the subsequent buffer modification\nare performed atomically, preventing the race condition. An corresponding\nspin_unlock() is added to the overflow path to correctly release the\nlock.\n\nThis possible bug was found by an experimental static analysis tool\ndeveloped by our team.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39713",
"url": "https://www.suse.com/security/cve/CVE-2025-39713"
},
{
"category": "external",
"summary": "SUSE Bug 1249321 for CVE-2025-39713",
"url": "https://bugzilla.suse.com/1249321"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39713"
},
{
"cve": "CVE-2025-39714",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39714"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: usbtv: Lock resolution while streaming\n\nWhen an program is streaming (ffplay) and another program (qv4l2)\nchanges the TV standard from NTSC to PAL, the kernel crashes due to trying\nto copy to unmapped memory.\n\nChanging from NTSC to PAL increases the resolution in the usbtv struct,\nbut the video plane buffer isn\u0027t adjusted, so it overflows.\n\n[hverkuil: call vb2_is_busy instead of vb2_is_streaming]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39714",
"url": "https://www.suse.com/security/cve/CVE-2025-39714"
},
{
"category": "external",
"summary": "SUSE Bug 1249273 for CVE-2025-39714",
"url": "https://bugzilla.suse.com/1249273"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39714"
},
{
"cve": "CVE-2025-39718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/virtio: Validate length in packet header before skb_put()\n\nWhen receiving a vsock packet in the guest, only the virtqueue buffer\nsize is validated prior to virtio_vsock_skb_rx_put(). Unfortunately,\nvirtio_vsock_skb_rx_put() uses the length from the packet header as the\nlength argument to skb_put(), potentially resulting in SKB overflow if\nthe host has gone wonky.\n\nValidate the length as advertised by the packet header before calling\nvirtio_vsock_skb_rx_put().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39718",
"url": "https://www.suse.com/security/cve/CVE-2025-39718"
},
{
"category": "external",
"summary": "SUSE Bug 1249305 for CVE-2025-39718",
"url": "https://bugzilla.suse.com/1249305"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39718"
},
{
"cve": "CVE-2025-39719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39719"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: imu: bno055: fix OOB access of hw_xlate array\n\nFix a potential out-of-bounds array access of the hw_xlate array in\nbno055.c.\n\nIn bno055_get_regmask(), hw_xlate was iterated over the length of the\nvals array instead of the length of the hw_xlate array. In the case of\nbno055_gyr_scale, the vals array is larger than the hw_xlate array,\nso this could result in an out-of-bounds access. In practice, this\nshouldn\u0027t happen though because a match should always be found which\nbreaks out of the for loop before it iterates beyond the end of the\nhw_xlate array.\n\nBy adding a new hw_xlate_len field to the bno055_sysfs_attr, we can be\nsure we are iterating over the correct length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39719",
"url": "https://www.suse.com/security/cve/CVE-2025-39719"
},
{
"category": "external",
"summary": "SUSE Bug 1249271 for CVE-2025-39719",
"url": "https://bugzilla.suse.com/1249271"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39719"
},
{
"cve": "CVE-2025-39721",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39721"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat - flush misc workqueue during device shutdown\n\nRepeated loading and unloading of a device specific QAT driver, for\nexample qat_4xxx, in a tight loop can lead to a crash due to a\nuse-after-free scenario. This occurs when a power management (PM)\ninterrupt triggers just before the device-specific driver (e.g.,\nqat_4xxx.ko) is unloaded, while the core driver (intel_qat.ko) remains\nloaded.\n\nSince the driver uses a shared workqueue (`qat_misc_wq`) across all\ndevices and owned by intel_qat.ko, a deferred routine from the\ndevice-specific driver may still be pending in the queue. If this\nroutine executes after the driver is unloaded, it can dereference freed\nmemory, resulting in a page fault and kernel crash like the following:\n\n BUG: unable to handle page fault for address: ffa000002e50a01c\n #PF: supervisor read access in kernel mode\n RIP: 0010:pm_bh_handler+0x1d2/0x250 [intel_qat]\n Call Trace:\n pm_bh_handler+0x1d2/0x250 [intel_qat]\n process_one_work+0x171/0x340\n worker_thread+0x277/0x3a0\n kthread+0xf0/0x120\n ret_from_fork+0x2d/0x50\n\nTo prevent this, flush the misc workqueue during device shutdown to\nensure that all pending work items are completed before the driver is\nunloaded.\n\nNote: This approach may slightly increase shutdown latency if the\nworkqueue contains jobs from other devices, but it ensures correctness\nand stability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39721",
"url": "https://www.suse.com/security/cve/CVE-2025-39721"
},
{
"category": "external",
"summary": "SUSE Bug 1249323 for CVE-2025-39721",
"url": "https://bugzilla.suse.com/1249323"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39721"
},
{
"cve": "CVE-2025-39722",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39722"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: caam - Prevent crash on suspend with iMX8QM / iMX8ULP\n\nSince the CAAM on these SoCs is managed by another ARM core, called the\nSECO (Security Controller) on iMX8QM and Secure Enclave on iMX8ULP, which\nalso reserves access to register page 0 suspend operations cannot touch\nthis page.\n\nThis is similar to when running OPTEE, where OPTEE will reserve page 0.\n\nTrack this situation using a new state variable no_page0, reflecting if\npage 0 is reserved elsewhere, either by other management cores in SoC or\nby OPTEE.\n\nReplace the optee_en check in suspend/resume with the new check.\n\noptee_en cannot go away as it\u0027s needed elsewhere to gate OPTEE specific\nsituations.\n\nFixes the following splat at suspend:\n\n Internal error: synchronous external abort: 0000000096000010 [#1] SMP\n Hardware name: Freescale i.MX8QXP ACU6C (DT)\n pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : readl+0x0/0x18\n lr : rd_reg32+0x18/0x3c\n sp : ffffffc08192ba20\n x29: ffffffc08192ba20 x28: ffffff8025190000 x27: 0000000000000000\n x26: ffffffc0808ae808 x25: ffffffc080922338 x24: ffffff8020e89090\n x23: 0000000000000000 x22: ffffffc080922000 x21: ffffff8020e89010\n x20: ffffffc080387ef8 x19: ffffff8020e89010 x18: 000000005d8000d5\n x17: 0000000030f35963 x16: 000000008f785f3f x15: 000000003b8ef57c\n x14: 00000000c418aef8 x13: 00000000f5fea526 x12: 0000000000000001\n x11: 0000000000000002 x10: 0000000000000001 x9 : 0000000000000000\n x8 : ffffff8025190870 x7 : ffffff8021726880 x6 : 0000000000000002\n x5 : ffffff80217268f0 x4 : ffffff8021726880 x3 : ffffffc081200000\n x2 : 0000000000000001 x1 : ffffff8020e89010 x0 : ffffffc081200004\n Call trace:\n readl+0x0/0x18\n caam_ctrl_suspend+0x30/0xdc\n dpm_run_callback.constprop.0+0x24/0x5c\n device_suspend+0x170/0x2e8\n dpm_suspend+0xa0/0x104\n dpm_suspend_start+0x48/0x50\n suspend_devices_and_enter+0x7c/0x45c\n pm_suspend+0x148/0x160\n state_store+0xb4/0xf8\n kobj_attr_store+0x14/0x24\n sysfs_kf_write+0x38/0x48\n kernfs_fop_write_iter+0xb4/0x178\n vfs_write+0x118/0x178\n ksys_write+0x6c/0xd0\n __arm64_sys_write+0x14/0x1c\n invoke_syscall.constprop.0+0x64/0xb0\n do_el0_svc+0x90/0xb0\n el0_svc+0x18/0x44\n el0t_64_sync_handler+0x88/0x124\n el0t_64_sync+0x150/0x154\n Code: 88dffc21 88dffc21 5ac00800 d65f03c0 (b9400000)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39722",
"url": "https://www.suse.com/security/cve/CVE-2025-39722"
},
{
"category": "external",
"summary": "SUSE Bug 1249301 for CVE-2025-39722",
"url": "https://bugzilla.suse.com/1249301"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39722"
},
{
"cve": "CVE-2025-39723",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39723"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Fix unbuffered write error handling\n\nIf all the subrequests in an unbuffered write stream fail, the subrequest\ncollector doesn\u0027t update the stream-\u003etransferred value and it retains its\ninitial LONG_MAX value. Unfortunately, if all active streams fail, then we\ntake the smallest value of { LONG_MAX, LONG_MAX, ... } as the value to set\nin wreq-\u003etransferred - which is then returned from -\u003ewrite_iter().\n\nLONG_MAX was chosen as the initial value so that all the streams can be\nquickly assessed by taking the smallest value of all stream-\u003etransferred -\nbut this only works if we\u0027ve set any of them.\n\nFix this by adding a flag to indicate whether the value in\nstream-\u003etransferred is valid and checking that when we integrate the\nvalues. stream-\u003etransferred can then be initialised to zero.\n\nThis was found by running the generic/750 xfstest against cifs with\ncache=none. It splices data to the target file. Once (if) it has used up\nall the available scratch space, the writes start failing with ENOSPC.\nThis causes -\u003ewrite_iter() to fail. However, it was returning\nwreq-\u003etransferred, i.e. LONG_MAX, rather than an error (because it thought\nthe amount transferred was non-zero) and iter_file_splice_write() would\nthen try to clean up that amount of pipe bufferage - leading to an oops\nwhen it overran. The kernel log showed:\n\n CIFS: VFS: Send error in write = -28\n\nfollowed by:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000008\n\nwith:\n\n RIP: 0010:iter_file_splice_write+0x3a4/0x520\n do_splice+0x197/0x4e0\n\nor:\n\n RIP: 0010:pipe_buf_release (include/linux/pipe_fs_i.h:282)\n iter_file_splice_write (fs/splice.c:755)\n\nAlso put a warning check into splice to announce if -\u003ewrite_iter() returned\nthat it had written more than it was asked to.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39723",
"url": "https://www.suse.com/security/cve/CVE-2025-39723"
},
{
"category": "external",
"summary": "SUSE Bug 1249314 for CVE-2025-39723",
"url": "https://bugzilla.suse.com/1249314"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39723"
},
{
"cve": "CVE-2025-39724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39724"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: 8250: fix panic due to PSLVERR\n\nWhen the PSLVERR_RESP_EN parameter is set to 1, the device generates\nan error response if an attempt is made to read an empty RBR (Receive\nBuffer Register) while the FIFO is enabled.\n\nIn serial8250_do_startup(), calling serial_port_out(port, UART_LCR,\nUART_LCR_WLEN8) triggers dw8250_check_lcr(), which invokes\ndw8250_force_idle() and serial8250_clear_and_reinit_fifos(). The latter\nfunction enables the FIFO via serial_out(p, UART_FCR, p-\u003efcr).\nExecution proceeds to the serial_port_in(port, UART_RX).\nThis satisfies the PSLVERR trigger condition.\n\nWhen another CPU (e.g., using printk()) is accessing the UART (UART\nis busy), the current CPU fails the check (value \u0026 ~UART_LCR_SPAR) ==\n(lcr \u0026 ~UART_LCR_SPAR) in dw8250_check_lcr(), causing it to enter\ndw8250_force_idle().\n\nPut serial_port_out(port, UART_LCR, UART_LCR_WLEN8) under the port-\u003elock\nto fix this issue.\n\nPanic backtrace:\n[ 0.442336] Oops - unknown exception [#1]\n[ 0.442343] epc : dw8250_serial_in32+0x1e/0x4a\n[ 0.442351] ra : serial8250_do_startup+0x2c8/0x88e\n...\n[ 0.442416] console_on_rootfs+0x26/0x70",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39724",
"url": "https://www.suse.com/security/cve/CVE-2025-39724"
},
{
"category": "external",
"summary": "SUSE Bug 1249265 for CVE-2025-39724",
"url": "https://bugzilla.suse.com/1249265"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39724"
},
{
"cve": "CVE-2025-39726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39726"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/ism: fix concurrency management in ism_cmd()\n\nThe s390x ISM device data sheet clearly states that only one\nrequest-response sequence is allowable per ISM function at any point in\ntime. Unfortunately as of today the s390/ism driver in Linux does not\nhonor that requirement. This patch aims to rectify that.\n\nThis problem was discovered based on Aliaksei\u0027s bug report which states\nthat for certain workloads the ISM functions end up entering error state\n(with PEC 2 as seen from the logs) after a while and as a consequence\nconnections handled by the respective function break, and for future\nconnection requests the ISM device is not considered -- given it is in a\ndysfunctional state. During further debugging PEC 3A was observed as\nwell.\n\nA kernel message like\n[ 1211.244319] zpci: 061a:00:00.0: Event 0x2 reports an error for PCI function 0x61a\nis a reliable indicator of the stated function entering error state\nwith PEC 2. Let me also point out that a kernel message like\n[ 1211.244325] zpci: 061a:00:00.0: The ism driver bound to the device does not support error recovery\nis a reliable indicator that the ISM function won\u0027t be auto-recovered\nbecause the ISM driver currently lacks support for it.\n\nOn a technical level, without this synchronization, commands (inputs to\nthe FW) may be partially or fully overwritten (corrupted) by another CPU\ntrying to issue commands on the same function. There is hard evidence that\nthis can lead to DMB token values being used as DMB IOVAs, leading to\nPEC 2 PCI events indicating invalid DMA. But this is only one of the\nfailure modes imaginable. In theory even completely losing one command\nand executing another one twice and then trying to interpret the outputs\nas if the command we intended to execute was actually executed and not\nthe other one is also possible. Frankly, I don\u0027t feel confident about\nproviding an exhaustive list of possible consequences.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39726",
"url": "https://www.suse.com/security/cve/CVE-2025-39726"
},
{
"category": "external",
"summary": "SUSE Bug 1249266 for CVE-2025-39726",
"url": "https://bugzilla.suse.com/1249266"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39726"
},
{
"cve": "CVE-2025-39727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39727"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: swap: fix potential buffer overflow in setup_clusters()\n\nIn setup_swap_map(), we only ensure badpages are in range (0, last_page]. \nAs maxpages might be \u003c last_page, setup_clusters() will encounter a buffer\noverflow when a badpage is \u003e= maxpages.\n\nOnly call inc_cluster_info_page() for badpage which is \u003c maxpages to fix\nthe issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39727",
"url": "https://www.suse.com/security/cve/CVE-2025-39727"
},
{
"category": "external",
"summary": "SUSE Bug 1249297 for CVE-2025-39727",
"url": "https://bugzilla.suse.com/1249297"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39727"
},
{
"cve": "CVE-2025-39730",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39730"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Fix filehandle bounds checking in nfs_fh_to_dentry()\n\nThe function needs to check the minimal filehandle length before it can\naccess the embedded filehandle.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39730",
"url": "https://www.suse.com/security/cve/CVE-2025-39730"
},
{
"category": "external",
"summary": "SUSE Bug 1249296 for CVE-2025-39730",
"url": "https://bugzilla.suse.com/1249296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39730"
},
{
"cve": "CVE-2025-39732",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39732"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask()\n\nath11k_mac_disable_peer_fixed_rate() is passed as the iterator to\nieee80211_iterate_stations_atomic(). Note in this case the iterator is\nrequired to be atomic, however ath11k_mac_disable_peer_fixed_rate() does\nnot follow it as it might sleep. Consequently below warning is seen:\n\nBUG: sleeping function called from invalid context at wmi.c:304\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl\n __might_resched.cold\n ath11k_wmi_cmd_send\n ath11k_wmi_set_peer_param\n ath11k_mac_disable_peer_fixed_rate\n ieee80211_iterate_stations_atomic\n ath11k_mac_op_set_bitrate_mask.cold\n\nChange to ieee80211_iterate_stations_mtx() to fix this issue.\n\nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39732",
"url": "https://www.suse.com/security/cve/CVE-2025-39732"
},
{
"category": "external",
"summary": "SUSE Bug 1249292 for CVE-2025-39732",
"url": "https://bugzilla.suse.com/1249292"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39732"
},
{
"cve": "CVE-2025-39738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39738"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not allow relocation of partially dropped subvolumes\n\n[BUG]\nThere is an internal report that balance triggered transaction abort,\nwith the following call trace:\n\n item 85 key (594509824 169 0) itemoff 12599 itemsize 33\n extent refs 1 gen 197740 flags 2\n ref#0: tree block backref root 7\n item 86 key (594558976 169 0) itemoff 12566 itemsize 33\n extent refs 1 gen 197522 flags 2\n ref#0: tree block backref root 7\n ...\n BTRFS error (device loop0): extent item not found for insert, bytenr 594526208 num_bytes 16384 parent 449921024 root_objectid 934 owner 1 offset 0\n BTRFS error (device loop0): failed to run delayed ref for logical 594526208 num_bytes 16384 type 182 action 1 ref_mod 1: -117\n ------------[ cut here ]------------\n BTRFS: Transaction aborted (error -117)\n WARNING: CPU: 1 PID: 6963 at ../fs/btrfs/extent-tree.c:2168 btrfs_run_delayed_refs+0xfa/0x110 [btrfs]\n\nAnd btrfs check doesn\u0027t report anything wrong related to the extent\ntree.\n\n[CAUSE]\nThe cause is a little complex, firstly the extent tree indeed doesn\u0027t\nhave the backref for 594526208.\n\nThe extent tree only have the following two backrefs around that bytenr\non-disk:\n\n item 65 key (594509824 METADATA_ITEM 0) itemoff 13880 itemsize 33\n refs 1 gen 197740 flags TREE_BLOCK\n tree block skinny level 0\n (176 0x7) tree block backref root CSUM_TREE\n item 66 key (594558976 METADATA_ITEM 0) itemoff 13847 itemsize 33\n refs 1 gen 197522 flags TREE_BLOCK\n tree block skinny level 0\n (176 0x7) tree block backref root CSUM_TREE\n\nBut the such missing backref item is not an corruption on disk, as the\noffending delayed ref belongs to subvolume 934, and that subvolume is\nbeing dropped:\n\n item 0 key (934 ROOT_ITEM 198229) itemoff 15844 itemsize 439\n generation 198229 root_dirid 256 bytenr 10741039104 byte_limit 0 bytes_used 345571328\n last_snapshot 198229 flags 0x1000000000001(RDONLY) refs 0\n drop_progress key (206324 EXTENT_DATA 2711650304) drop_level 2\n level 2 generation_v2 198229\n\nAnd that offending tree block 594526208 is inside the dropped range of\nthat subvolume. That explains why there is no backref item for that\nbytenr and why btrfs check is not reporting anything wrong.\n\nBut this also shows another problem, as btrfs will do all the orphan\nsubvolume cleanup at a read-write mount.\n\nSo half-dropped subvolume should not exist after an RW mount, and\nbalance itself is also exclusive to subvolume cleanup, meaning we\nshouldn\u0027t hit a subvolume half-dropped during relocation.\n\nThe root cause is, there is no orphan item for this subvolume.\nIn fact there are 5 subvolumes from around 2021 that have the same\nproblem.\n\nIt looks like the original report has some older kernels running, and\ncaused those zombie subvolumes.\n\nThankfully upstream commit 8d488a8c7ba2 (\"btrfs: fix subvolume/snapshot\ndeletion not triggered on mount\") has long fixed the bug.\n\n[ENHANCEMENT]\nFor repairing such old fs, btrfs-progs will be enhanced.\n\nConsidering how delayed the problem will show up (at run delayed ref\ntime) and at that time we have to abort transaction already, it is too\nlate.\n\nInstead here we reject any half-dropped subvolume for reloc tree at the\nearliest time, preventing confusion and extra time wasted on debugging\nsimilar bugs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39738",
"url": "https://www.suse.com/security/cve/CVE-2025-39738"
},
{
"category": "external",
"summary": "SUSE Bug 1249540 for CVE-2025-39738",
"url": "https://bugzilla.suse.com/1249540"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39738"
},
{
"cve": "CVE-2025-39739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39739"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/arm-smmu-qcom: Add SM6115 MDSS compatible\n\nAdd the SM6115 MDSS compatible to clients compatible list, as it also\nneeds that workaround.\nWithout this workaround, for example, QRB4210 RB2 which is based on\nSM4250/SM6115 generates a lot of smmu unhandled context faults during\nboot:\n\narm_smmu_context_fault: 116854 callbacks suppressed\narm-smmu c600000.iommu: Unhandled context fault: fsr=0x402,\niova=0x5c0ec600, fsynr=0x320021, cbfrsynra=0x420, cb=5\narm-smmu c600000.iommu: FSR = 00000402 [Format=2 TF], SID=0x420\narm-smmu c600000.iommu: FSYNR0 = 00320021 [S1CBNDX=50 PNU PLVL=1]\narm-smmu c600000.iommu: Unhandled context fault: fsr=0x402,\niova=0x5c0d7800, fsynr=0x320021, cbfrsynra=0x420, cb=5\narm-smmu c600000.iommu: FSR = 00000402 [Format=2 TF], SID=0x420\n\nand also failed initialisation of lontium lt9611uxc, gpu and dpu is\nobserved:\n(binding MDSS components triggered by lt9611uxc have failed)\n\n ------------[ cut here ]------------\n !aspace\n WARNING: CPU: 6 PID: 324 at drivers/gpu/drm/msm/msm_gem_vma.c:130 msm_gem_vma_init+0x150/0x18c [msm]\n Modules linked in: ... (long list of modules)\n CPU: 6 UID: 0 PID: 324 Comm: (udev-worker) Not tainted 6.15.0-03037-gaacc73ceeb8b #4 PREEMPT\n Hardware name: Qualcomm Technologies, Inc. QRB4210 RB2 (DT)\n pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : msm_gem_vma_init+0x150/0x18c [msm]\n lr : msm_gem_vma_init+0x150/0x18c [msm]\n sp : ffff80008144b280\n \t\t...\n Call trace:\n msm_gem_vma_init+0x150/0x18c [msm] (P)\n get_vma_locked+0xc0/0x194 [msm]\n msm_gem_get_and_pin_iova_range+0x4c/0xdc [msm]\n msm_gem_kernel_new+0x48/0x160 [msm]\n msm_gpu_init+0x34c/0x53c [msm]\n adreno_gpu_init+0x1b0/0x2d8 [msm]\n a6xx_gpu_init+0x1e8/0x9e0 [msm]\n adreno_bind+0x2b8/0x348 [msm]\n component_bind_all+0x100/0x230\n msm_drm_bind+0x13c/0x3d0 [msm]\n try_to_bring_up_aggregate_device+0x164/0x1d0\n __component_add+0xa4/0x174\n component_add+0x14/0x20\n dsi_dev_attach+0x20/0x34 [msm]\n dsi_host_attach+0x58/0x98 [msm]\n devm_mipi_dsi_attach+0x34/0x90\n lt9611uxc_attach_dsi.isra.0+0x94/0x124 [lontium_lt9611uxc]\n lt9611uxc_probe+0x540/0x5fc [lontium_lt9611uxc]\n i2c_device_probe+0x148/0x2a8\n really_probe+0xbc/0x2c0\n __driver_probe_device+0x78/0x120\n driver_probe_device+0x3c/0x154\n __driver_attach+0x90/0x1a0\n bus_for_each_dev+0x68/0xb8\n driver_attach+0x24/0x30\n bus_add_driver+0xe4/0x208\n driver_register+0x68/0x124\n i2c_register_driver+0x48/0xcc\n lt9611uxc_driver_init+0x20/0x1000 [lontium_lt9611uxc]\n do_one_initcall+0x60/0x1d4\n do_init_module+0x54/0x1fc\n load_module+0x1748/0x1c8c\n init_module_from_file+0x74/0xa0\n __arm64_sys_finit_module+0x130/0x2f8\n invoke_syscall+0x48/0x104\n el0_svc_common.constprop.0+0xc0/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x2c/0x80\n el0t_64_sync_handler+0x10c/0x138\n el0t_64_sync+0x198/0x19c\n ---[ end trace 0000000000000000 ]---\n msm_dpu 5e01000.display-controller: [drm:msm_gpu_init [msm]] *ERROR* could not allocate memptrs: -22\n msm_dpu 5e01000.display-controller: failed to load adreno gpu\n platform a400000.remoteproc:glink-edge:apr:service@7:dais: Adding to iommu group 19\n msm_dpu 5e01000.display-controller: failed to bind 5900000.gpu (ops a3xx_ops [msm]): -22\n msm_dpu 5e01000.display-controller: adev bind failed: -22\n lt9611uxc 0-002b: failed to attach dsi to host\n lt9611uxc 0-002b: probe with driver lt9611uxc failed with error -22",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39739",
"url": "https://www.suse.com/security/cve/CVE-2025-39739"
},
{
"category": "external",
"summary": "SUSE Bug 1249542 for CVE-2025-39739",
"url": "https://bugzilla.suse.com/1249542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39739"
},
{
"cve": "CVE-2025-39742",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39742"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask()\n\nThe function divides number of online CPUs by num_core_siblings, and\nlater checks the divider by zero. This implies a possibility to get\nand divide-by-zero runtime error. Fix it by moving the check prior to\ndivision. This also helps to save one indentation level.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39742",
"url": "https://www.suse.com/security/cve/CVE-2025-39742"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-39742",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1249479 for CVE-2025-39742",
"url": "https://bugzilla.suse.com/1249479"
},
{
"category": "external",
"summary": "SUSE Bug 1249480 for CVE-2025-39742",
"url": "https://bugzilla.suse.com/1249480"
},
{
"category": "external",
"summary": "SUSE Bug 1253291 for CVE-2025-39742",
"url": "https://bugzilla.suse.com/1253291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-39742"
},
{
"cve": "CVE-2025-39744",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39744"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrcu: Fix rcu_read_unlock() deadloop due to IRQ work\n\nDuring rcu_read_unlock_special(), if this happens during irq_exit(), we\ncan lockup if an IPI is issued. This is because the IPI itself triggers\nthe irq_exit() path causing a recursive lock up.\n\nThis is precisely what Xiongfeng found when invoking a BPF program on\nthe trace_tick_stop() tracepoint As shown in the trace below. Fix by\nmanaging the irq_work state correctly.\n\nirq_exit()\n __irq_exit_rcu()\n /* in_hardirq() returns false after this */\n preempt_count_sub(HARDIRQ_OFFSET)\n tick_irq_exit()\n tick_nohz_irq_exit()\n\t tick_nohz_stop_sched_tick()\n\t trace_tick_stop() /* a bpf prog is hooked on this trace point */\n\t\t __bpf_trace_tick_stop()\n\t\t bpf_trace_run2()\n\t\t\t rcu_read_unlock_special()\n /* will send a IPI to itself */\n\t\t\t irq_work_queue_on(\u0026rdp-\u003edefer_qs_iw, rdp-\u003ecpu);\n\nA simple reproducer can also be obtained by doing the following in\ntick_irq_exit(). It will hang on boot without the patch:\n\n static inline void tick_irq_exit(void)\n {\n +\trcu_read_lock();\n +\tWRITE_ONCE(current-\u003ercu_read_unlock_special.b.need_qs, true);\n +\trcu_read_unlock();\n +\n\n[neeraj: Apply Frederic\u0027s suggested fix for PREEMPT_RT]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39744",
"url": "https://www.suse.com/security/cve/CVE-2025-39744"
},
{
"category": "external",
"summary": "SUSE Bug 1249494 for CVE-2025-39744",
"url": "https://bugzilla.suse.com/1249494"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39744"
},
{
"cve": "CVE-2025-39746",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39746"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath10k: shutdown driver when hardware is unreliable\n\nIn rare cases, ath10k may lose connection with the PCIe bus due to\nsome unknown reasons, which could further lead to system crashes during\nresuming due to watchdog timeout:\n\nath10k_pci 0000:01:00.0: wmi command 20486 timeout, restarting hardware\nath10k_pci 0000:01:00.0: already restarting\nath10k_pci 0000:01:00.0: failed to stop WMI vdev 0: -11\nath10k_pci 0000:01:00.0: failed to stop vdev 0: -11\nieee80211 phy0: PM: **** DPM device timeout ****\nCall Trace:\n panic+0x125/0x315\n dpm_watchdog_set+0x54/0x54\n dpm_watchdog_handler+0x57/0x57\n call_timer_fn+0x31/0x13c\n\nAt this point, all WMI commands will timeout and attempt to restart\ndevice. So set a threshold for consecutive restart failures. If the\nthreshold is exceeded, consider the hardware is unreliable and all\nath10k operations should be skipped to avoid system crash.\n\nfail_cont_count and pending_recovery are atomic variables, and\ndo not involve complex conditional logic. Therefore, even if recovery\ncheck and reconfig complete are executed concurrently, the recovery\nmechanism will not be broken.\n\nTested-on: QCA6174 hw3.2 PCI WLAN.RM.4.4.1-00288-QCARMSWPZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39746",
"url": "https://www.suse.com/security/cve/CVE-2025-39746"
},
{
"category": "external",
"summary": "SUSE Bug 1249516 for CVE-2025-39746",
"url": "https://bugzilla.suse.com/1249516"
},
{
"category": "external",
"summary": "SUSE Bug 1249517 for CVE-2025-39746",
"url": "https://bugzilla.suse.com/1249517"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39746"
},
{
"cve": "CVE-2025-39747",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39747"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: Add error handling for krealloc in metadata setup\n\nFunction msm_ioctl_gem_info_set_metadata() now checks for krealloc\nfailure and returns -ENOMEM, avoiding potential NULL pointer dereference.\nExplicitly avoids __GFP_NOFAIL due to deadlock risks and allocation constraints.\n\nPatchwork: https://patchwork.freedesktop.org/patch/661235/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39747",
"url": "https://www.suse.com/security/cve/CVE-2025-39747"
},
{
"category": "external",
"summary": "SUSE Bug 1249566 for CVE-2025-39747",
"url": "https://bugzilla.suse.com/1249566"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39747"
},
{
"cve": "CVE-2025-39748",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39748"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Forget ranges when refining tnum after JSET\n\nSyzbot reported a kernel warning due to a range invariant violation on\nthe following BPF program.\n\n 0: call bpf_get_netns_cookie\n 1: if r0 == 0 goto \u003cexit\u003e\n 2: if r0 \u0026 Oxffffffff goto \u003cexit\u003e\n\nThe issue is on the path where we fall through both jumps.\n\nThat path is unreachable at runtime: after insn 1, we know r0 != 0, but\nwith the sign extension on the jset, we would only fallthrough insn 2\nif r0 == 0. Unfortunately, is_branch_taken() isn\u0027t currently able to\nfigure this out, so the verifier walks all branches. The verifier then\nrefines the register bounds using the second condition and we end\nup with inconsistent bounds on this unreachable path:\n\n 1: if r0 == 0 goto \u003cexit\u003e\n r0: u64=[0x1, 0xffffffffffffffff] var_off=(0, 0xffffffffffffffff)\n 2: if r0 \u0026 0xffffffff goto \u003cexit\u003e\n r0 before reg_bounds_sync: u64=[0x1, 0xffffffffffffffff] var_off=(0, 0)\n r0 after reg_bounds_sync: u64=[0x1, 0] var_off=(0, 0)\n\nImproving the range refinement for JSET to cover all cases is tricky. We\nalso don\u0027t expect many users to rely on JSET given LLVM doesn\u0027t generate\nthose instructions. So instead of improving the range refinement for\nJSETs, Eduard suggested we forget the ranges whenever we\u0027re narrowing\ntnums after a JSET. This patch implements that approach.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39748",
"url": "https://www.suse.com/security/cve/CVE-2025-39748"
},
{
"category": "external",
"summary": "SUSE Bug 1249587 for CVE-2025-39748",
"url": "https://bugzilla.suse.com/1249587"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39748"
},
{
"cve": "CVE-2025-39749",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39749"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrcu: Protect -\u003edefer_qs_iw_pending from data race\n\nOn kernels built with CONFIG_IRQ_WORK=y, when rcu_read_unlock() is\ninvoked within an interrupts-disabled region of code [1], it will invoke\nrcu_read_unlock_special(), which uses an irq-work handler to force the\nsystem to notice when the RCU read-side critical section actually ends.\nThat end won\u0027t happen until interrupts are enabled at the soonest.\n\nIn some kernels, such as those booted with rcutree.use_softirq=y, the\nirq-work handler is used unconditionally.\n\nThe per-CPU rcu_data structure\u0027s -\u003edefer_qs_iw_pending field is\nupdated by the irq-work handler and is both read and updated by\nrcu_read_unlock_special(). This resulted in the following KCSAN splat:\n\n------------------------------------------------------------------------\n\nBUG: KCSAN: data-race in rcu_preempt_deferred_qs_handler / rcu_read_unlock_special\n\nread to 0xffff96b95f42d8d8 of 1 bytes by task 90 on cpu 8:\n rcu_read_unlock_special+0x175/0x260\n __rcu_read_unlock+0x92/0xa0\n rt_spin_unlock+0x9b/0xc0\n __local_bh_enable+0x10d/0x170\n __local_bh_enable_ip+0xfb/0x150\n rcu_do_batch+0x595/0xc40\n rcu_cpu_kthread+0x4e9/0x830\n smpboot_thread_fn+0x24d/0x3b0\n kthread+0x3bd/0x410\n ret_from_fork+0x35/0x40\n ret_from_fork_asm+0x1a/0x30\n\nwrite to 0xffff96b95f42d8d8 of 1 bytes by task 88 on cpu 8:\n rcu_preempt_deferred_qs_handler+0x1e/0x30\n irq_work_single+0xaf/0x160\n run_irq_workd+0x91/0xc0\n smpboot_thread_fn+0x24d/0x3b0\n kthread+0x3bd/0x410\n ret_from_fork+0x35/0x40\n ret_from_fork_asm+0x1a/0x30\n\nno locks held by irq_work/8/88.\nirq event stamp: 200272\nhardirqs last enabled at (200272): [\u003cffffffffb0f56121\u003e] finish_task_switch+0x131/0x320\nhardirqs last disabled at (200271): [\u003cffffffffb25c7859\u003e] __schedule+0x129/0xd70\nsoftirqs last enabled at (0): [\u003cffffffffb0ee093f\u003e] copy_process+0x4df/0x1cc0\nsoftirqs last disabled at (0): [\u003c0000000000000000\u003e] 0x0\n\n------------------------------------------------------------------------\n\nThe problem is that irq-work handlers run with interrupts enabled, which\nmeans that rcu_preempt_deferred_qs_handler() could be interrupted,\nand that interrupt handler might contain an RCU read-side critical\nsection, which might invoke rcu_read_unlock_special(). In the strict\nKCSAN mode of operation used by RCU, this constitutes a data race on\nthe -\u003edefer_qs_iw_pending field.\n\nThis commit therefore disables interrupts across the portion of the\nrcu_preempt_deferred_qs_handler() that updates the -\u003edefer_qs_iw_pending\nfield. This suffices because this handler is not a fast path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39749",
"url": "https://www.suse.com/security/cve/CVE-2025-39749"
},
{
"category": "external",
"summary": "SUSE Bug 1249533 for CVE-2025-39749",
"url": "https://bugzilla.suse.com/1249533"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39749"
},
{
"cve": "CVE-2025-39750",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39750"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Correct tid cleanup when tid setup fails\n\nCurrently, if any error occurs during ath12k_dp_rx_peer_tid_setup(),\nthe tid value is already incremented, even though the corresponding\nTID is not actually allocated. Proceed to\nath12k_dp_rx_peer_tid_delete() starting from unallocated tid,\nwhich might leads to freeing unallocated TID and cause potential\ncrash or out-of-bounds access.\n\nHence, fix by correctly decrementing tid before cleanup to match only\nthe successfully allocated TIDs.\n\nAlso, remove tid-- from failure case of ath12k_dp_rx_peer_frag_setup(),\nas decrementing the tid before cleanup in loop will take care of this.\n\nCompile tested only.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39750",
"url": "https://www.suse.com/security/cve/CVE-2025-39750"
},
{
"category": "external",
"summary": "SUSE Bug 1249523 for CVE-2025-39750",
"url": "https://bugzilla.suse.com/1249523"
},
{
"category": "external",
"summary": "SUSE Bug 1252715 for CVE-2025-39750",
"url": "https://bugzilla.suse.com/1252715"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-39750"
},
{
"cve": "CVE-2025-39751",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39751"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39751",
"url": "https://www.suse.com/security/cve/CVE-2025-39751"
},
{
"category": "external",
"summary": "SUSE Bug 1249538 for CVE-2025-39751",
"url": "https://bugzilla.suse.com/1249538"
},
{
"category": "external",
"summary": "SUSE Bug 1249539 for CVE-2025-39751",
"url": "https://bugzilla.suse.com/1249539"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39751"
},
{
"cve": "CVE-2025-39754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39754"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/smaps: fix race between smaps_hugetlb_range and migration\n\nsmaps_hugetlb_range() handles the pte without holdling ptl, and may be\nconcurrenct with migration, leaing to BUG_ON in pfn_swap_entry_to_page(). \nThe race is as follows.\n\nsmaps_hugetlb_range migrate_pages\n huge_ptep_get\n remove_migration_ptes\n\t\t\t\t folio_unlock\n pfn_swap_entry_folio\n BUG_ON\n\nTo fix it, hold ptl lock in smaps_hugetlb_range().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39754",
"url": "https://www.suse.com/security/cve/CVE-2025-39754"
},
{
"category": "external",
"summary": "SUSE Bug 1249524 for CVE-2025-39754",
"url": "https://bugzilla.suse.com/1249524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39754"
},
{
"cve": "CVE-2025-39757",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39757"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Validate UAC3 cluster segment descriptors\n\nUAC3 class segment descriptors need to be verified whether their sizes\nmatch with the declared lengths and whether they fit with the\nallocated buffer sizes, too. Otherwise malicious firmware may lead to\nthe unexpected OOB accesses.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39757",
"url": "https://www.suse.com/security/cve/CVE-2025-39757"
},
{
"category": "external",
"summary": "SUSE Bug 1249515 for CVE-2025-39757",
"url": "https://bugzilla.suse.com/1249515"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39757"
},
{
"cve": "CVE-2025-39758",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39758"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/siw: Fix the sendmsg byte count in siw_tcp_sendpages\n\nEver since commit c2ff29e99a76 (\"siw: Inline do_tcp_sendpages()\"),\nwe have been doing this:\n\nstatic int siw_tcp_sendpages(struct socket *s, struct page **page, int offset,\n size_t size)\n[...]\n /* Calculate the number of bytes we need to push, for this page\n * specifically */\n size_t bytes = min_t(size_t, PAGE_SIZE - offset, size);\n /* If we can\u0027t splice it, then copy it in, as normal */\n if (!sendpage_ok(page[i]))\n msg.msg_flags \u0026= ~MSG_SPLICE_PAGES;\n /* Set the bvec pointing to the page, with len $bytes */\n bvec_set_page(\u0026bvec, page[i], bytes, offset);\n /* Set the iter to $size, aka the size of the whole sendpages (!!!) */\n iov_iter_bvec(\u0026msg.msg_iter, ITER_SOURCE, \u0026bvec, 1, size);\ntry_page_again:\n lock_sock(sk);\n /* Sendmsg with $size size (!!!) */\n rv = tcp_sendmsg_locked(sk, \u0026msg, size);\n\nThis means we\u0027ve been sending oversized iov_iters and tcp_sendmsg calls\nfor a while. This has a been a benign bug because sendpage_ok() always\nreturned true. With the recent slab allocator changes being slowly\nintroduced into next (that disallow sendpage on large kmalloc\nallocations), we have recently hit out-of-bounds crashes, due to slight\ndifferences in iov_iter behavior between the MSG_SPLICE_PAGES and\n\"regular\" copy paths:\n\n(MSG_SPLICE_PAGES)\nskb_splice_from_iter\n iov_iter_extract_pages\n iov_iter_extract_bvec_pages\n uses i-\u003enr_segs to correctly stop in its tracks before OoB\u0027ing everywhere\n skb_splice_from_iter gets a \"short\" read\n\n(!MSG_SPLICE_PAGES)\nskb_copy_to_page_nocache copy=iov_iter_count\n [...]\n copy_from_iter\n /* this doesn\u0027t help */\n if (unlikely(iter-\u003ecount \u003c len))\n len = iter-\u003ecount;\n iterate_bvec\n ... and we run off the bvecs\n\nFix this by properly setting the iov_iter\u0027s byte count, plus sending the\ncorrect byte count to tcp_sendmsg_locked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39758",
"url": "https://www.suse.com/security/cve/CVE-2025-39758"
},
{
"category": "external",
"summary": "SUSE Bug 1249490 for CVE-2025-39758",
"url": "https://bugzilla.suse.com/1249490"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39758"
},
{
"cve": "CVE-2025-39759",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39759"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: qgroup: fix race between quota disable and quota rescan ioctl\n\nThere\u0027s a race between a task disabling quotas and another running the\nrescan ioctl that can result in a use-after-free of qgroup records from\nthe fs_info-\u003eqgroup_tree rbtree.\n\nThis happens as follows:\n\n1) Task A enters btrfs_ioctl_quota_rescan() -\u003e btrfs_qgroup_rescan();\n\n2) Task B enters btrfs_quota_disable() and calls\n btrfs_qgroup_wait_for_completion(), which does nothing because at that\n point fs_info-\u003eqgroup_rescan_running is false (it wasn\u0027t set yet by\n task A);\n\n3) Task B calls btrfs_free_qgroup_config() which starts freeing qgroups\n from fs_info-\u003eqgroup_tree without taking the lock fs_info-\u003eqgroup_lock;\n\n4) Task A enters qgroup_rescan_zero_tracking() which starts iterating\n the fs_info-\u003eqgroup_tree tree while holding fs_info-\u003eqgroup_lock,\n but task B is freeing qgroup records from that tree without holding\n the lock, resulting in a use-after-free.\n\nFix this by taking fs_info-\u003eqgroup_lock at btrfs_free_qgroup_config().\nAlso at btrfs_qgroup_rescan() don\u0027t start the rescan worker if quotas\nwere already disabled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39759",
"url": "https://www.suse.com/security/cve/CVE-2025-39759"
},
{
"category": "external",
"summary": "SUSE Bug 1249522 for CVE-2025-39759",
"url": "https://bugzilla.suse.com/1249522"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39759"
},
{
"cve": "CVE-2025-39760",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39760"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: core: config: Prevent OOB read in SS endpoint companion parsing\n\nusb_parse_ss_endpoint_companion() checks descriptor type before length,\nenabling a potentially odd read outside of the buffer size.\n\nFix this up by checking the size first before looking at any of the\nfields in the descriptor.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39760",
"url": "https://www.suse.com/security/cve/CVE-2025-39760"
},
{
"category": "external",
"summary": "SUSE Bug 1249598 for CVE-2025-39760",
"url": "https://bugzilla.suse.com/1249598"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39760"
},
{
"cve": "CVE-2025-39761",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39761"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Decrement TID on RX peer frag setup error handling\n\nCurrently, TID is not decremented before peer cleanup, during error\nhandling path of ath12k_dp_rx_peer_frag_setup(). This could lead to\nout-of-bounds access in peer-\u003erx_tid[].\n\nHence, add a decrement operation for TID, before peer cleanup to\nensures proper cleanup and prevents out-of-bounds access issues when\nthe RX peer frag setup fails.\n\nFound during code review. Compile tested only.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39761",
"url": "https://www.suse.com/security/cve/CVE-2025-39761"
},
{
"category": "external",
"summary": "SUSE Bug 1249554 for CVE-2025-39761",
"url": "https://bugzilla.suse.com/1249554"
},
{
"category": "external",
"summary": "SUSE Bug 1249555 for CVE-2025-39761",
"url": "https://bugzilla.suse.com/1249555"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-39761"
},
{
"cve": "CVE-2025-39763",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39763"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered\n\nIf a synchronous error is detected as a result of user-space process\ntriggering a 2-bit uncorrected error, the CPU will take a synchronous\nerror exception such as Synchronous External Abort (SEA) on Arm64. The\nkernel will queue a memory_failure() work which poisons the related\npage, unmaps the page, and then sends a SIGBUS to the process, so that\na system wide panic can be avoided.\n\nHowever, no memory_failure() work will be queued when abnormal\nsynchronous errors occur. These errors can include situations like\ninvalid PA, unexpected severity, no memory failure config support,\ninvalid GUID section, etc. In such a case, the user-space process will\ntrigger SEA again. This loop can potentially exceed the platform\nfirmware threshold or even trigger a kernel hard lockup, leading to a\nsystem reboot.\n\nFix it by performing a force kill if no memory_failure() work is queued\nfor synchronous errors.\n\n[ rjw: Changelog edits ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39763",
"url": "https://www.suse.com/security/cve/CVE-2025-39763"
},
{
"category": "external",
"summary": "SUSE Bug 1249615 for CVE-2025-39763",
"url": "https://bugzilla.suse.com/1249615"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39763"
},
{
"cve": "CVE-2025-39764",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39764"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ctnetlink: remove refcounting in expectation dumpers\n\nSame pattern as previous patch: do not keep the expectation object\nalive via refcount, only store a cookie value and then use that\nas the skip hint for dump resumption.\n\nAFAICS this has the same issue as the one resolved in the conntrack\ndumper, when we do\n if (!refcount_inc_not_zero(\u0026exp-\u003euse))\n\nto increment the refcount, there is a chance that exp == last, which\ncauses a double-increment of the refcount and subsequent memory leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39764",
"url": "https://www.suse.com/security/cve/CVE-2025-39764"
},
{
"category": "external",
"summary": "SUSE Bug 1249513 for CVE-2025-39764",
"url": "https://bugzilla.suse.com/1249513"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39764"
},
{
"cve": "CVE-2025-39765",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39765"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: timer: fix ida_free call while not allocated\n\nIn the snd_utimer_create() function, if the kasprintf() function return\nNULL, snd_utimer_put_id() will be called, finally use ida_free()\nto free the unallocated id 0.\n\nthe syzkaller reported the following information:\n ------------[ cut here ]------------\n ida_free called for id=0 which is not allocated.\n WARNING: CPU: 1 PID: 1286 at lib/idr.c:592 ida_free+0x1fd/0x2f0 lib/idr.c:592\n Modules linked in:\n CPU: 1 UID: 0 PID: 1286 Comm: syz-executor164 Not tainted 6.15.8 #3 PREEMPT(lazy)\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-4.fc42 04/01/2014\n RIP: 0010:ida_free+0x1fd/0x2f0 lib/idr.c:592\n Code: f8 fc 41 83 fc 3e 76 69 e8 70 b2 f8 (...)\n RSP: 0018:ffffc900007f79c8 EFLAGS: 00010282\n RAX: 0000000000000000 RBX: 1ffff920000fef3b RCX: ffffffff872176a5\n RDX: ffff88800369d200 RSI: 0000000000000000 RDI: ffff88800369d200\n RBP: 0000000000000000 R08: ffffffff87ba60a5 R09: 0000000000000000\n R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000\n R13: 0000000000000002 R14: 0000000000000000 R15: 0000000000000000\n FS: 00007f6f1abc1740(0000) GS:ffff8880d76a0000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f6f1ad7a784 CR3: 000000007a6e2000 CR4: 00000000000006f0\n Call Trace:\n \u003cTASK\u003e\n snd_utimer_put_id sound/core/timer.c:2043 [inline] [snd_timer]\n snd_utimer_create+0x59b/0x6a0 sound/core/timer.c:2184 [snd_timer]\n snd_utimer_ioctl_create sound/core/timer.c:2202 [inline] [snd_timer]\n __snd_timer_user_ioctl.isra.0+0x724/0x1340 sound/core/timer.c:2287 [snd_timer]\n snd_timer_user_ioctl+0x75/0xc0 sound/core/timer.c:2298 [snd_timer]\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl fs/ioctl.c:893 [inline]\n __x64_sys_ioctl+0x198/0x200 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0x7b/0x160 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [...]\n\nThe utimer-\u003eid should be set properly before the kasprintf() function,\nensures the snd_utimer_put_id() function will free the allocated id.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39765",
"url": "https://www.suse.com/security/cve/CVE-2025-39765"
},
{
"category": "external",
"summary": "SUSE Bug 1249509 for CVE-2025-39765",
"url": "https://bugzilla.suse.com/1249509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39765"
},
{
"cve": "CVE-2025-39766",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39766"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit\n\nThe following setup can trigger a WARNING in htb_activate due to\nthe condition: !cl-\u003eleaf.q-\u003eq.qlen\n\ntc qdisc del dev lo root\ntc qdisc add dev lo root handle 1: htb default 1\ntc class add dev lo parent 1: classid 1:1 \\\n htb rate 64bit\ntc qdisc add dev lo parent 1:1 handle f: \\\n cake memlimit 1b\nping -I lo -f -c1 -s64 -W0.001 127.0.0.1\n\nThis is because the low memlimit leads to a low buffer_limit, which\ncauses packet dropping. However, cake_enqueue still returns\nNET_XMIT_SUCCESS, causing htb_enqueue to call htb_activate with an\nempty child qdisc. We should return NET_XMIT_CN when packets are\ndropped from the same tin and flow.\n\nI do not believe return value of NET_XMIT_CN is necessary for packet\ndrops in the case of ack filtering, as that is meant to optimize\nperformance, not to signal congestion.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39766",
"url": "https://www.suse.com/security/cve/CVE-2025-39766"
},
{
"category": "external",
"summary": "SUSE Bug 1249510 for CVE-2025-39766",
"url": "https://bugzilla.suse.com/1249510"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39766"
},
{
"cve": "CVE-2025-39770",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39770"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM\n\nWhen performing Generic Segmentation Offload (GSO) on an IPv6 packet that\ncontains extension headers, the kernel incorrectly requests checksum offload\nif the egress device only advertises NETIF_F_IPV6_CSUM feature, which has\na strict contract: it supports checksum offload only for plain TCP or UDP\nover IPv6 and explicitly does not support packets with extension headers.\nThe current GSO logic violates this contract by failing to disable the feature\nfor packets with extension headers, such as those used in GREoIPv6 tunnels.\n\nThis violation results in the device being asked to perform an operation\nit cannot support, leading to a `skb_warn_bad_offload` warning and a collapse\nof network throughput. While device TSO/USO is correctly bypassed in favor\nof software GSO for these packets, the GSO stack must be explicitly told not\nto request checksum offload.\n\nMask NETIF_F_IPV6_CSUM, NETIF_F_TSO6 and NETIF_F_GSO_UDP_L4\nin gso_features_check if the IPv6 header contains extension headers to compute\nchecksum in software.\n\nThe exception is a BIG TCP extension, which, as stated in commit\n68e068cabd2c6c53 (\"net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets\"):\n\"The feature is only enabled on devices that support BIG TCP TSO.\nThe header is only present for PF_PACKET taps like tcpdump,\nand not transmitted by physical devices.\"\n\nkernel log output (truncated):\nWARNING: CPU: 1 PID: 5273 at net/core/dev.c:3535 skb_warn_bad_offload+0x81/0x140\n...\nCall Trace:\n \u003cTASK\u003e\n skb_checksum_help+0x12a/0x1f0\n validate_xmit_skb+0x1a3/0x2d0\n validate_xmit_skb_list+0x4f/0x80\n sch_direct_xmit+0x1a2/0x380\n __dev_xmit_skb+0x242/0x670\n __dev_queue_xmit+0x3fc/0x7f0\n ip6_finish_output2+0x25e/0x5d0\n ip6_finish_output+0x1fc/0x3f0\n ip6_tnl_xmit+0x608/0xc00 [ip6_tunnel]\n ip6gre_tunnel_xmit+0x1c0/0x390 [ip6_gre]\n dev_hard_start_xmit+0x63/0x1c0\n __dev_queue_xmit+0x6d0/0x7f0\n ip6_finish_output2+0x214/0x5d0\n ip6_finish_output+0x1fc/0x3f0\n ip6_xmit+0x2ca/0x6f0\n ip6_finish_output+0x1fc/0x3f0\n ip6_xmit+0x2ca/0x6f0\n inet6_csk_xmit+0xeb/0x150\n __tcp_transmit_skb+0x555/0xa80\n tcp_write_xmit+0x32a/0xe90\n tcp_sendmsg_locked+0x437/0x1110\n tcp_sendmsg+0x2f/0x50\n...\nskb linear: 00000000: e4 3d 1a 7d ec 30 e4 3d 1a 7e 5d 90 86 dd 60 0e\nskb linear: 00000010: 00 0a 1b 34 3c 40 20 11 00 00 00 00 00 00 00 00\nskb linear: 00000020: 00 00 00 00 00 12 20 11 00 00 00 00 00 00 00 00\nskb linear: 00000030: 00 00 00 00 00 11 2f 00 04 01 04 01 01 00 00 00\nskb linear: 00000040: 86 dd 60 0e 00 0a 1b 00 06 40 20 23 00 00 00 00\nskb linear: 00000050: 00 00 00 00 00 00 00 00 00 12 20 23 00 00 00 00\nskb linear: 00000060: 00 00 00 00 00 00 00 00 00 11 bf 96 14 51 13 f9\nskb linear: 00000070: ae 27 a0 a8 2b e3 80 18 00 40 5b 6f 00 00 01 01\nskb linear: 00000080: 08 0a 42 d4 50 d5 4b 70 f8 1a",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39770",
"url": "https://www.suse.com/security/cve/CVE-2025-39770"
},
{
"category": "external",
"summary": "SUSE Bug 1249508 for CVE-2025-39770",
"url": "https://bugzilla.suse.com/1249508"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39770"
},
{
"cve": "CVE-2025-39772",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39772"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/hisilicon/hibmc: fix the hibmc loaded failed bug\n\nWhen hibmc loaded failed, the driver use hibmc_unload to free the\nresource, but the mutexes in mode.config are not init, which will\naccess an NULL pointer. Just change goto statement to return, because\nhibnc_hw_init() doesn\u0027t need to free anything.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39772",
"url": "https://www.suse.com/security/cve/CVE-2025-39772"
},
{
"category": "external",
"summary": "SUSE Bug 1249506 for CVE-2025-39772",
"url": "https://bugzilla.suse.com/1249506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39772"
},
{
"cve": "CVE-2025-39773",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39773"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: fix soft lockup in br_multicast_query_expired()\n\nWhen set multicast_query_interval to a large value, the local variable\n\u0027time\u0027 in br_multicast_send_query() may overflow. If the time is smaller\nthan jiffies, the timer will expire immediately, and then call mod_timer()\nagain, which creates a loop and may trigger the following soft lockup\nissue.\n\n watchdog: BUG: soft lockup - CPU#1 stuck for 221s! [rb_consumer:66]\n CPU: 1 UID: 0 PID: 66 Comm: rb_consumer Not tainted 6.16.0+ #259 PREEMPT(none)\n Call Trace:\n \u003cIRQ\u003e\n __netdev_alloc_skb+0x2e/0x3a0\n br_ip6_multicast_alloc_query+0x212/0x1b70\n __br_multicast_send_query+0x376/0xac0\n br_multicast_send_query+0x299/0x510\n br_multicast_query_expired.constprop.0+0x16d/0x1b0\n call_timer_fn+0x3b/0x2a0\n __run_timers+0x619/0x950\n run_timer_softirq+0x11c/0x220\n handle_softirqs+0x18e/0x560\n __irq_exit_rcu+0x158/0x1a0\n sysvec_apic_timer_interrupt+0x76/0x90\n \u003c/IRQ\u003e\n\nThis issue can be reproduced with:\n ip link add br0 type bridge\n echo 1 \u003e /sys/class/net/br0/bridge/multicast_querier\n echo 0xffffffffffffffff \u003e\n \t/sys/class/net/br0/bridge/multicast_query_interval\n ip link set dev br0 up\n\nThe multicast_startup_query_interval can also cause this issue. Similar to\nthe commit 99b40610956a (\"net: bridge: mcast: add and enforce query\ninterval minimum\"), add check for the query interval maximum to fix this\nissue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39773",
"url": "https://www.suse.com/security/cve/CVE-2025-39773"
},
{
"category": "external",
"summary": "SUSE Bug 1249504 for CVE-2025-39773",
"url": "https://bugzilla.suse.com/1249504"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39773"
},
{
"cve": "CVE-2025-39775",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39775"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/mremap: fix WARN with uffd that has remap events disabled\n\nRegistering userfaultd on a VMA that spans at least one PMD and then\nmremap()\u0027ing that VMA can trigger a WARN when recovering from a failed\npage table move due to a page table allocation error.\n\nThe code ends up doing the right thing (recurse, avoiding moving actual\npage tables), but triggering that WARN is unpleasant:\n\nWARNING: CPU: 2 PID: 6133 at mm/mremap.c:357 move_normal_pmd mm/mremap.c:357 [inline]\nWARNING: CPU: 2 PID: 6133 at mm/mremap.c:357 move_pgt_entry mm/mremap.c:595 [inline]\nWARNING: CPU: 2 PID: 6133 at mm/mremap.c:357 move_page_tables+0x3832/0x44a0 mm/mremap.c:852\nModules linked in:\nCPU: 2 UID: 0 PID: 6133 Comm: syz.0.19 Not tainted 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 PREEMPT(full)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nRIP: 0010:move_normal_pmd mm/mremap.c:357 [inline]\nRIP: 0010:move_pgt_entry mm/mremap.c:595 [inline]\nRIP: 0010:move_page_tables+0x3832/0x44a0 mm/mremap.c:852\nCode: ...\nRSP: 0018:ffffc900037a76d8 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: 0000000032930007 RCX: ffffffff820c6645\nRDX: ffff88802e56a440 RSI: ffffffff820c7201 RDI: 0000000000000007\nRBP: ffff888037728fc0 R08: 0000000000000007 R09: 0000000000000000\nR10: 0000000032930007 R11: 0000000000000000 R12: 0000000000000000\nR13: ffffc900037a79a8 R14: 0000000000000001 R15: dffffc0000000000\nFS: 000055556316a500(0000) GS:ffff8880d68bc000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b30863fff CR3: 0000000050171000 CR4: 0000000000352ef0\nCall Trace:\n \u003cTASK\u003e\n copy_vma_and_data+0x468/0x790 mm/mremap.c:1215\n move_vma+0x548/0x1780 mm/mremap.c:1282\n mremap_to+0x1b7/0x450 mm/mremap.c:1406\n do_mremap+0xfad/0x1f80 mm/mremap.c:1921\n __do_sys_mremap+0x119/0x170 mm/mremap.c:1977\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f00d0b8ebe9\nCode: ...\nRSP: 002b:00007ffe5ea5ee98 EFLAGS: 00000246 ORIG_RAX: 0000000000000019\nRAX: ffffffffffffffda RBX: 00007f00d0db5fa0 RCX: 00007f00d0b8ebe9\nRDX: 0000000000400000 RSI: 0000000000c00000 RDI: 0000200000000000\nRBP: 00007ffe5ea5eef0 R08: 0000200000c00000 R09: 0000000000000000\nR10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002\nR13: 00007f00d0db5fa0 R14: 00007f00d0db5fa0 R15: 0000000000000005\n \u003c/TASK\u003e\n\nThe underlying issue is that we recurse during the original page table\nmove, but not during the recovery move.\n\nFix it by checking for both VMAs and performing the check before the\npmd_none() sanity check.\n\nAdd a new helper where we perform+document that check for the PMD and PUD\nlevel.\n\nThanks to Harry for bisecting.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39775",
"url": "https://www.suse.com/security/cve/CVE-2025-39775"
},
{
"category": "external",
"summary": "SUSE Bug 1249500 for CVE-2025-39775",
"url": "https://bugzilla.suse.com/1249500"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39775"
},
{
"cve": "CVE-2025-39782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39782"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njbd2: prevent softlockup in jbd2_log_do_checkpoint()\n\nBoth jbd2_log_do_checkpoint() and jbd2_journal_shrink_checkpoint_list()\nperiodically release j_list_lock after processing a batch of buffers to\navoid long hold times on the j_list_lock. However, since both functions\ncontend for j_list_lock, the combined time spent waiting and processing\ncan be significant.\n\njbd2_journal_shrink_checkpoint_list() explicitly calls cond_resched() when\nneed_resched() is true to avoid softlockups during prolonged operations.\nBut jbd2_log_do_checkpoint() only exits its loop when need_resched() is\ntrue, relying on potentially sleeping functions like __flush_batch() or\nwait_on_buffer() to trigger rescheduling. If those functions do not sleep,\nthe kernel may hit a softlockup.\n\nwatchdog: BUG: soft lockup - CPU#3 stuck for 156s! [kworker/u129:2:373]\nCPU: 3 PID: 373 Comm: kworker/u129:2 Kdump: loaded Not tainted 6.6.0+ #10\nHardware name: Huawei TaiShan 2280 /BC11SPCD, BIOS 1.27 06/13/2017\nWorkqueue: writeback wb_workfn (flush-7:2)\npstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : native_queued_spin_lock_slowpath+0x358/0x418\nlr : jbd2_log_do_checkpoint+0x31c/0x438 [jbd2]\nCall trace:\n native_queued_spin_lock_slowpath+0x358/0x418\n jbd2_log_do_checkpoint+0x31c/0x438 [jbd2]\n __jbd2_log_wait_for_space+0xfc/0x2f8 [jbd2]\n add_transaction_credits+0x3bc/0x418 [jbd2]\n start_this_handle+0xf8/0x560 [jbd2]\n jbd2__journal_start+0x118/0x228 [jbd2]\n __ext4_journal_start_sb+0x110/0x188 [ext4]\n ext4_do_writepages+0x3dc/0x740 [ext4]\n ext4_writepages+0xa4/0x190 [ext4]\n do_writepages+0x94/0x228\n __writeback_single_inode+0x48/0x318\n writeback_sb_inodes+0x204/0x590\n __writeback_inodes_wb+0x54/0xf8\n wb_writeback+0x2cc/0x3d8\n wb_do_writeback+0x2e0/0x2f8\n wb_workfn+0x80/0x2a8\n process_one_work+0x178/0x3e8\n worker_thread+0x234/0x3b8\n kthread+0xf0/0x108\n ret_from_fork+0x10/0x20\n\nSo explicitly call cond_resched() in jbd2_log_do_checkpoint() to avoid\nsoftlockup.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39782",
"url": "https://www.suse.com/security/cve/CVE-2025-39782"
},
{
"category": "external",
"summary": "SUSE Bug 1249526 for CVE-2025-39782",
"url": "https://bugzilla.suse.com/1249526"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39782"
},
{
"cve": "CVE-2025-39783",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39783"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: Fix configfs group list head handling\n\nDoing a list_del() on the epf_group field of struct pci_epf_driver in\npci_epf_remove_cfs() is not correct as this field is a list head, not\na list entry. This list_del() call triggers a KASAN warning when an\nendpoint function driver which has a configfs attribute group is torn\ndown:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in pci_epf_remove_cfs+0x17c/0x198\nWrite of size 8 at addr ffff00010f4a0d80 by task rmmod/319\n\nCPU: 3 UID: 0 PID: 319 Comm: rmmod Not tainted 6.16.0-rc2 #1 NONE\nHardware name: Radxa ROCK 5B (DT)\nCall trace:\nshow_stack+0x2c/0x84 (C)\ndump_stack_lvl+0x70/0x98\nprint_report+0x17c/0x538\nkasan_report+0xb8/0x190\n__asan_report_store8_noabort+0x20/0x2c\npci_epf_remove_cfs+0x17c/0x198\npci_epf_unregister_driver+0x18/0x30\nnvmet_pci_epf_cleanup_module+0x24/0x30 [nvmet_pci_epf]\n__arm64_sys_delete_module+0x264/0x424\ninvoke_syscall+0x70/0x260\nel0_svc_common.constprop.0+0xac/0x230\ndo_el0_svc+0x40/0x58\nel0_svc+0x48/0xdc\nel0t_64_sync_handler+0x10c/0x138\nel0t_64_sync+0x198/0x19c\n...\n\nRemove this incorrect list_del() call from pci_epf_remove_cfs().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39783",
"url": "https://www.suse.com/security/cve/CVE-2025-39783"
},
{
"category": "external",
"summary": "SUSE Bug 1249486 for CVE-2025-39783",
"url": "https://bugzilla.suse.com/1249486"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39783"
},
{
"cve": "CVE-2025-39787",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39787"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: mdt_loader: Ensure we don\u0027t read past the ELF header\n\nWhen the MDT loader is used in remoteproc, the ELF header is sanitized\nbeforehand, but that\u0027s not necessary the case for other clients.\n\nValidate the size of the firmware buffer to ensure that we don\u0027t read\npast the end as we iterate over the header. e_phentsize and e_shentsize\nare validated as well, to ensure that the assumptions about step size in\nthe traversal are valid.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39787",
"url": "https://www.suse.com/security/cve/CVE-2025-39787"
},
{
"category": "external",
"summary": "SUSE Bug 1249545 for CVE-2025-39787",
"url": "https://bugzilla.suse.com/1249545"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39787"
},
{
"cve": "CVE-2025-39788",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39788"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE\n\nOn Google gs101, the number of UTP transfer request slots (nutrs) is 32,\nand in this case the driver ends up programming the UTRL_NEXUS_TYPE\nincorrectly as 0.\n\nThis is because the left hand side of the shift is 1, which is of type\nint, i.e. 31 bits wide. Shifting by more than that width results in\nundefined behaviour.\n\nFix this by switching to the BIT() macro, which applies correct type\ncasting as required. This ensures the correct value is written to\nUTRL_NEXUS_TYPE (0xffffffff on gs101), and it also fixes a UBSAN shift\nwarning:\n\n UBSAN: shift-out-of-bounds in drivers/ufs/host/ufs-exynos.c:1113:21\n shift exponent 32 is too large for 32-bit type \u0027int\u0027\n\nFor consistency, apply the same change to the nutmrs / UTMRL_NEXUS_TYPE\nwrite.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39788",
"url": "https://www.suse.com/security/cve/CVE-2025-39788"
},
{
"category": "external",
"summary": "SUSE Bug 1249547 for CVE-2025-39788",
"url": "https://bugzilla.suse.com/1249547"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39788"
},
{
"cve": "CVE-2025-39790",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39790"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: mhi: host: Detect events pointing to unexpected TREs\n\nWhen a remote device sends a completion event to the host, it contains a\npointer to the consumed TRE. The host uses this pointer to process all of\nthe TREs between it and the host\u0027s local copy of the ring\u0027s read pointer.\nThis works when processing completion for chained transactions, but can\nlead to nasty results if the device sends an event for a single-element\ntransaction with a read pointer that is multiple elements ahead of the\nhost\u0027s read pointer.\n\nFor instance, if the host accesses an event ring while the device is\nupdating it, the pointer inside of the event might still point to an old\nTRE. If the host uses the channel\u0027s xfer_cb() to directly free the buffer\npointed to by the TRE, the buffer will be double-freed.\n\nThis behavior was observed on an ep that used upstream EP stack without\n\u0027commit 6f18d174b73d (\"bus: mhi: ep: Update read pointer only after buffer\nis written\")\u0027. Where the device updated the events ring pointer before\nupdating the event contents, so it left a window where the host was able to\naccess the stale data the event pointed to, before the device had the\nchance to update them. The usual pattern was that the host received an\nevent pointing to a TRE that is not immediately after the last processed\none, so it got treated as if it was a chained transaction, processing all\nof the TREs in between the two read pointers.\n\nThis commit aims to harden the host by ensuring transactions where the\nevent points to a TRE that isn\u0027t local_rp + 1 are chained.\n\n[mani: added stable tag and reworded commit message]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39790",
"url": "https://www.suse.com/security/cve/CVE-2025-39790"
},
{
"category": "external",
"summary": "SUSE Bug 1249548 for CVE-2025-39790",
"url": "https://bugzilla.suse.com/1249548"
},
{
"category": "external",
"summary": "SUSE Bug 1249549 for CVE-2025-39790",
"url": "https://bugzilla.suse.com/1249549"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-39790"
},
{
"cve": "CVE-2025-39791",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39791"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: dm-crypt: Do not partially accept write BIOs with zoned targets\n\nRead and write operations issued to a dm-crypt target may be split\naccording to the dm-crypt internal limits defined by the max_read_size\nand max_write_size module parameters (default is 128 KB). The intent is\nto improve processing time of large BIOs by splitting them into smaller\noperations that can be parallelized on different CPUs.\n\nFor zoned dm-crypt targets, this BIO splitting is still done but without\nthe parallel execution to ensure that the issuing order of write\noperations to the underlying devices remains sequential. However, the\nsplitting itself causes other problems:\n\n1) Since dm-crypt relies on the block layer zone write plugging to\n handle zone append emulation using regular write operations, the\n reminder of a split write BIO will always be plugged into the target\n zone write plugged. Once the on-going write BIO finishes, this\n reminder BIO is unplugged and issued from the zone write plug work.\n If this reminder BIO itself needs to be split, the reminder will be\n re-issued and plugged again, but that causes a call to a\n blk_queue_enter(), which may block if a queue freeze operation was\n initiated. This results in a deadlock as DM submission still holds\n BIOs that the queue freeze side is waiting for.\n\n2) dm-crypt relies on the emulation done by the block layer using\n regular write operations for processing zone append operations. This\n still requires to properly return the written sector as the BIO\n sector of the original BIO. However, this can be done correctly only\n and only if there is a single clone BIO used for processing the\n original zone append operation issued by the user. If the size of a\n zone append operation is larger than dm-crypt max_write_size, then\n the orginal BIO will be split and processed as a chain of regular\n write operations. Such chaining result in an incorrect written sector\n being returned to the zone append issuer using the original BIO\n sector. This in turn results in file system data corruptions using\n xfs or btrfs.\n\nFix this by modifying get_max_request_size() to always return the size\nof the BIO to avoid it being split with dm_accpet_partial_bio() in\ncrypt_map(). get_max_request_size() is renamed to\nget_max_request_sectors() to clarify the unit of the value returned\nand its interface is changed to take a struct dm_target pointer and a\npointer to the struct bio being processed. In addition to this change,\nto ensure that crypt_alloc_buffer() works correctly, set the dm-crypt\ndevice max_hw_sectors limit to be at most\nBIO_MAX_VECS \u003c\u003c PAGE_SECTORS_SHIFT (1 MB with a 4KB page architecture).\nThis forces DM core to split write BIOs before passing them to\ncrypt_map(), and thus guaranteeing that dm-crypt can always accept an\nentire write BIO without needing to split it.\n\nThis change does not have any effect on the read path of dm-crypt. Read\noperations can still be split and the BIO fragments processed in\nparallel. There is also no impact on the performance of the write path\ngiven that all zone write BIOs were already processed inline instead of\nin parallel.\n\nThis change also does not affect in any way regular dm-crypt block\ndevices.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39791",
"url": "https://www.suse.com/security/cve/CVE-2025-39791"
},
{
"category": "external",
"summary": "SUSE Bug 1249550 for CVE-2025-39791",
"url": "https://bugzilla.suse.com/1249550"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39791"
},
{
"cve": "CVE-2025-39792",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39792"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: Always split write BIOs to zoned device limits\n\nAny zoned DM target that requires zone append emulation will use the\nblock layer zone write plugging. In such case, DM target drivers must\nnot split BIOs using dm_accept_partial_bio() as doing so can potentially\nlead to deadlocks with queue freeze operations. Regular write operations\nused to emulate zone append operations also cannot be split by the\ntarget driver as that would result in an invalid writen sector value\nreturn using the BIO sector.\n\nIn order for zoned DM target drivers to avoid such incorrect BIO\nsplitting, we must ensure that large BIOs are split before being passed\nto the map() function of the target, thus guaranteeing that the\nlimits for the mapped device are not exceeded.\n\ndm-crypt and dm-flakey are the only target drivers supporting zoned\ndevices and using dm_accept_partial_bio().\n\nIn the case of dm-crypt, this function is used to split BIOs to the\ninternal max_write_size limit (which will be suppressed in a different\npatch). However, since crypt_alloc_buffer() uses a bioset allowing only\nup to BIO_MAX_VECS (256) vectors in a BIO. The dm-crypt device\nmax_segments limit, which is not set and so default to BLK_MAX_SEGMENTS\n(128), must thus be respected and write BIOs split accordingly.\n\nIn the case of dm-flakey, since zone append emulation is not required,\nthe block layer zone write plugging is not used and no splitting of BIOs\nrequired.\n\nModify the function dm_zone_bio_needs_split() to use the block layer\nhelper function bio_needs_zone_write_plugging() to force a call to\nbio_split_to_limits() in dm_split_and_process_bio(). This allows DM\ntarget drivers to avoid using dm_accept_partial_bio() for write\noperations on zoned DM devices.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39792",
"url": "https://www.suse.com/security/cve/CVE-2025-39792"
},
{
"category": "external",
"summary": "SUSE Bug 1249618 for CVE-2025-39792",
"url": "https://bugzilla.suse.com/1249618"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39792"
},
{
"cve": "CVE-2025-39797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39797"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: Duplicate SPI Handling\n\nThe issue originates when Strongswan initiates an XFRM_MSG_ALLOCSPI\nNetlink message, which triggers the kernel function xfrm_alloc_spi().\nThis function is expected to ensure uniqueness of the Security Parameter\nIndex (SPI) for inbound Security Associations (SAs). However, it can\nreturn success even when the requested SPI is already in use, leading\nto duplicate SPIs assigned to multiple inbound SAs, differentiated\nonly by their destination addresses.\n\nThis behavior causes inconsistencies during SPI lookups for inbound packets.\nSince the lookup may return an arbitrary SA among those with the same SPI,\npacket processing can fail, resulting in packet drops.\n\nAccording to RFC 4301 section 4.4.2 , for inbound processing a unicast SA\nis uniquely identified by the SPI and optionally protocol.\n\nReproducing the Issue Reliably:\nTo consistently reproduce the problem, restrict the available SPI range in\ncharon.conf : spi_min = 0x10000000 spi_max = 0x10000002\nThis limits the system to only 2 usable SPI values.\nNext, create more than 2 Child SA. each using unique pair of src/dst address.\nAs soon as the 3rd Child SA is initiated, it will be assigned a duplicate\nSPI, since the SPI pool is already exhausted.\nWith a narrow SPI range, the issue is consistently reproducible.\nWith a broader/default range, it becomes rare and unpredictable.\n\nCurrent implementation:\nxfrm_spi_hash() lookup function computes hash using daddr, proto, and family.\nSo if two SAs have the same SPI but different destination addresses, then\nthey will:\na. Hash into different buckets\nb. Be stored in different linked lists (byspi + h)\nc. Not be seen in the same hlist_for_each_entry_rcu() iteration.\nAs a result, the lookup will result in NULL and kernel allows that Duplicate SPI\n\nProposed Change:\nxfrm_state_lookup_spi_proto() does a truly global search - across all states,\nregardless of hash bucket and matches SPI and proto.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39797",
"url": "https://www.suse.com/security/cve/CVE-2025-39797"
},
{
"category": "external",
"summary": "SUSE Bug 1249608 for CVE-2025-39797",
"url": "https://bugzilla.suse.com/1249608"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39797"
},
{
"cve": "CVE-2025-39798",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39798"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Fix the setting of capabilities when automounting a new filesystem\n\nCapabilities cannot be inherited when we cross into a new filesystem.\nThey need to be reset to the minimal defaults, and then probed for\nagain.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39798",
"url": "https://www.suse.com/security/cve/CVE-2025-39798"
},
{
"category": "external",
"summary": "SUSE Bug 1249774 for CVE-2025-39798",
"url": "https://bugzilla.suse.com/1249774"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39798"
},
{
"cve": "CVE-2025-39800",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39800"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: abort transaction on unexpected eb generation at btrfs_copy_root()\n\nIf we find an unexpected generation for the extent buffer we are cloning\nat btrfs_copy_root(), we just WARN_ON() and don\u0027t error out and abort the\ntransaction, meaning we allow to persist metadata with an unexpected\ngeneration. Instead of warning only, abort the transaction and return\n-EUCLEAN.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39800",
"url": "https://www.suse.com/security/cve/CVE-2025-39800"
},
{
"category": "external",
"summary": "SUSE Bug 1250177 for CVE-2025-39800",
"url": "https://bugzilla.suse.com/1250177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39800"
},
{
"cve": "CVE-2025-39801",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39801"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: Remove WARN_ON for device endpoint command timeouts\n\nThis commit addresses a rarely observed endpoint command timeout\nwhich causes kernel panic due to warn when \u0027panic_on_warn\u0027 is enabled\nand unnecessary call trace prints when \u0027panic_on_warn\u0027 is disabled.\nIt is seen during fast software-controlled connect/disconnect testcases.\nThe following is one such endpoint command timeout that we observed:\n\n1. Connect\n =======\n-\u003edwc3_thread_interrupt\n -\u003edwc3_ep0_interrupt\n -\u003econfigfs_composite_setup\n -\u003ecomposite_setup\n -\u003eusb_ep_queue\n -\u003edwc3_gadget_ep0_queue\n -\u003e__dwc3_gadget_ep0_queue\n -\u003e__dwc3_ep0_do_control_data\n -\u003edwc3_send_gadget_ep_cmd\n\n2. Disconnect\n ==========\n-\u003edwc3_thread_interrupt\n -\u003edwc3_gadget_disconnect_interrupt\n -\u003edwc3_ep0_reset_state\n -\u003edwc3_ep0_end_control_data\n -\u003edwc3_send_gadget_ep_cmd\n\nIn the issue scenario, in Exynos platforms, we observed that control\ntransfers for the previous connect have not yet been completed and end\ntransfer command sent as a part of the disconnect sequence and\nprocessing of USB_ENDPOINT_HALT feature request from the host timeout.\nThis maybe an expected scenario since the controller is processing EP\ncommands sent as a part of the previous connect. It maybe better to\nremove WARN_ON in all places where device endpoint commands are sent to\navoid unnecessary kernel panic due to warn.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39801",
"url": "https://www.suse.com/security/cve/CVE-2025-39801"
},
{
"category": "external",
"summary": "SUSE Bug 1250450 for CVE-2025-39801",
"url": "https://bugzilla.suse.com/1250450"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39801"
},
{
"cve": "CVE-2025-39806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39806"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: multitouch: fix slab out-of-bounds access in mt_report_fixup()\n\nA malicious HID device can trigger a slab out-of-bounds during\nmt_report_fixup() by passing in report descriptor smaller than\n607 bytes. mt_report_fixup() attempts to patch byte offset 607\nof the descriptor with 0x25 by first checking if byte offset\n607 is 0x15 however it lacks bounds checks to verify if the\ndescriptor is big enough before conducting this check. Fix\nthis bug by ensuring the descriptor size is at least 608\nbytes before accessing it.\n\nBelow is the KASAN splat after the out of bounds access happens:\n\n[ 13.671954] ==================================================================\n[ 13.672667] BUG: KASAN: slab-out-of-bounds in mt_report_fixup+0x103/0x110\n[ 13.673297] Read of size 1 at addr ffff888103df39df by task kworker/0:1/10\n[ 13.673297]\n[ 13.673297] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.15.0-00005-gec5d573d83f4-dirty #3\n[ 13.673297] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/04\n[ 13.673297] Call Trace:\n[ 13.673297] \u003cTASK\u003e\n[ 13.673297] dump_stack_lvl+0x5f/0x80\n[ 13.673297] print_report+0xd1/0x660\n[ 13.673297] kasan_report+0xe5/0x120\n[ 13.673297] __asan_report_load1_noabort+0x18/0x20\n[ 13.673297] mt_report_fixup+0x103/0x110\n[ 13.673297] hid_open_report+0x1ef/0x810\n[ 13.673297] mt_probe+0x422/0x960\n[ 13.673297] hid_device_probe+0x2e2/0x6f0\n[ 13.673297] really_probe+0x1c6/0x6b0\n[ 13.673297] __driver_probe_device+0x24f/0x310\n[ 13.673297] driver_probe_device+0x4e/0x220\n[ 13.673297] __device_attach_driver+0x169/0x320\n[ 13.673297] bus_for_each_drv+0x11d/0x1b0\n[ 13.673297] __device_attach+0x1b8/0x3e0\n[ 13.673297] device_initial_probe+0x12/0x20\n[ 13.673297] bus_probe_device+0x13d/0x180\n[ 13.673297] device_add+0xe3a/0x1670\n[ 13.673297] hid_add_device+0x31d/0xa40\n[...]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39806",
"url": "https://www.suse.com/security/cve/CVE-2025-39806"
},
{
"category": "external",
"summary": "SUSE Bug 1249888 for CVE-2025-39806",
"url": "https://bugzilla.suse.com/1249888"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39806"
},
{
"cve": "CVE-2025-39807",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39807"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mediatek: Add error handling for old state CRTC in atomic_disable\n\nIntroduce error handling to address an issue where, after a hotplug\nevent, the cursor continues to update. This situation can lead to a\nkernel panic due to accessing the NULL `old_state-\u003ecrtc`.\n\nE,g.\nUnable to handle kernel NULL pointer dereference at virtual address\nCall trace:\n mtk_crtc_plane_disable+0x24/0x140\n mtk_plane_atomic_update+0x8c/0xa8\n drm_atomic_helper_commit_planes+0x114/0x2c8\n drm_atomic_helper_commit_tail_rpm+0x4c/0x158\n commit_tail+0xa0/0x168\n drm_atomic_helper_commit+0x110/0x120\n drm_atomic_commit+0x8c/0xe0\n drm_atomic_helper_update_plane+0xd4/0x128\n __setplane_atomic+0xcc/0x110\n drm_mode_cursor_common+0x250/0x440\n drm_mode_cursor_ioctl+0x44/0x70\n drm_ioctl+0x264/0x5d8\n __arm64_sys_ioctl+0xd8/0x510\n invoke_syscall+0x6c/0xe0\n do_el0_svc+0x68/0xe8\n el0_svc+0x34/0x60\n el0t_64_sync_handler+0x1c/0xf8\n el0t_64_sync+0x180/0x188\n\nAdding NULL pointer checks to ensure stability by preventing operations\non an invalid CRTC state.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39807",
"url": "https://www.suse.com/security/cve/CVE-2025-39807"
},
{
"category": "external",
"summary": "SUSE Bug 1249887 for CVE-2025-39807",
"url": "https://bugzilla.suse.com/1249887"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39807"
},
{
"cve": "CVE-2025-39808",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39808"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hid-ntrig: fix unable to handle page fault in ntrig_report_version()\n\nin ntrig_report_version(), hdev parameter passed from hid_probe().\nsending descriptor to /dev/uhid can make hdev-\u003edev.parent-\u003eparent to null\nif hdev-\u003edev.parent-\u003eparent is null, usb_dev has\ninvalid address(0xffffffffffffff58) that hid_to_usb_dev(hdev) returned\nwhen usb_rcvctrlpipe() use usb_dev,it trigger\npage fault error for address(0xffffffffffffff58)\n\nadd null check logic to ntrig_report_version()\nbefore calling hid_to_usb_dev()",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39808",
"url": "https://www.suse.com/security/cve/CVE-2025-39808"
},
{
"category": "external",
"summary": "SUSE Bug 1250088 for CVE-2025-39808",
"url": "https://bugzilla.suse.com/1250088"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39808"
},
{
"cve": "CVE-2025-39810",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39810"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Fix memory corruption when FW resources change during ifdown\n\nbnxt_set_dflt_rings() assumes that it is always called before any TC has\nbeen created. So it doesn\u0027t take bp-\u003enum_tc into account and assumes\nthat it is always 0 or 1.\n\nIn the FW resource or capability change scenario, the FW will return\nflags in bnxt_hwrm_if_change() that will cause the driver to\nreinitialize and call bnxt_cancel_reservations(). This will lead to\nbnxt_init_dflt_ring_mode() calling bnxt_set_dflt_rings() and bp-\u003enum_tc\nmay be greater than 1. This will cause bp-\u003etx_ring[] to be sized too\nsmall and cause memory corruption in bnxt_alloc_cp_rings().\n\nFix it by properly scaling the TX rings by bp-\u003enum_tc in the code\npaths mentioned above. Add 2 helper functions to determine\nbp-\u003etx_nr_rings and bp-\u003etx_nr_rings_per_tc.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39810",
"url": "https://www.suse.com/security/cve/CVE-2025-39810"
},
{
"category": "external",
"summary": "SUSE Bug 1249975 for CVE-2025-39810",
"url": "https://bugzilla.suse.com/1249975"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39810"
},
{
"cve": "CVE-2025-39811",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39811"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/vm: Clear the scratch_pt pointer on error\n\nAvoid triggering a dereference of an error pointer on cleanup in\nxe_vm_free_scratch() by clearing any scratch_pt error pointer.\n\n(cherry picked from commit 358ee50ab565f3c8ea32480e9d03127a81ba32f8)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39811",
"url": "https://www.suse.com/security/cve/CVE-2025-39811"
},
{
"category": "external",
"summary": "SUSE Bug 1249915 for CVE-2025-39811",
"url": "https://bugzilla.suse.com/1249915"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39811"
},
{
"cve": "CVE-2025-39813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39813"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Fix potential warning in trace_printk_seq during ftrace_dump\n\nWhen calling ftrace_dump_one() concurrently with reading trace_pipe,\na WARN_ON_ONCE() in trace_printk_seq() can be triggered due to a race\ncondition.\n\nThe issue occurs because:\n\nCPU0 (ftrace_dump) CPU1 (reader)\necho z \u003e /proc/sysrq-trigger\n\n!trace_empty(\u0026iter)\ntrace_iterator_reset(\u0026iter) \u003c- len = size = 0\n cat /sys/kernel/tracing/trace_pipe\ntrace_find_next_entry_inc(\u0026iter)\n __find_next_entry\n ring_buffer_empty_cpu \u003c- all empty\n return NULL\n\ntrace_printk_seq(\u0026iter.seq)\n WARN_ON_ONCE(s-\u003eseq.len \u003e= s-\u003eseq.size)\n\nIn the context between trace_empty() and trace_find_next_entry_inc()\nduring ftrace_dump, the ring buffer data was consumed by other readers.\nThis caused trace_find_next_entry_inc to return NULL, failing to populate\n`iter.seq`. At this point, due to the prior trace_iterator_reset, both\n`iter.seq.len` and `iter.seq.size` were set to 0. Since they are equal,\nthe WARN_ON_ONCE condition is triggered.\n\nMove the trace_printk_seq() into the if block that checks to make sure the\nreturn value of trace_find_next_entry_inc() is non-NULL in\nftrace_dump_one(), ensuring the \u0027iter.seq\u0027 is properly populated before\nsubsequent operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39813",
"url": "https://www.suse.com/security/cve/CVE-2025-39813"
},
{
"category": "external",
"summary": "SUSE Bug 1250032 for CVE-2025-39813",
"url": "https://bugzilla.suse.com/1250032"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39813"
},
{
"cve": "CVE-2025-39816",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39816"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/kbuf: always use READ_ONCE() to read ring provided buffer lengths\n\nSince the buffers are mapped from userspace, it is prudent to use\nREAD_ONCE() to read the value into a local variable, and use that for\nany other actions taken. Having a stable read of the buffer length\navoids worrying about it changing after checking, or being read multiple\ntimes.\n\nSimilarly, the buffer may well change in between it being picked and\nbeing committed. Ensure the looping for incremental ring buffer commit\nstops if it hits a zero sized buffer, as no further progress can be made\nat that point.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39816",
"url": "https://www.suse.com/security/cve/CVE-2025-39816"
},
{
"category": "external",
"summary": "SUSE Bug 1249906 for CVE-2025-39816",
"url": "https://bugzilla.suse.com/1249906"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39816"
},
{
"cve": "CVE-2025-39823",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39823"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: use array_index_nospec with indices that come from guest\n\nmin and dest_id are guest-controlled indices. Using array_index_nospec()\nafter the bounds checks clamps these values to mitigate speculative execution\nside-channels.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39823",
"url": "https://www.suse.com/security/cve/CVE-2025-39823"
},
{
"category": "external",
"summary": "SUSE Bug 1250002 for CVE-2025-39823",
"url": "https://bugzilla.suse.com/1250002"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39823"
},
{
"cve": "CVE-2025-39824",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39824"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: asus: fix UAF via HID_CLAIMED_INPUT validation\n\nAfter hid_hw_start() is called hidinput_connect() will eventually be\ncalled to set up the device with the input layer since the\nHID_CONNECT_DEFAULT connect mask is used. During hidinput_connect()\nall input and output reports are processed and corresponding hid_inputs\nare allocated and configured via hidinput_configure_usages(). This\nprocess involves slot tagging report fields and configuring usages\nby setting relevant bits in the capability bitmaps. However it is possible\nthat the capability bitmaps are not set at all leading to the subsequent\nhidinput_has_been_populated() check to fail leading to the freeing of the\nhid_input and the underlying input device.\n\nThis becomes problematic because a malicious HID device like a\nASUS ROG N-Key keyboard can trigger the above scenario via a\nspecially crafted descriptor which then leads to a user-after-free\nwhen the name of the freed input device is written to later on after\nhid_hw_start(). Below, report 93 intentionally utilises the\nHID_UP_UNDEFINED Usage Page which is skipped during usage\nconfiguration, leading to the frees.\n\n0x05, 0x0D, // Usage Page (Digitizer)\n0x09, 0x05, // Usage (Touch Pad)\n0xA1, 0x01, // Collection (Application)\n0x85, 0x0D, // Report ID (13)\n0x06, 0x00, 0xFF, // Usage Page (Vendor Defined 0xFF00)\n0x09, 0xC5, // Usage (0xC5)\n0x15, 0x00, // Logical Minimum (0)\n0x26, 0xFF, 0x00, // Logical Maximum (255)\n0x75, 0x08, // Report Size (8)\n0x95, 0x04, // Report Count (4)\n0xB1, 0x02, // Feature (Data,Var,Abs)\n0x85, 0x5D, // Report ID (93)\n0x06, 0x00, 0x00, // Usage Page (Undefined)\n0x09, 0x01, // Usage (0x01)\n0x15, 0x00, // Logical Minimum (0)\n0x26, 0xFF, 0x00, // Logical Maximum (255)\n0x75, 0x08, // Report Size (8)\n0x95, 0x1B, // Report Count (27)\n0x81, 0x02, // Input (Data,Var,Abs)\n0xC0, // End Collection\n\nBelow is the KASAN splat after triggering the UAF:\n\n[ 21.672709] ==================================================================\n[ 21.673700] BUG: KASAN: slab-use-after-free in asus_probe+0xeeb/0xf80\n[ 21.673700] Write of size 8 at addr ffff88810a0ac000 by task kworker/1:2/54\n[ 21.673700]\n[ 21.673700] CPU: 1 UID: 0 PID: 54 Comm: kworker/1:2 Not tainted 6.16.0-rc4-g9773391cf4dd-dirty #36 PREEMPT(voluntary)\n[ 21.673700] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\n[ 21.673700] Call Trace:\n[ 21.673700] \u003cTASK\u003e\n[ 21.673700] dump_stack_lvl+0x5f/0x80\n[ 21.673700] print_report+0xd1/0x660\n[ 21.673700] kasan_report+0xe5/0x120\n[ 21.673700] __asan_report_store8_noabort+0x1b/0x30\n[ 21.673700] asus_probe+0xeeb/0xf80\n[ 21.673700] hid_device_probe+0x2ee/0x700\n[ 21.673700] really_probe+0x1c6/0x6b0\n[ 21.673700] __driver_probe_device+0x24f/0x310\n[ 21.673700] driver_probe_device+0x4e/0x220\n[...]\n[ 21.673700]\n[ 21.673700] Allocated by task 54:\n[ 21.673700] kasan_save_stack+0x3d/0x60\n[ 21.673700] kasan_save_track+0x18/0x40\n[ 21.673700] kasan_save_alloc_info+0x3b/0x50\n[ 21.673700] __kasan_kmalloc+0x9c/0xa0\n[ 21.673700] __kmalloc_cache_noprof+0x139/0x340\n[ 21.673700] input_allocate_device+0x44/0x370\n[ 21.673700] hidinput_connect+0xcb6/0x2630\n[ 21.673700] hid_connect+0xf74/0x1d60\n[ 21.673700] hid_hw_start+0x8c/0x110\n[ 21.673700] asus_probe+0x5a3/0xf80\n[ 21.673700] hid_device_probe+0x2ee/0x700\n[ 21.673700] really_probe+0x1c6/0x6b0\n[ 21.673700] __driver_probe_device+0x24f/0x310\n[ 21.673700] driver_probe_device+0x4e/0x220\n[...]\n[ 21.673700]\n[ 21.673700] Freed by task 54:\n[ 21.673700] kasan_save_stack+0x3d/0x60\n[ 21.673700] kasan_save_track+0x18/0x40\n[ 21.673700] kasan_save_free_info+0x3f/0x60\n[ 21.673700] __kasan_slab_free+0x3c/0x50\n[ 21.673700] kfre\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39824",
"url": "https://www.suse.com/security/cve/CVE-2025-39824"
},
{
"category": "external",
"summary": "SUSE Bug 1250007 for CVE-2025-39824",
"url": "https://bugzilla.suse.com/1250007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39824"
},
{
"cve": "CVE-2025-39825",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39825"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix race with concurrent opens in rename(2)\n\nBesides sending the rename request to the server, the rename process\nalso involves closing any deferred close, waiting for outstanding I/O\nto complete as well as marking all existing open handles as deleted to\nprevent them from deferring closes, which increases the race window\nfor potential concurrent opens on the target file.\n\nFix this by unhashing the dentry in advance to prevent any concurrent\nopens on the target.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39825",
"url": "https://www.suse.com/security/cve/CVE-2025-39825"
},
{
"category": "external",
"summary": "SUSE Bug 1250179 for CVE-2025-39825",
"url": "https://bugzilla.suse.com/1250179"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39825"
},
{
"cve": "CVE-2025-39826",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39826"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rose: convert \u0027use\u0027 field to refcount_t\n\nThe \u0027use\u0027 field in struct rose_neigh is used as a reference counter but\nlacks atomicity. This can lead to race conditions where a rose_neigh\nstructure is freed while still being referenced by other code paths.\n\nFor example, when rose_neigh-\u003euse becomes zero during an ioctl operation\nvia rose_rt_ioctl(), the structure may be removed while its timer is\nstill active, potentially causing use-after-free issues.\n\nThis patch changes the type of \u0027use\u0027 from unsigned short to refcount_t and\nupdates all code paths to use rose_neigh_hold() and rose_neigh_put() which\noperate reference counts atomically.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39826",
"url": "https://www.suse.com/security/cve/CVE-2025-39826"
},
{
"category": "external",
"summary": "SUSE Bug 1250203 for CVE-2025-39826",
"url": "https://bugzilla.suse.com/1250203"
},
{
"category": "external",
"summary": "SUSE Bug 1252713 for CVE-2025-39826",
"url": "https://bugzilla.suse.com/1252713"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-39826"
},
{
"cve": "CVE-2025-39827",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39827"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rose: include node references in rose_neigh refcount\n\nCurrent implementation maintains two separate reference counting\nmechanisms: the \u0027count\u0027 field in struct rose_neigh tracks references from\nrose_node structures, while the \u0027use\u0027 field (now refcount_t) tracks\nreferences from rose_sock.\n\nThis patch merges these two reference counting systems using \u0027use\u0027 field\nfor proper reference management. Specifically, this patch adds incrementing\nand decrementing of rose_neigh-\u003euse when rose_neigh-\u003ecount is incremented\nor decremented.\n\nThis patch also modifies rose_rt_free(), rose_rt_device_down() and\nrose_clear_route() to properly release references to rose_neigh objects\nbefore freeing a rose_node through rose_remove_node().\n\nThese changes ensure rose_neigh structures are properly freed only when\nall references, including those from rose_node structures, are released.\nAs a result, this resolves a slab-use-after-free issue reported by Syzbot.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39827",
"url": "https://www.suse.com/security/cve/CVE-2025-39827"
},
{
"category": "external",
"summary": "SUSE Bug 1250204 for CVE-2025-39827",
"url": "https://bugzilla.suse.com/1250204"
},
{
"category": "external",
"summary": "SUSE Bug 1252714 for CVE-2025-39827",
"url": "https://bugzilla.suse.com/1252714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-39827"
},
{
"cve": "CVE-2025-39828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39828"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: atmtcp: Prevent arbitrary write in atmtcp_recv_control().\n\nsyzbot reported the splat below. [0]\n\nWhen atmtcp_v_open() or atmtcp_v_close() is called via connect()\nor close(), atmtcp_send_control() is called to send an in-kernel\nspecial message.\n\nThe message has ATMTCP_HDR_MAGIC in atmtcp_control.hdr.length.\nAlso, a pointer of struct atm_vcc is set to atmtcp_control.vcc.\n\nThe notable thing is struct atmtcp_control is uAPI but has a\nspace for an in-kernel pointer.\n\n struct atmtcp_control {\n \tstruct atmtcp_hdr hdr;\t/* must be first */\n ...\n \tatm_kptr_t vcc;\t\t/* both directions */\n ...\n } __ATM_API_ALIGN;\n\n typedef struct { unsigned char _[8]; } __ATM_API_ALIGN atm_kptr_t;\n\nThe special message is processed in atmtcp_recv_control() called\nfrom atmtcp_c_send().\n\natmtcp_c_send() is vcc-\u003edev-\u003eops-\u003esend() and called from 2 paths:\n\n 1. .ndo_start_xmit() (vcc-\u003esend() == atm_send_aal0())\n 2. vcc_sendmsg()\n\nThe problem is sendmsg() does not validate the message length and\nuserspace can abuse atmtcp_recv_control() to overwrite any kptr\nby atmtcp_control.\n\nLet\u0027s add a new -\u003epre_send() hook to validate messages from sendmsg().\n\n[0]:\nOops: general protection fault, probably for non-canonical address 0xdffffc00200000ab: 0000 [#1] SMP KASAN PTI\nKASAN: probably user-memory-access in range [0x0000000100000558-0x000000010000055f]\nCPU: 0 UID: 0 PID: 5865 Comm: syz-executor331 Not tainted 6.17.0-rc1-syzkaller-00215-gbab3ce404553 #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025\nRIP: 0010:atmtcp_recv_control drivers/atm/atmtcp.c:93 [inline]\nRIP: 0010:atmtcp_c_send+0x1da/0x950 drivers/atm/atmtcp.c:297\nCode: 4d 8d 75 1a 4c 89 f0 48 c1 e8 03 42 0f b6 04 20 84 c0 0f 85 15 06 00 00 41 0f b7 1e 4d 8d b7 60 05 00 00 4c 89 f0 48 c1 e8 03 \u003c42\u003e 0f b6 04 20 84 c0 0f 85 13 06 00 00 66 41 89 1e 4d 8d 75 1c 4c\nRSP: 0018:ffffc90003f5f810 EFLAGS: 00010203\nRAX: 00000000200000ab RBX: 0000000000000000 RCX: 0000000000000000\nRDX: ffff88802a510000 RSI: 00000000ffffffff RDI: ffff888030a6068c\nRBP: ffff88802699fb40 R08: ffff888030a606eb R09: 1ffff1100614c0dd\nR10: dffffc0000000000 R11: ffffffff8718fc40 R12: dffffc0000000000\nR13: ffff888030a60680 R14: 000000010000055f R15: 00000000ffffffff\nFS: 00007f8d7e9236c0(0000) GS:ffff888125c1c000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000000045ad50 CR3: 0000000075bde000 CR4: 00000000003526f0\nCall Trace:\n \u003cTASK\u003e\n vcc_sendmsg+0xa10/0xc60 net/atm/common.c:645\n sock_sendmsg_nosec net/socket.c:714 [inline]\n __sock_sendmsg+0x219/0x270 net/socket.c:729\n ____sys_sendmsg+0x505/0x830 net/socket.c:2614\n ___sys_sendmsg+0x21f/0x2a0 net/socket.c:2668\n __sys_sendmsg net/socket.c:2700 [inline]\n __do_sys_sendmsg net/socket.c:2705 [inline]\n __se_sys_sendmsg net/socket.c:2703 [inline]\n __x64_sys_sendmsg+0x19b/0x260 net/socket.c:2703\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f8d7e96a4a9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f8d7e923198 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007f8d7e9f4308 RCX: 00007f8d7e96a4a9\nRDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000005\nRBP: 00007f8d7e9f4300 R08: 65732f636f72702f R09: 65732f636f72702f\nR10: 65732f636f72702f R11: 0000000000000246 R12: 00007f8d7e9c10ac\nR13: 00007f8d7e9231a0 R14: 0000200000000200 R15: 0000200000000250\n \u003c/TASK\u003e\nModules linked in:",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39828",
"url": "https://www.suse.com/security/cve/CVE-2025-39828"
},
{
"category": "external",
"summary": "SUSE Bug 1250205 for CVE-2025-39828",
"url": "https://bugzilla.suse.com/1250205"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39828"
},
{
"cve": "CVE-2025-39830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39830"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: HWS, Fix memory leak in hws_pool_buddy_init error path\n\nIn the error path of hws_pool_buddy_init(), the buddy allocator cleanup\ndoesn\u0027t free the allocator structure itself, causing a memory leak.\n\nAdd the missing kfree() to properly release all allocated memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39830",
"url": "https://www.suse.com/security/cve/CVE-2025-39830"
},
{
"category": "external",
"summary": "SUSE Bug 1249974 for CVE-2025-39830",
"url": "https://bugzilla.suse.com/1249974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39830"
},
{
"cve": "CVE-2025-39832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39832"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix lockdep assertion on sync reset unload event\n\nFix lockdep assertion triggered during sync reset unload event. When the\nsync reset flow is initiated using the devlink reload fw_activate\noption, the PF already holds the devlink lock while handling unload\nevent. In this case, delegate sync reset unload event handling back to\nthe devlink callback process to avoid double-locking and resolve the\nlockdep warning.\n\nKernel log:\nWARNING: CPU: 9 PID: 1578 at devl_assert_locked+0x31/0x40\n[...]\nCall Trace:\n\u003cTASK\u003e\n mlx5_unload_one_devl_locked+0x2c/0xc0 [mlx5_core]\n mlx5_sync_reset_unload_event+0xaf/0x2f0 [mlx5_core]\n process_one_work+0x222/0x640\n worker_thread+0x199/0x350\n kthread+0x10b/0x230\n ? __pfx_worker_thread+0x10/0x10\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x8e/0x100\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n\u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39832",
"url": "https://www.suse.com/security/cve/CVE-2025-39832"
},
{
"category": "external",
"summary": "SUSE Bug 1249901 for CVE-2025-39832",
"url": "https://bugzilla.suse.com/1249901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39832"
},
{
"cve": "CVE-2025-39833",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39833"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmISDN: hfcpci: Fix warning when deleting uninitialized timer\n\nWith CONFIG_DEBUG_OBJECTS_TIMERS unloading hfcpci module leads\nto the following splat:\n\n[ 250.215892] ODEBUG: assert_init not available (active state 0) object: ffffffffc01a3dc0 object type: timer_list hint: 0x0\n[ 250.217520] WARNING: CPU: 0 PID: 233 at lib/debugobjects.c:612 debug_print_object+0x1b6/0x2c0\n[ 250.218775] Modules linked in: hfcpci(-) mISDN_core\n[ 250.219537] CPU: 0 UID: 0 PID: 233 Comm: rmmod Not tainted 6.17.0-rc2-g6f713187ac98 #2 PREEMPT(voluntary)\n[ 250.220940] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 250.222377] RIP: 0010:debug_print_object+0x1b6/0x2c0\n[ 250.223131] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 4f 41 56 48 8b 14 dd a0 4e 01 9f 48 89 ee 48 c7 c7 20 46 01 9f e8 cb 84d\n[ 250.225805] RSP: 0018:ffff888015ea7c08 EFLAGS: 00010286\n[ 250.226608] RAX: 0000000000000000 RBX: 0000000000000005 RCX: ffffffff9be93a95\n[ 250.227708] RDX: 1ffff1100d945138 RSI: 0000000000000008 RDI: ffff88806ca289c0\n[ 250.228993] RBP: ffffffff9f014a00 R08: 0000000000000001 R09: ffffed1002bd4f39\n[ 250.230043] R10: ffff888015ea79cf R11: 0000000000000001 R12: 0000000000000001\n[ 250.231185] R13: ffffffff9eea0520 R14: 0000000000000000 R15: ffff888015ea7cc8\n[ 250.232454] FS: 00007f3208f01540(0000) GS:ffff8880caf5a000(0000) knlGS:0000000000000000\n[ 250.233851] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 250.234856] CR2: 00007f32090a7421 CR3: 0000000004d63000 CR4: 00000000000006f0\n[ 250.236117] Call Trace:\n[ 250.236599] \u003cTASK\u003e\n[ 250.236967] ? trace_irq_enable.constprop.0+0xd4/0x130\n[ 250.237920] debug_object_assert_init+0x1f6/0x310\n[ 250.238762] ? __pfx_debug_object_assert_init+0x10/0x10\n[ 250.239658] ? __lock_acquire+0xdea/0x1c70\n[ 250.240369] __try_to_del_timer_sync+0x69/0x140\n[ 250.241172] ? __pfx___try_to_del_timer_sync+0x10/0x10\n[ 250.242058] ? __timer_delete_sync+0xc6/0x120\n[ 250.242842] ? lock_acquire+0x30/0x80\n[ 250.243474] ? __timer_delete_sync+0xc6/0x120\n[ 250.244262] __timer_delete_sync+0x98/0x120\n[ 250.245015] HFC_cleanup+0x10/0x20 [hfcpci]\n[ 250.245704] __do_sys_delete_module+0x348/0x510\n[ 250.246461] ? __pfx___do_sys_delete_module+0x10/0x10\n[ 250.247338] do_syscall_64+0xc1/0x360\n[ 250.247924] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFix this by initializing hfc_tl timer with DEFINE_TIMER macro.\nAlso, use mod_timer instead of manual timeout update.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39833",
"url": "https://www.suse.com/security/cve/CVE-2025-39833"
},
{
"category": "external",
"summary": "SUSE Bug 1250028 for CVE-2025-39833",
"url": "https://bugzilla.suse.com/1250028"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39833"
},
{
"cve": "CVE-2025-39834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39834"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: HWS, Fix memory leak in hws_action_get_shared_stc_nic error flow\n\nWhen an invalid stc_type is provided, the function allocates memory for\nshared_stc but jumps to unlock_and_out without freeing it, causing a\nmemory leak.\n\nFix by jumping to free_shared_stc label instead to ensure proper cleanup.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39834",
"url": "https://www.suse.com/security/cve/CVE-2025-39834"
},
{
"category": "external",
"summary": "SUSE Bug 1250021 for CVE-2025-39834",
"url": "https://bugzilla.suse.com/1250021"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39834"
},
{
"cve": "CVE-2025-39835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39835"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: do not propagate ENODATA disk errors into xattr code\n\nENODATA (aka ENOATTR) has a very specific meaning in the xfs xattr code;\nnamely, that the requested attribute name could not be found.\n\nHowever, a medium error from disk may also return ENODATA. At best,\nthis medium error may escape to userspace as \"attribute not found\"\nwhen in fact it\u0027s an IO (disk) error.\n\nAt worst, we may oops in xfs_attr_leaf_get() when we do:\n\n\terror = xfs_attr_leaf_hasname(args, \u0026bp);\n\tif (error == -ENOATTR) {\n\t\txfs_trans_brelse(args-\u003etrans, bp);\n\t\treturn error;\n\t}\n\nbecause an ENODATA/ENOATTR error from disk leaves us with a null bp,\nand the xfs_trans_brelse will then null-deref it.\n\nAs discussed on the list, we really need to modify the lower level\nIO functions to trap all disk errors and ensure that we don\u0027t let\nunique errors like this leak up into higher xfs functions - many\nlike this should be remapped to EIO.\n\nHowever, this patch directly addresses a reported bug in the xattr\ncode, and should be safe to backport to stable kernels. A larger-scope\npatch to handle more unique errors at lower levels can follow later.\n\n(Note, prior to 07120f1abdff we did not oops, but we did return the\nwrong error code to userspace.)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39835",
"url": "https://www.suse.com/security/cve/CVE-2025-39835"
},
{
"category": "external",
"summary": "SUSE Bug 1250025 for CVE-2025-39835",
"url": "https://bugzilla.suse.com/1250025"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39835"
},
{
"cve": "CVE-2025-39836",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39836"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi: stmm: Fix incorrect buffer allocation method\n\nThe communication buffer allocated by setup_mm_hdr() is later on passed\nto tee_shm_register_kernel_buf(). The latter expects those buffers to be\ncontiguous pages, but setup_mm_hdr() just uses kmalloc(). That can cause\nvarious corruptions or BUGs, specifically since commit 9aec2fb0fd5e\n(\"slab: allocate frozen pages\"), though it was broken before as well.\n\nFix this by using alloc_pages_exact() instead of kmalloc().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39836",
"url": "https://www.suse.com/security/cve/CVE-2025-39836"
},
{
"category": "external",
"summary": "SUSE Bug 1249904 for CVE-2025-39836",
"url": "https://bugzilla.suse.com/1249904"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39836"
},
{
"cve": "CVE-2025-39838",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39838"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: prevent NULL pointer dereference in UTF16 conversion\n\nThere can be a NULL pointer dereference bug here. NULL is passed to\n__cifs_sfu_make_node without checks, which passes it unchecked to\ncifs_strndup_to_utf16, which in turn passes it to\ncifs_local_to_utf16_bytes where \u0027*from\u0027 is dereferenced, causing a crash.\n\nThis patch adds a check for NULL \u0027src\u0027 in cifs_strndup_to_utf16 and\nreturns NULL early to prevent dereferencing NULL pointer.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39838",
"url": "https://www.suse.com/security/cve/CVE-2025-39838"
},
{
"category": "external",
"summary": "SUSE Bug 1250365 for CVE-2025-39838",
"url": "https://bugzilla.suse.com/1250365"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39838"
},
{
"cve": "CVE-2025-39839",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39839"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: fix OOB read/write in network-coding decode\n\nbatadv_nc_skb_decode_packet() trusts coded_len and checks only against\nskb-\u003elen. XOR starts at sizeof(struct batadv_unicast_packet), reducing\npayload headroom, and the source skb length is not verified, allowing an\nout-of-bounds read and a small out-of-bounds write.\n\nValidate that coded_len fits within the payload area of both destination\nand source sk_buffs before XORing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39839",
"url": "https://www.suse.com/security/cve/CVE-2025-39839"
},
{
"category": "external",
"summary": "SUSE Bug 1250291 for CVE-2025-39839",
"url": "https://bugzilla.suse.com/1250291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39839"
},
{
"cve": "CVE-2025-39841",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39841"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix buffer free/clear order in deferred receive path\n\nFix a use-after-free window by correcting the buffer release sequence in\nthe deferred receive path. The code freed the RQ buffer first and only\nthen cleared the context pointer under the lock. Concurrent paths (e.g.,\nABTS and the repost path) also inspect and release the same pointer under\nthe lock, so the old order could lead to double-free/UAF.\n\nNote that the repost path already uses the correct pattern: detach the\npointer under the lock, then free it after dropping the lock. The\ndeferred path should do the same.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39841",
"url": "https://www.suse.com/security/cve/CVE-2025-39841"
},
{
"category": "external",
"summary": "SUSE Bug 1250274 for CVE-2025-39841",
"url": "https://bugzilla.suse.com/1250274"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39841"
},
{
"cve": "CVE-2025-39842",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39842"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: prevent release journal inode after journal shutdown\n\nBefore calling ocfs2_delete_osb(), ocfs2_journal_shutdown() has already\nbeen executed in ocfs2_dismount_volume(), so osb-\u003ejournal must be NULL. \nTherefore, the following calltrace will inevitably fail when it reaches\njbd2_journal_release_jbd_inode().\n\nocfs2_dismount_volume()-\u003e\n ocfs2_delete_osb()-\u003e\n ocfs2_free_slot_info()-\u003e\n __ocfs2_free_slot_info()-\u003e\n evict()-\u003e\n ocfs2_evict_inode()-\u003e\n ocfs2_clear_inode()-\u003e\n\t jbd2_journal_release_jbd_inode(osb-\u003ejournal-\u003ej_journal,\n\nAdding osb-\u003ejournal checks will prevent null-ptr-deref during the above\nexecution path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39842",
"url": "https://www.suse.com/security/cve/CVE-2025-39842"
},
{
"category": "external",
"summary": "SUSE Bug 1250267 for CVE-2025-39842",
"url": "https://bugzilla.suse.com/1250267"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39842"
},
{
"cve": "CVE-2025-39844",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39844"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: move page table sync declarations to linux/pgtable.h\n\nDuring our internal testing, we started observing intermittent boot\nfailures when the machine uses 4-level paging and has a large amount of\npersistent memory:\n\n BUG: unable to handle page fault for address: ffffe70000000034\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD 0 P4D 0 \n Oops: 0002 [#1] SMP NOPTI\n RIP: 0010:__init_single_page+0x9/0x6d\n Call Trace:\n \u003cTASK\u003e\n __init_zone_device_page+0x17/0x5d\n memmap_init_zone_device+0x154/0x1bb\n pagemap_range+0x2e0/0x40f\n memremap_pages+0x10b/0x2f0\n devm_memremap_pages+0x1e/0x60\n dev_dax_probe+0xce/0x2ec [device_dax]\n dax_bus_probe+0x6d/0xc9\n [... snip ...]\n \u003c/TASK\u003e\n\nIt turns out that the kernel panics while initializing vmemmap (struct\npage array) when the vmemmap region spans two PGD entries, because the new\nPGD entry is only installed in init_mm.pgd, but not in the page tables of\nother tasks.\n\nAnd looking at __populate_section_memmap():\n if (vmemmap_can_optimize(altmap, pgmap)) \n // does not sync top level page tables\n r = vmemmap_populate_compound_pages(pfn, start, end, nid, pgmap);\n else \n // sync top level page tables in x86\n r = vmemmap_populate(start, end, nid, altmap);\n\nIn the normal path, vmemmap_populate() in arch/x86/mm/init_64.c\nsynchronizes the top level page table (See commit 9b861528a801 (\"x86-64,\nmem: Update all PGDs for direct mapping and vmemmap mapping changes\")) so\nthat all tasks in the system can see the new vmemmap area.\n\nHowever, when vmemmap_can_optimize() returns true, the optimized path\nskips synchronization of top-level page tables. This is because\nvmemmap_populate_compound_pages() is implemented in core MM code, which\ndoes not handle synchronization of the top-level page tables. Instead,\nthe core MM has historically relied on each architecture to perform this\nsynchronization manually.\n\nWe\u0027re not the first party to encounter a crash caused by not-sync\u0027d top\nlevel page tables: earlier this year, Gwan-gyeong Mun attempted to address\nthe issue [1] [2] after hitting a kernel panic when x86 code accessed the\nvmemmap area before the corresponding top-level entries were synced. At\nthat time, the issue was believed to be triggered only when struct page\nwas enlarged for debugging purposes, and the patch did not get further\nupdates.\n\nIt turns out that current approach of relying on each arch to handle the\npage table sync manually is fragile because 1) it\u0027s easy to forget to sync\nthe top level page table, and 2) it\u0027s also easy to overlook that the\nkernel should not access the vmemmap and direct mapping areas before the\nsync.\n\n# The solution: Make page table sync more code robust and harder to miss\n\nTo address this, Dave Hansen suggested [3] [4] introducing\n{pgd,p4d}_populate_kernel() for updating kernel portion of the page tables\nand allow each architecture to explicitly perform synchronization when\ninstalling top-level entries. With this approach, we no longer need to\nworry about missing the sync step, reducing the risk of future\nregressions.\n\nThe new interface reuses existing ARCH_PAGE_TABLE_SYNC_MASK,\nPGTBL_P*D_MODIFIED and arch_sync_kernel_mappings() facility used by\nvmalloc and ioremap to synchronize page tables.\n\npgd_populate_kernel() looks like this:\nstatic inline void pgd_populate_kernel(unsigned long addr, pgd_t *pgd,\n p4d_t *p4d)\n{\n pgd_populate(\u0026init_mm, pgd, p4d);\n if (ARCH_PAGE_TABLE_SYNC_MASK \u0026 PGTBL_PGD_MODIFIED)\n arch_sync_kernel_mappings(addr, addr);\n}\n\nIt is worth noting that vmalloc() and apply_to_range() carefully\nsynchronizes page tables by calling p*d_alloc_track() and\narch_sync_kernel_mappings(), and thus they are not affected by\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39844",
"url": "https://www.suse.com/security/cve/CVE-2025-39844"
},
{
"category": "external",
"summary": "SUSE Bug 1250268 for CVE-2025-39844",
"url": "https://bugzilla.suse.com/1250268"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39844"
},
{
"cve": "CVE-2025-39845",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39845"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings()\n\nDefine ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() to ensure\npage tables are properly synchronized when calling p*d_populate_kernel().\n\nFor 5-level paging, synchronization is performed via\npgd_populate_kernel(). In 4-level paging, pgd_populate() is a no-op, so\nsynchronization is instead performed at the P4D level via\np4d_populate_kernel().\n\nThis fixes intermittent boot failures on systems using 4-level paging and\na large amount of persistent memory:\n\n BUG: unable to handle page fault for address: ffffe70000000034\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD 0 P4D 0\n Oops: 0002 [#1] SMP NOPTI\n RIP: 0010:__init_single_page+0x9/0x6d\n Call Trace:\n \u003cTASK\u003e\n __init_zone_device_page+0x17/0x5d\n memmap_init_zone_device+0x154/0x1bb\n pagemap_range+0x2e0/0x40f\n memremap_pages+0x10b/0x2f0\n devm_memremap_pages+0x1e/0x60\n dev_dax_probe+0xce/0x2ec [device_dax]\n dax_bus_probe+0x6d/0xc9\n [... snip ...]\n \u003c/TASK\u003e\n\nIt also fixes a crash in vmemmap_set_pmd() caused by accessing vmemmap\nbefore sync_global_pgds() [1]:\n\n BUG: unable to handle page fault for address: ffffeb3ff1200000\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0002 [#1] PREEMPT SMP NOPTI\n Tainted: [W]=WARN\n RIP: 0010:vmemmap_set_pmd+0xff/0x230\n \u003cTASK\u003e\n vmemmap_populate_hugepages+0x176/0x180\n vmemmap_populate+0x34/0x80\n __populate_section_memmap+0x41/0x90\n sparse_add_section+0x121/0x3e0\n __add_pages+0xba/0x150\n add_pages+0x1d/0x70\n memremap_pages+0x3dc/0x810\n devm_memremap_pages+0x1c/0x60\n xe_devm_add+0x8b/0x100 [xe]\n xe_tile_init_noalloc+0x6a/0x70 [xe]\n xe_device_probe+0x48c/0x740 [xe]\n [... snip ...]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39845",
"url": "https://www.suse.com/security/cve/CVE-2025-39845"
},
{
"category": "external",
"summary": "SUSE Bug 1250262 for CVE-2025-39845",
"url": "https://bugzilla.suse.com/1250262"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39845"
},
{
"cve": "CVE-2025-39847",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39847"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nppp: fix memory leak in pad_compress_skb\n\nIf alloc_skb() fails in pad_compress_skb(), it returns NULL without\nreleasing the old skb. The caller does:\n\n skb = pad_compress_skb(ppp, skb);\n if (!skb)\n goto drop;\n\ndrop:\n kfree_skb(skb);\n\nWhen pad_compress_skb() returns NULL, the reference to the old skb is\nlost and kfree_skb(skb) ends up doing nothing, leading to a memory leak.\n\nAlign pad_compress_skb() semantics with realloc(): only free the old\nskb if allocation and compression succeed. At the call site, use the\nnew_skb variable so the original skb is not lost when pad_compress_skb()\nfails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39847",
"url": "https://www.suse.com/security/cve/CVE-2025-39847"
},
{
"category": "external",
"summary": "SUSE Bug 1250292 for CVE-2025-39847",
"url": "https://bugzilla.suse.com/1250292"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39847"
},
{
"cve": "CVE-2025-39848",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39848"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nax25: properly unshare skbs in ax25_kiss_rcv()\n\nBernard Pidoux reported a regression apparently caused by commit\nc353e8983e0d (\"net: introduce per netns packet chains\").\n\nskb-\u003edev becomes NULL and we crash in __netif_receive_skb_core().\n\nBefore above commit, different kind of bugs or corruptions could happen\nwithout a major crash.\n\nBut the root cause is that ax25_kiss_rcv() can queue/mangle input skb\nwithout checking if this skb is shared or not.\n\nMany thanks to Bernard Pidoux for his help, diagnosis and tests.\n\nWe had a similar issue years ago fixed with commit 7aaed57c5c28\n(\"phonet: properly unshare skbs in phonet_rcv()\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39848",
"url": "https://www.suse.com/security/cve/CVE-2025-39848"
},
{
"category": "external",
"summary": "SUSE Bug 1250298 for CVE-2025-39848",
"url": "https://bugzilla.suse.com/1250298"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39848"
},
{
"cve": "CVE-2025-39849",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39849"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result()\n\nIf the ssid-\u003edatalen is more than IEEE80211_MAX_SSID_LEN (32) it would\nlead to memory corruption so add some bounds checking.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39849",
"url": "https://www.suse.com/security/cve/CVE-2025-39849"
},
{
"category": "external",
"summary": "SUSE Bug 1250266 for CVE-2025-39849",
"url": "https://bugzilla.suse.com/1250266"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39849"
},
{
"cve": "CVE-2025-39850",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39850"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects\n\nWhen the \"proxy\" option is enabled on a VXLAN device, the device will\nsuppress ARP requests and IPv6 Neighbor Solicitation messages if it is\nable to reply on behalf of the remote host. That is, if a matching and\nvalid neighbor entry is configured on the VXLAN device whose MAC address\nis not behind the \"any\" remote (0.0.0.0 / ::).\n\nThe code currently assumes that the FDB entry for the neighbor\u0027s MAC\naddress points to a valid remote destination, but this is incorrect if\nthe entry is associated with an FDB nexthop group. This can result in a\nNPD [1][3] which can be reproduced using [2][4].\n\nFix by checking that the remote destination exists before dereferencing\nit.\n\n[1]\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n[...]\nCPU: 4 UID: 0 PID: 365 Comm: arping Not tainted 6.17.0-rc2-virtme-g2a89cb21162c #2 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-4.fc41 04/01/2014\nRIP: 0010:vxlan_xmit+0xb58/0x15f0\n[...]\nCall Trace:\n \u003cTASK\u003e\n dev_hard_start_xmit+0x5d/0x1c0\n __dev_queue_xmit+0x246/0xfd0\n packet_sendmsg+0x113a/0x1850\n __sock_sendmsg+0x38/0x70\n __sys_sendto+0x126/0x180\n __x64_sys_sendto+0x24/0x30\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n[2]\n #!/bin/bash\n\n ip address add 192.0.2.1/32 dev lo\n\n ip nexthop add id 1 via 192.0.2.2 fdb\n ip nexthop add id 10 group 1 fdb\n\n ip link add name vx0 up type vxlan id 10010 local 192.0.2.1 dstport 4789 proxy\n\n ip neigh add 192.0.2.3 lladdr 00:11:22:33:44:55 nud perm dev vx0\n\n bridge fdb add 00:11:22:33:44:55 dev vx0 self static nhid 10\n\n arping -b -c 1 -s 192.0.2.1 -I vx0 192.0.2.3\n\n[3]\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n[...]\nCPU: 13 UID: 0 PID: 372 Comm: ndisc6 Not tainted 6.17.0-rc2-virtmne-g6ee90cb26014 #3 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1v996), BIOS 1.17.0-4.fc41 04/01/2x014\nRIP: 0010:vxlan_xmit+0x803/0x1600\n[...]\nCall Trace:\n \u003cTASK\u003e\n dev_hard_start_xmit+0x5d/0x1c0\n __dev_queue_xmit+0x246/0xfd0\n ip6_finish_output2+0x210/0x6c0\n ip6_finish_output+0x1af/0x2b0\n ip6_mr_output+0x92/0x3e0\n ip6_send_skb+0x30/0x90\n rawv6_sendmsg+0xe6e/0x12e0\n __sock_sendmsg+0x38/0x70\n __sys_sendto+0x126/0x180\n __x64_sys_sendto+0x24/0x30\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\nRIP: 0033:0x7f383422ec77\n\n[4]\n #!/bin/bash\n\n ip address add 2001:db8:1::1/128 dev lo\n\n ip nexthop add id 1 via 2001:db8:1::1 fdb\n ip nexthop add id 10 group 1 fdb\n\n ip link add name vx0 up type vxlan id 10010 local 2001:db8:1::1 dstport 4789 proxy\n\n ip neigh add 2001:db8:1::3 lladdr 00:11:22:33:44:55 nud perm dev vx0\n\n bridge fdb add 00:11:22:33:44:55 dev vx0 self static nhid 10\n\n ndisc6 -r 1 -s 2001:db8:1::1 -w 1 2001:db8:1::3 vx0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39850",
"url": "https://www.suse.com/security/cve/CVE-2025-39850"
},
{
"category": "external",
"summary": "SUSE Bug 1250276 for CVE-2025-39850",
"url": "https://bugzilla.suse.com/1250276"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39850"
},
{
"cve": "CVE-2025-39851",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39851"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: Fix NPD when refreshing an FDB entry with a nexthop object\n\nVXLAN FDB entries can point to either a remote destination or an FDB\nnexthop group. The latter is usually used in EVPN deployments where\nlearning is disabled.\n\nHowever, when learning is enabled, an incoming packet might try to\nrefresh an FDB entry that points to an FDB nexthop group and therefore\ndoes not have a remote. Such packets should be dropped, but they are\nonly dropped after dereferencing the non-existent remote, resulting in a\nNPD [1] which can be reproduced using [2].\n\nFix by dropping such packets earlier. Remove the misleading comment from\nfirst_remote_rcu().\n\n[1]\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n[...]\nCPU: 13 UID: 0 PID: 361 Comm: mausezahn Not tainted 6.17.0-rc1-virtme-g9f6b606b6b37 #1 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-4.fc41 04/01/2014\nRIP: 0010:vxlan_snoop+0x98/0x1e0\n[...]\nCall Trace:\n \u003cTASK\u003e\n vxlan_encap_bypass+0x209/0x240\n encap_bypass_if_local+0xb1/0x100\n vxlan_xmit_one+0x1375/0x17e0\n vxlan_xmit+0x6b4/0x15f0\n dev_hard_start_xmit+0x5d/0x1c0\n __dev_queue_xmit+0x246/0xfd0\n packet_sendmsg+0x113a/0x1850\n __sock_sendmsg+0x38/0x70\n __sys_sendto+0x126/0x180\n __x64_sys_sendto+0x24/0x30\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n[2]\n #!/bin/bash\n\n ip address add 192.0.2.1/32 dev lo\n ip address add 192.0.2.2/32 dev lo\n\n ip nexthop add id 1 via 192.0.2.3 fdb\n ip nexthop add id 10 group 1 fdb\n\n ip link add name vx0 up type vxlan id 10010 local 192.0.2.1 dstport 12345 localbypass\n ip link add name vx1 up type vxlan id 10020 local 192.0.2.2 dstport 54321 learning\n\n bridge fdb add 00:11:22:33:44:55 dev vx0 self static dst 192.0.2.2 port 54321 vni 10020\n bridge fdb add 00:aa:bb:cc:dd:ee dev vx1 self static nhid 10\n\n mausezahn vx0 -a 00:aa:bb:cc:dd:ee -b 00:11:22:33:44:55 -c 1 -q",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39851",
"url": "https://www.suse.com/security/cve/CVE-2025-39851"
},
{
"category": "external",
"summary": "SUSE Bug 1250296 for CVE-2025-39851",
"url": "https://bugzilla.suse.com/1250296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39851"
},
{
"cve": "CVE-2025-39852",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39852"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/tcp: Fix socket memory leak in TCP-AO failure handling for IPv6\n\nWhen tcp_ao_copy_all_matching() fails in tcp_v6_syn_recv_sock() it just\nexits the function. This ends up causing a memory-leak:\n\nunreferenced object 0xffff0000281a8200 (size 2496):\n comm \"softirq\", pid 0, jiffies 4295174684\n hex dump (first 32 bytes):\n 7f 00 00 06 7f 00 00 06 00 00 00 00 cb a8 88 13 ................\n 0a 00 03 61 00 00 00 00 00 00 00 00 00 00 00 00 ...a............\n backtrace (crc 5ebdbe15):\n kmemleak_alloc+0x44/0xe0\n kmem_cache_alloc_noprof+0x248/0x470\n sk_prot_alloc+0x48/0x120\n sk_clone_lock+0x38/0x3b0\n inet_csk_clone_lock+0x34/0x150\n tcp_create_openreq_child+0x3c/0x4a8\n tcp_v6_syn_recv_sock+0x1c0/0x620\n tcp_check_req+0x588/0x790\n tcp_v6_rcv+0x5d0/0xc18\n ip6_protocol_deliver_rcu+0x2d8/0x4c0\n ip6_input_finish+0x74/0x148\n ip6_input+0x50/0x118\n ip6_sublist_rcv+0x2fc/0x3b0\n ipv6_list_rcv+0x114/0x170\n __netif_receive_skb_list_core+0x16c/0x200\n netif_receive_skb_list_internal+0x1f0/0x2d0\n\nThis is because in tcp_v6_syn_recv_sock (and the IPv4 counterpart), when\nexiting upon error, inet_csk_prepare_forced_close() and tcp_done() need\nto be called. They make sure the newsk will end up being correctly\nfree\u0027d.\n\ntcp_v4_syn_recv_sock() makes this very clear by having the put_and_exit\nlabel that takes care of things. So, this patch here makes sure\ntcp_v4_syn_recv_sock and tcp_v6_syn_recv_sock have similar\nerror-handling and thus fixes the leak for TCP-AO.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39852",
"url": "https://www.suse.com/security/cve/CVE-2025-39852"
},
{
"category": "external",
"summary": "SUSE Bug 1250258 for CVE-2025-39852",
"url": "https://bugzilla.suse.com/1250258"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39852"
},
{
"cve": "CVE-2025-39853",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39853"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: Fix potential invalid access when MAC list is empty\n\nlist_first_entry() never returns NULL - if the list is empty, it still\nreturns a pointer to an invalid object, leading to potential invalid\nmemory access when dereferenced.\n\nFix this by using list_first_entry_or_null instead of list_first_entry.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39853",
"url": "https://www.suse.com/security/cve/CVE-2025-39853"
},
{
"category": "external",
"summary": "SUSE Bug 1250275 for CVE-2025-39853",
"url": "https://bugzilla.suse.com/1250275"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39853"
},
{
"cve": "CVE-2025-39854",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39854"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix NULL access of tx-\u003ein_use in ice_ll_ts_intr\n\nRecent versions of the E810 firmware have support for an extra interrupt to\nhandle report of the \"low latency\" Tx timestamps coming from the\nspecialized low latency firmware interface. Instead of polling the\nregisters, software can wait until the low latency interrupt is fired.\n\nThis logic makes use of the Tx timestamp tracking structure, ice_ptp_tx, as\nit uses the same \"ready\" bitmap to track which Tx timestamps complete.\n\nUnfortunately, the ice_ll_ts_intr() function does not check if the\ntracker is initialized before its first access. This results in NULL\ndereference or use-after-free bugs similar to the issues fixed in the\nice_ptp_ts_irq() function.\n\nFix this by only checking the in_use bitmap (and other fields) if the\ntracker is marked as initialized. The reset flow will clear the init field\nunder lock before it tears the tracker down, thus preventing any\nuse-after-free or NULL access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39854",
"url": "https://www.suse.com/security/cve/CVE-2025-39854"
},
{
"category": "external",
"summary": "SUSE Bug 1250297 for CVE-2025-39854",
"url": "https://bugzilla.suse.com/1250297"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39854"
},
{
"cve": "CVE-2025-39857",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39857"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync()\n\nBUG: kernel NULL pointer dereference, address: 00000000000002ec\nPGD 0 P4D 0\nOops: Oops: 0000 [#1] SMP PTI\nCPU: 28 UID: 0 PID: 343 Comm: kworker/28:1 Kdump: loaded Tainted: G OE 6.17.0-rc2+ #9 NONE\nTainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\nWorkqueue: smc_hs_wq smc_listen_work [smc]\nRIP: 0010:smc_ib_is_sg_need_sync+0x9e/0xd0 [smc]\n...\nCall Trace:\n \u003cTASK\u003e\n smcr_buf_map_link+0x211/0x2a0 [smc]\n __smc_buf_create+0x522/0x970 [smc]\n smc_buf_create+0x3a/0x110 [smc]\n smc_find_rdma_v2_device_serv+0x18f/0x240 [smc]\n ? smc_vlan_by_tcpsk+0x7e/0xe0 [smc]\n smc_listen_find_device+0x1dd/0x2b0 [smc]\n smc_listen_work+0x30f/0x580 [smc]\n process_one_work+0x18c/0x340\n worker_thread+0x242/0x360\n kthread+0xe7/0x220\n ret_from_fork+0x13a/0x160\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nIf the software RoCE device is used, ibdev-\u003edma_device is a null pointer.\nAs a result, the problem occurs. Null pointer detection is added to\nprevent problems.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39857",
"url": "https://www.suse.com/security/cve/CVE-2025-39857"
},
{
"category": "external",
"summary": "SUSE Bug 1250251 for CVE-2025-39857",
"url": "https://bugzilla.suse.com/1250251"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39857"
},
{
"cve": "CVE-2025-39860",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39860"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix use-after-free in l2cap_sock_cleanup_listen()\n\nsyzbot reported the splat below without a repro.\n\nIn the splat, a single thread calling bt_accept_dequeue() freed sk\nand touched it after that.\n\nThe root cause would be the racy l2cap_sock_cleanup_listen() call\nadded by the cited commit.\n\nbt_accept_dequeue() is called under lock_sock() except for\nl2cap_sock_release().\n\nTwo threads could see the same socket during the list iteration\nin bt_accept_dequeue():\n\n CPU1 CPU2 (close())\n ---- ----\n sock_hold(sk) sock_hold(sk);\n lock_sock(sk) \u003c-- block close()\n sock_put(sk)\n bt_accept_unlink(sk)\n sock_put(sk) \u003c-- refcnt by bt_accept_enqueue()\n release_sock(sk)\n lock_sock(sk)\n sock_put(sk)\n bt_accept_unlink(sk)\n sock_put(sk) \u003c-- last refcnt\n bt_accept_unlink(sk) \u003c-- UAF\n\nDepending on the timing, the other thread could show up in the\n\"Freed by task\" part.\n\nLet\u0027s call l2cap_sock_cleanup_listen() under lock_sock() in\nl2cap_sock_release().\n\n[0]:\nBUG: KASAN: slab-use-after-free in debug_spin_lock_before kernel/locking/spinlock_debug.c:86 [inline]\nBUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x26f/0x2b0 kernel/locking/spinlock_debug.c:115\nRead of size 4 at addr ffff88803b7eb1c4 by task syz.5.3276/16995\nCPU: 3 UID: 0 PID: 16995 Comm: syz.5.3276 Not tainted syzkaller #0 PREEMPT(full)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xcd/0x630 mm/kasan/report.c:482\n kasan_report+0xe0/0x110 mm/kasan/report.c:595\n debug_spin_lock_before kernel/locking/spinlock_debug.c:86 [inline]\n do_raw_spin_lock+0x26f/0x2b0 kernel/locking/spinlock_debug.c:115\n spin_lock_bh include/linux/spinlock.h:356 [inline]\n release_sock+0x21/0x220 net/core/sock.c:3746\n bt_accept_dequeue+0x505/0x600 net/bluetooth/af_bluetooth.c:312\n l2cap_sock_cleanup_listen+0x5c/0x2a0 net/bluetooth/l2cap_sock.c:1451\n l2cap_sock_release+0x5c/0x210 net/bluetooth/l2cap_sock.c:1425\n __sock_release+0xb3/0x270 net/socket.c:649\n sock_close+0x1c/0x30 net/socket.c:1439\n __fput+0x3ff/0xb70 fs/file_table.c:468\n task_work_run+0x14d/0x240 kernel/task_work.c:227\n resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]\n exit_to_user_mode_loop+0xeb/0x110 kernel/entry/common.c:43\n exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]\n syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline]\n syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline]\n do_syscall_64+0x3f6/0x4c0 arch/x86/entry/syscall_64.c:100\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f2accf8ebe9\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffdb6cb1378 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4\nRAX: 0000000000000000 RBX: 00000000000426fb RCX: 00007f2accf8ebe9\nRDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003\nRBP: 00007f2acd1b7da0 R08: 0000000000000001 R09: 00000012b6cb166f\nR10: 0000001b30e20000 R11: 0000000000000246 R12: 00007f2acd1b609c\nR13: 00007f2acd1b6090 R14: ffffffffffffffff R15: 00007ffdb6cb1490\n \u003c/TASK\u003e\n\nAllocated by task 5326:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:388 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:405\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4365 [inline]\n __kmalloc_nopro\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39860",
"url": "https://www.suse.com/security/cve/CVE-2025-39860"
},
{
"category": "external",
"summary": "SUSE Bug 1250247 for CVE-2025-39860",
"url": "https://bugzilla.suse.com/1250247"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39860"
},
{
"cve": "CVE-2025-39861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39861"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: vhci: Prevent use-after-free by removing debugfs files early\n\nMove the creation of debugfs files into a dedicated function, and ensure\nthey are explicitly removed during vhci_release(), before associated\ndata structures are freed.\n\nPreviously, debugfs files such as \"force_suspend\", \"force_wakeup\", and\nothers were created under hdev-\u003edebugfs but not removed in\nvhci_release(). Since vhci_release() frees the backing vhci_data\nstructure, any access to these files after release would result in\nuse-after-free errors.\n\nAlthough hdev-\u003edebugfs is later freed in hci_release_dev(), user can\naccess files after vhci_data is freed but before hdev-\u003edebugfs is\nreleased.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39861",
"url": "https://www.suse.com/security/cve/CVE-2025-39861"
},
{
"category": "external",
"summary": "SUSE Bug 1250249 for CVE-2025-39861",
"url": "https://bugzilla.suse.com/1250249"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39861"
},
{
"cve": "CVE-2025-39863",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39863"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work\n\nThe brcmf_btcoex_detach() only shuts down the btcoex timer, if the\nflag timer_on is false. However, the brcmf_btcoex_timerfunc(), which\nruns as timer handler, sets timer_on to false. This creates critical\nrace conditions:\n\n1.If brcmf_btcoex_detach() is called while brcmf_btcoex_timerfunc()\nis executing, it may observe timer_on as false and skip the call to\ntimer_shutdown_sync().\n\n2.The brcmf_btcoex_timerfunc() may then reschedule the brcmf_btcoex_info\nworker after the cancel_work_sync() has been executed, resulting in\nuse-after-free bugs.\n\nThe use-after-free bugs occur in two distinct scenarios, depending on\nthe timing of when the brcmf_btcoex_info struct is freed relative to\nthe execution of its worker thread.\n\nScenario 1: Freed before the worker is scheduled\n\nThe brcmf_btcoex_info is deallocated before the worker is scheduled.\nA race condition can occur when schedule_work(\u0026bt_local-\u003ework) is\ncalled after the target memory has been freed. The sequence of events\nis detailed below:\n\nCPU0 | CPU1\nbrcmf_btcoex_detach | brcmf_btcoex_timerfunc\n | bt_local-\u003etimer_on = false;\n if (cfg-\u003ebtcoex-\u003etimer_on) |\n ... |\n cancel_work_sync(); |\n ... |\n kfree(cfg-\u003ebtcoex); // FREE |\n | schedule_work(\u0026bt_local-\u003ework); // USE\n\nScenario 2: Freed after the worker is scheduled\n\nThe brcmf_btcoex_info is freed after the worker has been scheduled\nbut before or during its execution. In this case, statements within\nthe brcmf_btcoex_handler() - such as the container_of macro and\nsubsequent dereferences of the brcmf_btcoex_info object will cause\na use-after-free access. The following timeline illustrates this\nscenario:\n\nCPU0 | CPU1\nbrcmf_btcoex_detach | brcmf_btcoex_timerfunc\n | bt_local-\u003etimer_on = false;\n if (cfg-\u003ebtcoex-\u003etimer_on) |\n ... |\n cancel_work_sync(); |\n ... | schedule_work(); // Reschedule\n |\n kfree(cfg-\u003ebtcoex); // FREE | brcmf_btcoex_handler() // Worker\n /* | btci = container_of(....); // USE\n The kfree() above could | ...\n also occur at any point | btci-\u003e // USE\n during the worker\u0027s execution|\n */ |\n\nTo resolve the race conditions, drop the conditional check and call\ntimer_shutdown_sync() directly. It can deactivate the timer reliably,\nregardless of its current state. Once stopped, the timer_on state is\nthen set to false.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39863",
"url": "https://www.suse.com/security/cve/CVE-2025-39863"
},
{
"category": "external",
"summary": "SUSE Bug 1250281 for CVE-2025-39863",
"url": "https://bugzilla.suse.com/1250281"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39863"
},
{
"cve": "CVE-2025-39864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39864"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: fix use-after-free in cmp_bss()\n\nFollowing bss_free() quirk introduced in commit 776b3580178f\n(\"cfg80211: track hidden SSID networks properly\"), adjust\ncfg80211_update_known_bss() to free the last beacon frame\nelements only if they\u0027re not shared via the corresponding\n\u0027hidden_beacon_bss\u0027 pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39864",
"url": "https://www.suse.com/security/cve/CVE-2025-39864"
},
{
"category": "external",
"summary": "SUSE Bug 1250242 for CVE-2025-39864",
"url": "https://bugzilla.suse.com/1250242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39864"
},
{
"cve": "CVE-2025-39865",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39865"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntee: fix NULL pointer dereference in tee_shm_put\n\ntee_shm_put have NULL pointer dereference:\n\n__optee_disable_shm_cache --\u003e\n\tshm = reg_pair_to_ptr(...);//shm maybe return NULL\n tee_shm_free(shm); --\u003e\n\t\ttee_shm_put(shm);//crash\n\nAdd check in tee_shm_put to fix it.\n\npanic log:\nUnable to handle kernel paging request at virtual address 0000000000100cca\nMem abort info:\nESR = 0x0000000096000004\nEC = 0x25: DABT (current EL), IL = 32 bits\nSET = 0, FnV = 0\nEA = 0, S1PTW = 0\nFSC = 0x04: level 0 translation fault\nData abort info:\nISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\nCM = 0, WnR = 0, TnD = 0, TagAccess = 0\nGCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\nuser pgtable: 4k pages, 48-bit VAs, pgdp=0000002049d07000\n[0000000000100cca] pgd=0000000000000000, p4d=0000000000000000\nInternal error: Oops: 0000000096000004 [#1] SMP\nCPU: 2 PID: 14442 Comm: systemd-sleep Tainted: P OE ------- ----\n6.6.0-39-generic #38\nSource Version: 938b255f6cb8817c95b0dd5c8c2944acfce94b07\nHardware name: greatwall GW-001Y1A-FTH, BIOS Great Wall BIOS V3.0\n10/26/2022\npstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : tee_shm_put+0x24/0x188\nlr : tee_shm_free+0x14/0x28\nsp : ffff001f98f9faf0\nx29: ffff001f98f9faf0 x28: ffff0020df543cc0 x27: 0000000000000000\nx26: ffff001f811344a0 x25: ffff8000818dac00 x24: ffff800082d8d048\nx23: ffff001f850fcd18 x22: 0000000000000001 x21: ffff001f98f9fb88\nx20: ffff001f83e76218 x19: ffff001f83e761e0 x18: 000000000000ffff\nx17: 303a30303a303030 x16: 0000000000000000 x15: 0000000000000003\nx14: 0000000000000001 x13: 0000000000000000 x12: 0101010101010101\nx11: 0000000000000001 x10: 0000000000000001 x9 : ffff800080e08d0c\nx8 : ffff001f98f9fb88 x7 : 0000000000000000 x6 : 0000000000000000\nx5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000\nx2 : ffff001f83e761e0 x1 : 00000000ffff001f x0 : 0000000000100cca\nCall trace:\ntee_shm_put+0x24/0x188\ntee_shm_free+0x14/0x28\n__optee_disable_shm_cache+0xa8/0x108\noptee_shutdown+0x28/0x38\nplatform_shutdown+0x28/0x40\ndevice_shutdown+0x144/0x2b0\nkernel_power_off+0x3c/0x80\nhibernate+0x35c/0x388\nstate_store+0x64/0x80\nkobj_attr_store+0x14/0x28\nsysfs_kf_write+0x48/0x60\nkernfs_fop_write_iter+0x128/0x1c0\nvfs_write+0x270/0x370\nksys_write+0x6c/0x100\n__arm64_sys_write+0x20/0x30\ninvoke_syscall+0x4c/0x120\nel0_svc_common.constprop.0+0x44/0xf0\ndo_el0_svc+0x24/0x38\nel0_svc+0x24/0x88\nel0t_64_sync_handler+0x134/0x150\nel0t_64_sync+0x14c/0x15",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39865",
"url": "https://www.suse.com/security/cve/CVE-2025-39865"
},
{
"category": "external",
"summary": "SUSE Bug 1250294 for CVE-2025-39865",
"url": "https://bugzilla.suse.com/1250294"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39865"
},
{
"cve": "CVE-2025-39869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39869"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: ti: edma: Fix memory allocation size for queue_priority_map\n\nFix a critical memory allocation bug in edma_setup_from_hw() where\nqueue_priority_map was allocated with insufficient memory. The code\ndeclared queue_priority_map as s8 (*)[2] (pointer to array of 2 s8),\nbut allocated memory using sizeof(s8) instead of the correct size.\n\nThis caused out-of-bounds memory writes when accessing:\n queue_priority_map[i][0] = i;\n queue_priority_map[i][1] = i;\n\nThe bug manifested as kernel crashes with \"Oops - undefined instruction\"\non ARM platforms (BeagleBoard-X15) during EDMA driver probe, as the\nmemory corruption triggered kernel hardening features on Clang.\n\nChange the allocation to use sizeof(*queue_priority_map) which\nautomatically gets the correct size for the 2D array structure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39869",
"url": "https://www.suse.com/security/cve/CVE-2025-39869"
},
{
"category": "external",
"summary": "SUSE Bug 1250406 for CVE-2025-39869",
"url": "https://bugzilla.suse.com/1250406"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39869"
},
{
"cve": "CVE-2025-39870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39870"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix double free in idxd_setup_wqs()\n\nThe clean up in idxd_setup_wqs() has had a couple bugs because the error\nhandling is a bit subtle. It\u0027s simpler to just re-write it in a cleaner\nway. The issues here are:\n\n1) If \"idxd-\u003emax_wqs\" is \u003c= 0 then we call put_device(conf_dev) when\n \"conf_dev\" hasn\u0027t been initialized.\n2) If kzalloc_node() fails then again \"conf_dev\" is invalid. It\u0027s\n either uninitialized or it points to the \"conf_dev\" from the\n previous iteration so it leads to a double free.\n\nIt\u0027s better to free partial loop iterations within the loop and then\nthe unwinding at the end can handle whole loop iterations. I also\nrenamed the labels to describe what the goto does and not where the goto\nwas located.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39870",
"url": "https://www.suse.com/security/cve/CVE-2025-39870"
},
{
"category": "external",
"summary": "SUSE Bug 1250402 for CVE-2025-39870",
"url": "https://bugzilla.suse.com/1250402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39870"
},
{
"cve": "CVE-2025-39871",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39871"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Remove improper idxd_free\n\nThe call to idxd_free() introduces a duplicate put_device() leading to a\nreference count underflow:\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 15 PID: 4428 at lib/refcount.c:28 refcount_warn_saturate+0xbe/0x110\n...\nCall Trace:\n \u003cTASK\u003e\n idxd_remove+0xe4/0x120 [idxd]\n pci_device_remove+0x3f/0xb0\n device_release_driver_internal+0x197/0x200\n driver_detach+0x48/0x90\n bus_remove_driver+0x74/0xf0\n pci_unregister_driver+0x2e/0xb0\n idxd_exit_module+0x34/0x7a0 [idxd]\n __do_sys_delete_module.constprop.0+0x183/0x280\n do_syscall_64+0x54/0xd70\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe idxd_unregister_devices() which is invoked at the very beginning of\nidxd_remove(), already takes care of the necessary put_device() through the\nfollowing call path:\nidxd_unregister_devices() -\u003e device_unregister() -\u003e put_device()\n\nIn addition, when CONFIG_DEBUG_KOBJECT_RELEASE is enabled, put_device() may\ntrigger asynchronous cleanup via schedule_delayed_work(). If idxd_free() is\ncalled immediately after, it can result in a use-after-free.\n\nRemove the improper idxd_free() to avoid both the refcount underflow and\npotential memory corruption during module unload.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39871",
"url": "https://www.suse.com/security/cve/CVE-2025-39871"
},
{
"category": "external",
"summary": "SUSE Bug 1250377 for CVE-2025-39871",
"url": "https://bugzilla.suse.com/1250377"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39871"
},
{
"cve": "CVE-2025-39873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39873"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB\n\ncan_put_echo_skb() takes ownership of the SKB and it may be freed\nduring or after the call.\n\nHowever, xilinx_can xcan_write_frame() keeps using SKB after the call.\n\nFix that by only calling can_put_echo_skb() after the code is done\ntouching the SKB.\n\nThe tx_lock is held for the entire xcan_write_frame() execution and\nalso on the can_get_echo_skb() side so the order of operations does not\nmatter.\n\nAn earlier fix commit 3d3c817c3a40 (\"can: xilinx_can: Fix usage of skb\nmemory\") did not move the can_put_echo_skb() call far enough.\n\n[mkl: add \"commit\" in front of sha1 in patch description]\n[mkl: fix indention]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39873",
"url": "https://www.suse.com/security/cve/CVE-2025-39873"
},
{
"category": "external",
"summary": "SUSE Bug 1250371 for CVE-2025-39873",
"url": "https://bugzilla.suse.com/1250371"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39873"
},
{
"cve": "CVE-2025-39875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39875"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nigb: Fix NULL pointer dereference in ethtool loopback test\n\nThe igb driver currently causes a NULL pointer dereference when executing\nthe ethtool loopback test. This occurs because there is no associated\nq_vector for the test ring when it is set up, as interrupts are typically\nnot added to the test rings.\n\nSince commit 5ef44b3cb43b removed the napi_id assignment in\n__xdp_rxq_info_reg(), there is no longer a need to pass a napi_id to it.\nTherefore, simply use 0 as the last parameter.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39875",
"url": "https://www.suse.com/security/cve/CVE-2025-39875"
},
{
"category": "external",
"summary": "SUSE Bug 1250398 for CVE-2025-39875",
"url": "https://bugzilla.suse.com/1250398"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39875"
},
{
"cve": "CVE-2025-39877",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39877"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/sysfs: fix use-after-free in state_show()\n\nstate_show() reads kdamond-\u003edamon_ctx without holding damon_sysfs_lock. \nThis allows a use-after-free race:\n\nCPU 0 CPU 1\n----- -----\nstate_show() damon_sysfs_turn_damon_on()\nctx = kdamond-\u003edamon_ctx; mutex_lock(\u0026damon_sysfs_lock);\n damon_destroy_ctx(kdamond-\u003edamon_ctx);\n kdamond-\u003edamon_ctx = NULL;\n mutex_unlock(\u0026damon_sysfs_lock);\ndamon_is_running(ctx); /* ctx is freed */\nmutex_lock(\u0026ctx-\u003ekdamond_lock); /* UAF */\n\n(The race can also occur with damon_sysfs_kdamonds_rm_dirs() and\ndamon_sysfs_kdamond_release(), which free or replace the context under\ndamon_sysfs_lock.)\n\nFix by taking damon_sysfs_lock before dereferencing the context, mirroring\nthe locking used in pid_show().\n\nThe bug has existed since state_show() first accessed kdamond-\u003edamon_ctx.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39877",
"url": "https://www.suse.com/security/cve/CVE-2025-39877"
},
{
"category": "external",
"summary": "SUSE Bug 1250408 for CVE-2025-39877",
"url": "https://bugzilla.suse.com/1250408"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39877"
},
{
"cve": "CVE-2025-39882",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39882"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mediatek: fix potential OF node use-after-free\n\nThe for_each_child_of_node() helper drops the reference it takes to each\nnode as it iterates over children and an explicit of_node_put() is only\nneeded when exiting the loop early.\n\nDrop the recently introduced bogus additional reference count decrement\nat each iteration that could potentially lead to a use-after-free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39882",
"url": "https://www.suse.com/security/cve/CVE-2025-39882"
},
{
"category": "external",
"summary": "SUSE Bug 1250389 for CVE-2025-39882",
"url": "https://bugzilla.suse.com/1250389"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39882"
},
{
"cve": "CVE-2025-39884",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39884"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix subvolume deletion lockup caused by inodes xarray race\n\nThere is a race condition between inode eviction and inode caching that\ncan cause a live struct btrfs_inode to be missing from the root-\u003einodes\nxarray. Specifically, there is a window during evict() between the inode\nbeing unhashed and deleted from the xarray. If btrfs_iget() is called\nfor the same inode in that window, it will be recreated and inserted\ninto the xarray, but then eviction will delete the new entry, leaving\nnothing in the xarray:\n\nThread 1 Thread 2\n---------------------------------------------------------------\nevict()\n remove_inode_hash()\n btrfs_iget_path()\n btrfs_iget_locked()\n btrfs_read_locked_inode()\n btrfs_add_inode_to_root()\n destroy_inode()\n btrfs_destroy_inode()\n btrfs_del_inode_from_root()\n __xa_erase\n\nIn turn, this can cause issues for subvolume deletion. Specifically, if\nan inode is in this lost state, and all other inodes are evicted, then\nbtrfs_del_inode_from_root() will call btrfs_add_dead_root() prematurely.\nIf the lost inode has a delayed_node attached to it, then when\nbtrfs_clean_one_deleted_snapshot() calls btrfs_kill_all_delayed_nodes(),\nit will loop forever because the delayed_nodes xarray will never become\nempty (unless memory pressure forces the inode out). We saw this\nmanifest as soft lockups in production.\n\nFix it by only deleting the xarray entry if it matches the given inode\n(using __xa_cmpxchg()).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39884",
"url": "https://www.suse.com/security/cve/CVE-2025-39884"
},
{
"category": "external",
"summary": "SUSE Bug 1250386 for CVE-2025-39884",
"url": "https://bugzilla.suse.com/1250386"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39884"
},
{
"cve": "CVE-2025-39885",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39885"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix recursive semaphore deadlock in fiemap call\n\nsyzbot detected a OCFS2 hang due to a recursive semaphore on a\nFS_IOC_FIEMAP of the extent list on a specially crafted mmap file.\n\ncontext_switch kernel/sched/core.c:5357 [inline]\n __schedule+0x1798/0x4cc0 kernel/sched/core.c:6961\n __schedule_loop kernel/sched/core.c:7043 [inline]\n schedule+0x165/0x360 kernel/sched/core.c:7058\n schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7115\n rwsem_down_write_slowpath+0x872/0xfe0 kernel/locking/rwsem.c:1185\n __down_write_common kernel/locking/rwsem.c:1317 [inline]\n __down_write kernel/locking/rwsem.c:1326 [inline]\n down_write+0x1ab/0x1f0 kernel/locking/rwsem.c:1591\n ocfs2_page_mkwrite+0x2ff/0xc40 fs/ocfs2/mmap.c:142\n do_page_mkwrite+0x14d/0x310 mm/memory.c:3361\n wp_page_shared mm/memory.c:3762 [inline]\n do_wp_page+0x268d/0x5800 mm/memory.c:3981\n handle_pte_fault mm/memory.c:6068 [inline]\n __handle_mm_fault+0x1033/0x5440 mm/memory.c:6195\n handle_mm_fault+0x40a/0x8e0 mm/memory.c:6364\n do_user_addr_fault+0x764/0x1390 arch/x86/mm/fault.c:1387\n handle_page_fault arch/x86/mm/fault.c:1476 [inline]\n exc_page_fault+0x76/0xf0 arch/x86/mm/fault.c:1532\n asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623\nRIP: 0010:copy_user_generic arch/x86/include/asm/uaccess_64.h:126 [inline]\nRIP: 0010:raw_copy_to_user arch/x86/include/asm/uaccess_64.h:147 [inline]\nRIP: 0010:_inline_copy_to_user include/linux/uaccess.h:197 [inline]\nRIP: 0010:_copy_to_user+0x85/0xb0 lib/usercopy.c:26\nCode: e8 00 bc f7 fc 4d 39 fc 72 3d 4d 39 ec 77 38 e8 91 b9 f7 fc 4c 89\nf7 89 de e8 47 25 5b fd 0f 01 cb 4c 89 ff 48 89 d9 4c 89 f6 \u003cf3\u003e a4 0f\n1f 00 48 89 cb 0f 01 ca 48 89 d8 5b 41 5c 41 5d 41 5e 41\nRSP: 0018:ffffc9000403f950 EFLAGS: 00050256\nRAX: ffffffff84c7f101 RBX: 0000000000000038 RCX: 0000000000000038\nRDX: 0000000000000000 RSI: ffffc9000403f9e0 RDI: 0000200000000060\nRBP: ffffc9000403fa90 R08: ffffc9000403fa17 R09: 1ffff92000807f42\nR10: dffffc0000000000 R11: fffff52000807f43 R12: 0000200000000098\nR13: 00007ffffffff000 R14: ffffc9000403f9e0 R15: 0000200000000060\n copy_to_user include/linux/uaccess.h:225 [inline]\n fiemap_fill_next_extent+0x1c0/0x390 fs/ioctl.c:145\n ocfs2_fiemap+0x888/0xc90 fs/ocfs2/extent_map.c:806\n ioctl_fiemap fs/ioctl.c:220 [inline]\n do_vfs_ioctl+0x1173/0x1430 fs/ioctl.c:532\n __do_sys_ioctl fs/ioctl.c:596 [inline]\n __se_sys_ioctl+0x82/0x170 fs/ioctl.c:584\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f5f13850fd9\nRSP: 002b:00007ffe3b3518b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 0000200000000000 RCX: 00007f5f13850fd9\nRDX: 0000200000000040 RSI: 00000000c020660b RDI: 0000000000000004\nRBP: 6165627472616568 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe3b3518f0\nR13: 00007ffe3b351b18 R14: 431bde82d7b634db R15: 00007f5f1389a03b\n\nocfs2_fiemap() takes a read lock of the ip_alloc_sem semaphore (since\nv2.6.22-527-g7307de80510a) and calls fiemap_fill_next_extent() to read the\nextent list of this running mmap executable. The user supplied buffer to\nhold the fiemap information page faults calling ocfs2_page_mkwrite() which\nwill take a write lock (since v2.6.27-38-g00dc417fa3e7) of the same\nsemaphore. This recursive semaphore will hold filesystem locks and causes\na hang of the fileystem.\n\nThe ip_alloc_sem protects the inode extent list and size. Release the\nread semphore before calling fiemap_fill_next_extent() in ocfs2_fiemap()\nand ocfs2_fiemap_inline(). This does an unnecessary semaphore lock/unlock\non the last extent but simplifies the error path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39885",
"url": "https://www.suse.com/security/cve/CVE-2025-39885"
},
{
"category": "external",
"summary": "SUSE Bug 1250407 for CVE-2025-39885",
"url": "https://bugzilla.suse.com/1250407"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39885"
},
{
"cve": "CVE-2025-39889",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39889"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: l2cap: Check encryption key size on incoming connection\n\nThis is required for passing GAP/SEC/SEM/BI-04-C PTS test case:\n Security Mode 4 Level 4, Responder - Invalid Encryption Key Size\n - 128 bit\n\nThis tests the security key with size from 1 to 15 bytes while the\nSecurity Mode 4 Level 4 requests 16 bytes key size.\n\nCurrently PTS fails with the following logs:\n- expected:Connection Response:\n Code: [3 (0x03)] Code\n Identifier: (lt)WildCard: Exists(gt)\n Length: [8 (0x0008)]\n Destination CID: (lt)WildCard: Exists(gt)\n Source CID: [64 (0x0040)]\n Result: [3 (0x0003)] Connection refused - Security block\n Status: (lt)WildCard: Exists(gt),\nbut received:Connection Response:\n Code: [3 (0x03)] Code\n Identifier: [1 (0x01)]\n Length: [8 (0x0008)]\n Destination CID: [64 (0x0040)]\n Source CID: [64 (0x0040)]\n Result: [0 (0x0000)] Connection Successful\n Status: [0 (0x0000)] No further information available\n\nAnd HCI logs:\n\u003c HCI Command: Read Encrypti.. (0x05|0x0008) plen 2\n Handle: 14 Address: 00:1B:DC:F2:24:10 (Vencer Co., Ltd.)\n\u003e HCI Event: Command Complete (0x0e) plen 7\n Read Encryption Key Size (0x05|0x0008) ncmd 1\n Status: Success (0x00)\n Handle: 14 Address: 00:1B:DC:F2:24:10 (Vencer Co., Ltd.)\n Key size: 7\n\u003e ACL Data RX: Handle 14 flags 0x02 dlen 12\n L2CAP: Connection Request (0x02) ident 1 len 4\n PSM: 4097 (0x1001)\n Source CID: 64\n\u003c ACL Data TX: Handle 14 flags 0x00 dlen 16\n L2CAP: Connection Response (0x03) ident 1 len 8\n Destination CID: 64\n Source CID: 64\n Result: Connection successful (0x0000)\n Status: No further information available (0x0000)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39889",
"url": "https://www.suse.com/security/cve/CVE-2025-39889"
},
{
"category": "external",
"summary": "SUSE Bug 1249833 for CVE-2025-39889",
"url": "https://bugzilla.suse.com/1249833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39889"
},
{
"cve": "CVE-2025-39890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39890"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix memory leak in ath12k_service_ready_ext_event\n\nCurrently, in ath12k_service_ready_ext_event(), svc_rdy_ext.mac_phy_caps\nis not freed in the failure case, causing a memory leak. The following\ntrace is observed in kmemleak:\n\nunreferenced object 0xffff8b3eb5789c00 (size 1024):\n comm \"softirq\", pid 0, jiffies 4294942577\n hex dump (first 32 bytes):\n 00 00 00 00 01 00 00 00 00 00 00 00 7b 00 00 10 ............{...\n 01 00 00 00 00 00 00 00 01 00 00 00 1f 38 00 00 .............8..\n backtrace (crc 44e1c357):\n __kmalloc_noprof+0x30b/0x410\n ath12k_wmi_mac_phy_caps_parse+0x84/0x100 [ath12k]\n ath12k_wmi_tlv_iter+0x5e/0x140 [ath12k]\n ath12k_wmi_svc_rdy_ext_parse+0x308/0x4c0 [ath12k]\n ath12k_wmi_tlv_iter+0x5e/0x140 [ath12k]\n ath12k_service_ready_ext_event.isra.0+0x44/0xd0 [ath12k]\n ath12k_wmi_op_rx+0x2eb/0xd70 [ath12k]\n ath12k_htc_rx_completion_handler+0x1f4/0x330 [ath12k]\n ath12k_ce_recv_process_cb+0x218/0x300 [ath12k]\n ath12k_pci_ce_workqueue+0x1b/0x30 [ath12k]\n process_one_work+0x219/0x680\n bh_worker+0x198/0x1f0\n tasklet_action+0x13/0x30\n handle_softirqs+0xca/0x460\n __irq_exit_rcu+0xbe/0x110\n irq_exit_rcu+0x9/0x30\n\nFree svc_rdy_ext.mac_phy_caps in the error case to fix this memory leak.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.4.1-00199-QCAHKSWPL_SILICONZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39890",
"url": "https://www.suse.com/security/cve/CVE-2025-39890"
},
{
"category": "external",
"summary": "SUSE Bug 1250334 for CVE-2025-39890",
"url": "https://bugzilla.suse.com/1250334"
},
{
"category": "external",
"summary": "SUSE Bug 1250488 for CVE-2025-39890",
"url": "https://bugzilla.suse.com/1250488"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-39890"
},
{
"cve": "CVE-2025-39891",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39891"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Initialize the chan_stats array to zero\n\nThe adapter-\u003echan_stats[] array is initialized in\nmwifiex_init_channel_scan_gap() with vmalloc(), which doesn\u0027t zero out\nmemory. The array is filled in mwifiex_update_chan_statistics()\nand then the user can query the data in mwifiex_cfg80211_dump_survey().\n\nThere are two potential issues here. What if the user calls\nmwifiex_cfg80211_dump_survey() before the data has been filled in.\nAlso the mwifiex_update_chan_statistics() function doesn\u0027t necessarily\ninitialize the whole array. Since the array was not initialized at\nthe start that could result in an information leak.\n\nAlso this array is pretty small. It\u0027s a maximum of 900 bytes so it\u0027s\nmore appropriate to use kcalloc() instead vmalloc().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39891",
"url": "https://www.suse.com/security/cve/CVE-2025-39891"
},
{
"category": "external",
"summary": "SUSE Bug 1250712 for CVE-2025-39891",
"url": "https://bugzilla.suse.com/1250712"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39891"
},
{
"cve": "CVE-2025-39896",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39896"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/ivpu: Prevent recovery work from being queued during device removal\n\nUse disable_work_sync() instead of cancel_work_sync() in ivpu_dev_fini()\nto ensure that no new recovery work items can be queued after device\nremoval has started. Previously, recovery work could be scheduled even\nafter canceling existing work, potentially leading to use-after-free\nbugs if recovery accessed freed resources.\n\nRename ivpu_pm_cancel_recovery() to ivpu_pm_disable_recovery() to better\nreflect its new behavior.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39896",
"url": "https://www.suse.com/security/cve/CVE-2025-39896"
},
{
"category": "external",
"summary": "SUSE Bug 1250716 for CVE-2025-39896",
"url": "https://bugzilla.suse.com/1250716"
},
{
"category": "external",
"summary": "SUSE Bug 1250717 for CVE-2025-39896",
"url": "https://bugzilla.suse.com/1250717"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-39896"
},
{
"cve": "CVE-2025-39898",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39898"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39898",
"url": "https://www.suse.com/security/cve/CVE-2025-39898"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-39898",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1250742 for CVE-2025-39898",
"url": "https://bugzilla.suse.com/1250742"
},
{
"category": "external",
"summary": "SUSE Bug 1250744 for CVE-2025-39898",
"url": "https://bugzilla.suse.com/1250744"
},
{
"category": "external",
"summary": "SUSE Bug 1253291 for CVE-2025-39898",
"url": "https://bugzilla.suse.com/1253291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "important"
}
],
"title": "CVE-2025-39898"
},
{
"cve": "CVE-2025-39899",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39899"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/userfaultfd: fix kmap_local LIFO ordering for CONFIG_HIGHPTE\n\nWith CONFIG_HIGHPTE on 32-bit ARM, move_pages_pte() maps PTE pages using\nkmap_local_page(), which requires unmapping in Last-In-First-Out order.\n\nThe current code maps dst_pte first, then src_pte, but unmaps them in the\nsame order (dst_pte, src_pte), violating the LIFO requirement. This\ncauses the warning in kunmap_local_indexed():\n\n WARNING: CPU: 0 PID: 604 at mm/highmem.c:622 kunmap_local_indexed+0x178/0x17c\n addr \\!= __fix_to_virt(FIX_KMAP_BEGIN + idx)\n\nFix this by reversing the unmap order to respect LIFO ordering.\n\nThis issue follows the same pattern as similar fixes:\n- commit eca6828403b8 (\"crypto: skcipher - fix mismatch between mapping and unmapping order\")\n- commit 8cf57c6df818 (\"nilfs2: eliminate staggered calls to kunmap in nilfs_rename\")\n\nBoth of which addressed the same fundamental requirement that kmap_local\noperations must follow LIFO ordering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39899",
"url": "https://www.suse.com/security/cve/CVE-2025-39899"
},
{
"category": "external",
"summary": "SUSE Bug 1250739 for CVE-2025-39899",
"url": "https://bugzilla.suse.com/1250739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39899"
},
{
"cve": "CVE-2025-39900",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39900"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: gen_estimator: fix est_timer() vs CONFIG_PREEMPT_RT=y\n\nsyzbot reported a WARNING in est_timer() [1]\n\nProblem here is that with CONFIG_PREEMPT_RT=y, timer callbacks\ncan be preempted.\n\nAdopt preempt_disable_nested()/preempt_enable_nested() to fix this.\n\n[1]\n WARNING: CPU: 0 PID: 16 at ./include/linux/seqlock.h:221 __seqprop_assert include/linux/seqlock.h:221 [inline]\n WARNING: CPU: 0 PID: 16 at ./include/linux/seqlock.h:221 est_timer+0x6dc/0x9f0 net/core/gen_estimator.c:93\nModules linked in:\nCPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)}\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025\n RIP: 0010:__seqprop_assert include/linux/seqlock.h:221 [inline]\n RIP: 0010:est_timer+0x6dc/0x9f0 net/core/gen_estimator.c:93\nCall Trace:\n \u003cTASK\u003e\n call_timer_fn+0x17e/0x5f0 kernel/time/timer.c:1747\n expire_timers kernel/time/timer.c:1798 [inline]\n __run_timers kernel/time/timer.c:2372 [inline]\n __run_timer_base+0x648/0x970 kernel/time/timer.c:2384\n run_timer_base kernel/time/timer.c:2393 [inline]\n run_timer_softirq+0xb7/0x180 kernel/time/timer.c:2403\n handle_softirqs+0x22c/0x710 kernel/softirq.c:579\n __do_softirq kernel/softirq.c:613 [inline]\n run_ktimerd+0xcf/0x190 kernel/softirq.c:1043\n smpboot_thread_fn+0x53f/0xa60 kernel/smpboot.c:160\n kthread+0x70e/0x8a0 kernel/kthread.c:463\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39900",
"url": "https://www.suse.com/security/cve/CVE-2025-39900"
},
{
"category": "external",
"summary": "SUSE Bug 1250758 for CVE-2025-39900",
"url": "https://bugzilla.suse.com/1250758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39900"
},
{
"cve": "CVE-2025-39902",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39902"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/slub: avoid accessing metadata when pointer is invalid in object_err()\n\nobject_err() reports details of an object for further debugging, such as\nthe freelist pointer, redzone, etc. However, if the pointer is invalid,\nattempting to access object metadata can lead to a crash since it does\nnot point to a valid object.\n\nOne known path to the crash is when alloc_consistency_checks()\ndetermines the pointer to the allocated object is invalid because of a\nfreelist corruption, and calls object_err() to report it. The debug code\nshould report and handle the corruption gracefully and not crash in the\nprocess.\n\nIn case the pointer is NULL or check_valid_pointer() returns false for\nthe pointer, only print the pointer value and skip accessing metadata.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39902",
"url": "https://www.suse.com/security/cve/CVE-2025-39902"
},
{
"category": "external",
"summary": "SUSE Bug 1250702 for CVE-2025-39902",
"url": "https://bugzilla.suse.com/1250702"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39902"
},
{
"cve": "CVE-2025-39907",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39907"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer\n\nAvoid below overlapping mappings by using a contiguous\nnon-cacheable buffer.\n\n[ 4.077708] DMA-API: stm32_fmc2_nfc 48810000.nand-controller: cacheline tracking EEXIST,\noverlapping mappings aren\u0027t supported\n[ 4.089103] WARNING: CPU: 1 PID: 44 at kernel/dma/debug.c:568 add_dma_entry+0x23c/0x300\n[ 4.097071] Modules linked in:\n[ 4.100101] CPU: 1 PID: 44 Comm: kworker/u4:2 Not tainted 6.1.82 #1\n[ 4.106346] Hardware name: STMicroelectronics STM32MP257F VALID1 SNOR / MB1704 (LPDDR4 Power discrete) + MB1703 + MB1708 (SNOR MB1730) (DT)\n[ 4.118824] Workqueue: events_unbound deferred_probe_work_func\n[ 4.124674] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 4.131624] pc : add_dma_entry+0x23c/0x300\n[ 4.135658] lr : add_dma_entry+0x23c/0x300\n[ 4.139792] sp : ffff800009dbb490\n[ 4.143016] x29: ffff800009dbb4a0 x28: 0000000004008022 x27: ffff8000098a6000\n[ 4.150174] x26: 0000000000000000 x25: ffff8000099e7000 x24: ffff8000099e7de8\n[ 4.157231] x23: 00000000ffffffff x22: 0000000000000000 x21: ffff8000098a6a20\n[ 4.164388] x20: ffff000080964180 x19: ffff800009819ba0 x18: 0000000000000006\n[ 4.171545] x17: 6361727420656e69 x16: 6c6568636163203a x15: 72656c6c6f72746e\n[ 4.178602] x14: 6f632d646e616e2e x13: ffff800009832f58 x12: 00000000000004ec\n[ 4.185759] x11: 00000000000001a4 x10: ffff80000988af58 x9 : ffff800009832f58\n[ 4.192916] x8 : 00000000ffffefff x7 : ffff80000988af58 x6 : 80000000fffff000\n[ 4.199972] x5 : 000000000000bff4 x4 : 0000000000000000 x3 : 0000000000000000\n[ 4.207128] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff0000812d2c40\n[ 4.214185] Call trace:\n[ 4.216605] add_dma_entry+0x23c/0x300\n[ 4.220338] debug_dma_map_sg+0x198/0x350\n[ 4.224373] __dma_map_sg_attrs+0xa0/0x110\n[ 4.228411] dma_map_sg_attrs+0x10/0x2c\n[ 4.232247] stm32_fmc2_nfc_xfer.isra.0+0x1c8/0x3fc\n[ 4.237088] stm32_fmc2_nfc_seq_read_page+0xc8/0x174\n[ 4.242127] nand_read_oob+0x1d4/0x8e0\n[ 4.245861] mtd_read_oob_std+0x58/0x84\n[ 4.249596] mtd_read_oob+0x90/0x150\n[ 4.253231] mtd_read+0x68/0xac",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39907",
"url": "https://www.suse.com/security/cve/CVE-2025-39907"
},
{
"category": "external",
"summary": "SUSE Bug 1250713 for CVE-2025-39907",
"url": "https://bugzilla.suse.com/1250713"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39907"
},
{
"cve": "CVE-2025-39909",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39909"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters()\n\nPatch series \"mm/damon: avoid divide-by-zero in DAMON module\u0027s parameters\napplication\".\n\nDAMON\u0027s RECLAIM and LRU_SORT modules perform no validation on\nuser-configured parameters during application, which may lead to\ndivision-by-zero errors.\n\nAvoid the divide-by-zero by adding validation checks when DAMON modules\nattempt to apply the parameters.\n\n\nThis patch (of 2):\n\nDuring the calculation of \u0027hot_thres\u0027 and \u0027cold_thres\u0027, either\n\u0027sample_interval\u0027 or \u0027aggr_interval\u0027 is used as the divisor, which may\nlead to division-by-zero errors. Fix it by directly returning -EINVAL\nwhen such a case occurs. Additionally, since \u0027aggr_interval\u0027 is already\nrequired to be set no smaller than \u0027sample_interval\u0027 in damon_set_attrs(),\nonly the case where \u0027sample_interval\u0027 is zero needs to be checked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39909",
"url": "https://www.suse.com/security/cve/CVE-2025-39909"
},
{
"category": "external",
"summary": "SUSE Bug 1250711 for CVE-2025-39909",
"url": "https://bugzilla.suse.com/1250711"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39909"
},
{
"cve": "CVE-2025-39916",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39916"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/reclaim: avoid divide-by-zero in damon_reclaim_apply_parameters()\n\nWhen creating a new scheme of DAMON_RECLAIM, the calculation of\n\u0027min_age_region\u0027 uses \u0027aggr_interval\u0027 as the divisor, which may lead to\ndivision-by-zero errors. Fix it by directly returning -EINVAL when such a\ncase occurs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39916",
"url": "https://www.suse.com/security/cve/CVE-2025-39916"
},
{
"category": "external",
"summary": "SUSE Bug 1250719 for CVE-2025-39916",
"url": "https://bugzilla.suse.com/1250719"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39916"
},
{
"cve": "CVE-2025-39918",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39918"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: fix linked list corruption\n\nNever leave scheduled wcid entries on the temporary on-stack list",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39918",
"url": "https://www.suse.com/security/cve/CVE-2025-39918"
},
{
"category": "external",
"summary": "SUSE Bug 1250729 for CVE-2025-39918",
"url": "https://bugzilla.suse.com/1250729"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39918"
},
{
"cve": "CVE-2025-39922",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39922"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nixgbe: fix incorrect map used in eee linkmode\n\nincorrectly used ixgbe_lp_map in loops intended to populate the\nsupported and advertised EEE linkmode bitmaps based on ixgbe_ls_map.\nThis results in incorrect bit setting and potential out-of-bounds\naccess, since ixgbe_lp_map and ixgbe_ls_map have different sizes\nand purposes.\n\nixgbe_lp_map[i] -\u003e ixgbe_ls_map[i]\n\nUse ixgbe_ls_map for supported and advertised linkmodes, and keep\nixgbe_lp_map usage only for link partner (lp_advertised) mapping.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39922",
"url": "https://www.suse.com/security/cve/CVE-2025-39922"
},
{
"category": "external",
"summary": "SUSE Bug 1250722 for CVE-2025-39922",
"url": "https://bugzilla.suse.com/1250722"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39922"
},
{
"cve": "CVE-2025-39923",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39923"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees\n\nWhen we don\u0027t have a clock specified in the device tree, we have no way to\nensure the BAM is on. This is often the case for remotely-controlled or\nremotely-powered BAM instances. In this case, we need to read num-channels\nfrom the DT to have all the necessary information to complete probing.\n\nHowever, at the moment invalid device trees without clock and without\nnum-channels still continue probing, because the error handling is missing\nreturn statements. The driver will then later try to read the number of\nchannels from the registers. This is unsafe, because it relies on boot\nfirmware and lucky timing to succeed. Unfortunately, the lack of proper\nerror handling here has been abused for several Qualcomm SoCs upstream,\ncausing early boot crashes in several situations [1, 2].\n\nAvoid these early crashes by erroring out when any of the required DT\nproperties are missing. Note that this will break some of the existing DTs\nupstream (mainly BAM instances related to the crypto engine). However,\nclearly these DTs have never been tested properly, since the error in the\nkernel log was just ignored. It\u0027s safer to disable the crypto engine for\nthese broken DTBs.\n\n[1]: https://lore.kernel.org/r/CY01EKQVWE36.B9X5TDXAREPF@fairphone.com/\n[2]: https://lore.kernel.org/r/20230626145959.646747-1-krzysztof.kozlowski@linaro.org/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39923",
"url": "https://www.suse.com/security/cve/CVE-2025-39923"
},
{
"category": "external",
"summary": "SUSE Bug 1250741 for CVE-2025-39923",
"url": "https://bugzilla.suse.com/1250741"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39923"
},
{
"cve": "CVE-2025-39925",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39925"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: j1939: implement NETDEV_UNREGISTER notification handler\n\nsyzbot is reporting\n\n unregister_netdevice: waiting for vcan0 to become free. Usage count = 2\n\nproblem, for j1939 protocol did not have NETDEV_UNREGISTER notification\nhandler for undoing changes made by j1939_sk_bind().\n\nCommit 25fe97cb7620 (\"can: j1939: move j1939_priv_put() into sk_destruct\ncallback\") expects that a call to j1939_priv_put() can be unconditionally\ndelayed until j1939_sk_sock_destruct() is called. But we need to call\nj1939_priv_put() against an extra ref held by j1939_sk_bind() call\n(as a part of undoing changes made by j1939_sk_bind()) as soon as\nNETDEV_UNREGISTER notification fires (i.e. before j1939_sk_sock_destruct()\nis called via j1939_sk_release()). Otherwise, the extra ref on \"struct\nj1939_priv\" held by j1939_sk_bind() call prevents \"struct net_device\" from\ndropping the usage count to 1; making it impossible for\nunregister_netdevice() to continue.\n\n[mkl: remove space in front of label]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39925",
"url": "https://www.suse.com/security/cve/CVE-2025-39925"
},
{
"category": "external",
"summary": "SUSE Bug 1250736 for CVE-2025-39925",
"url": "https://bugzilla.suse.com/1250736"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39925"
},
{
"cve": "CVE-2025-39926",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39926"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngenetlink: fix genl_bind() invoking bind() after -EPERM\n\nPer family bind/unbind callbacks were introduced to allow families\nto track multicast group consumer presence, e.g. to start or stop\nproducing events depending on listeners.\n\nHowever, in genl_bind() the bind() callback was invoked even if\ncapability checks failed and ret was set to -EPERM. This means that\ncallbacks could run on behalf of unauthorized callers while the\nsyscall still returned failure to user space.\n\nFix this by only invoking bind() after \"if (ret) break;\" check\ni.e. after permission checks have succeeded.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39926",
"url": "https://www.suse.com/security/cve/CVE-2025-39926"
},
{
"category": "external",
"summary": "SUSE Bug 1250737 for CVE-2025-39926",
"url": "https://bugzilla.suse.com/1250737"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39926"
},
{
"cve": "CVE-2025-39931",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39931"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af_alg - Set merge to zero early in af_alg_sendmsg\n\nIf an error causes af_alg_sendmsg to abort, ctx-\u003emerge may contain\na garbage value from the previous loop. This may then trigger a\ncrash on the next entry into af_alg_sendmsg when it attempts to do\na merge that can\u0027t be done.\n\nFix this by setting ctx-\u003emerge to zero near the start of the loop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39931",
"url": "https://www.suse.com/security/cve/CVE-2025-39931"
},
{
"category": "external",
"summary": "SUSE Bug 1251100 for CVE-2025-39931",
"url": "https://bugzilla.suse.com/1251100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39931"
},
{
"cve": "CVE-2025-39934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39934"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: bridge: anx7625: Fix NULL pointer dereference with early IRQ\n\nIf the interrupt occurs before resource initialization is complete, the\ninterrupt handler/worker may access uninitialized data such as the I2C\ntcpc_client device, potentially leading to NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39934",
"url": "https://www.suse.com/security/cve/CVE-2025-39934"
},
{
"category": "external",
"summary": "SUSE Bug 1251146 for CVE-2025-39934",
"url": "https://bugzilla.suse.com/1251146"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39934"
},
{
"cve": "CVE-2025-39937",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39937"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer\n\nSince commit 7d5e9737efda (\"net: rfkill: gpio: get the name and type from\ndevice property\") rfkill_find_type() gets called with the possibly\nuninitialized \"const char *type_name;\" local variable.\n\nOn x86 systems when rfkill-gpio binds to a \"BCM4752\" or \"LNV4752\"\nacpi_device, the rfkill-\u003etype is set based on the ACPI acpi_device_id:\n\n rfkill-\u003etype = (unsigned)id-\u003edriver_data;\n\nand there is no \"type\" property so device_property_read_string() will fail\nand leave type_name uninitialized, leading to a potential crash.\n\nrfkill_find_type() does accept a NULL pointer, fix the potential crash\nby initializing type_name to NULL.\n\nNote likely sofar this has not been caught because:\n\n1. Not many x86 machines actually have a \"BCM4752\"/\"LNV4752\" acpi_device\n2. The stack happened to contain NULL where type_name is stored",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39937",
"url": "https://www.suse.com/security/cve/CVE-2025-39937"
},
{
"category": "external",
"summary": "SUSE Bug 1251143 for CVE-2025-39937",
"url": "https://bugzilla.suse.com/1251143"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39937"
},
{
"cve": "CVE-2025-39938",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39938"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed\n\nIf earlier opening of source graph fails (e.g. ADSP rejects due to\nincorrect audioreach topology), the graph is closed and\n\"dai_data-\u003egraph[dai-\u003eid]\" is assigned NULL. Preparing the DAI for sink\ngraph continues though and next call to q6apm_lpass_dai_prepare()\nreceives dai_data-\u003egraph[dai-\u003eid]=NULL leading to NULL pointer\nexception:\n\n qcom-apm gprsvc:service:2:1: Error (1) Processing 0x01001002 cmd\n qcom-apm gprsvc:service:2:1: DSP returned error[1001002] 1\n q6apm-lpass-dais 30000000.remoteproc:glink-edge:gpr:service@1:bedais: fail to start APM port 78\n q6apm-lpass-dais 30000000.remoteproc:glink-edge:gpr:service@1:bedais: ASoC: error at snd_soc_pcm_dai_prepare on TX_CODEC_DMA_TX_3: -22\n Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a8\n ...\n Call trace:\n q6apm_graph_media_format_pcm+0x48/0x120 (P)\n q6apm_lpass_dai_prepare+0x110/0x1b4\n snd_soc_pcm_dai_prepare+0x74/0x108\n __soc_pcm_prepare+0x44/0x160\n dpcm_be_dai_prepare+0x124/0x1c0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39938",
"url": "https://www.suse.com/security/cve/CVE-2025-39938"
},
{
"category": "external",
"summary": "SUSE Bug 1251134 for CVE-2025-39938",
"url": "https://bugzilla.suse.com/1251134"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39938"
},
{
"cve": "CVE-2025-39945",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39945"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncnic: Fix use-after-free bugs in cnic_delete_task\n\nThe original code uses cancel_delayed_work() in cnic_cm_stop_bnx2x_hw(),\nwhich does not guarantee that the delayed work item \u0027delete_task\u0027 has\nfully completed if it was already running. Additionally, the delayed work\nitem is cyclic, the flush_workqueue() in cnic_cm_stop_bnx2x_hw() only\nblocks and waits for work items that were already queued to the\nworkqueue prior to its invocation. Any work items submitted after\nflush_workqueue() is called are not included in the set of tasks that the\nflush operation awaits. This means that after the cyclic work items have\nfinished executing, a delayed work item may still exist in the workqueue.\nThis leads to use-after-free scenarios where the cnic_dev is deallocated\nby cnic_free_dev(), while delete_task remains active and attempt to\ndereference cnic_dev in cnic_delete_task().\n\nA typical race condition is illustrated below:\n\nCPU 0 (cleanup) | CPU 1 (delayed work callback)\ncnic_netdev_event() |\n cnic_stop_hw() | cnic_delete_task()\n cnic_cm_stop_bnx2x_hw() | ...\n cancel_delayed_work() | /* the queue_delayed_work()\n flush_workqueue() | executes after flush_workqueue()*/\n | queue_delayed_work()\n cnic_free_dev(dev)//free | cnic_delete_task() //new instance\n | dev = cp-\u003edev; //use\n\nReplace cancel_delayed_work() with cancel_delayed_work_sync() to ensure\nthat the cyclic delayed work item is properly canceled and that any\nongoing execution of the work item completes before the cnic_dev is\ndeallocated. Furthermore, since cancel_delayed_work_sync() uses\n__flush_work(work, true) to synchronously wait for any currently\nexecuting instance of the work item to finish, the flush_workqueue()\nbecomes redundant and should be removed.\n\nThis bug was identified through static analysis. To reproduce the issue\nand validate the fix, I simulated the cnic PCI device in QEMU and\nintroduced intentional delays - such as inserting calls to ssleep()\nwithin the cnic_delete_task() function - to increase the likelihood\nof triggering the bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39945",
"url": "https://www.suse.com/security/cve/CVE-2025-39945"
},
{
"category": "external",
"summary": "SUSE Bug 1251230 for CVE-2025-39945",
"url": "https://bugzilla.suse.com/1251230"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39945"
},
{
"cve": "CVE-2025-39946",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39946"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: make sure to abort the stream if headers are bogus\n\nNormally we wait for the socket to buffer up the whole record\nbefore we service it. If the socket has a tiny buffer, however,\nwe read out the data sooner, to prevent connection stalls.\nMake sure that we abort the connection when we find out late\nthat the record is actually invalid. Retrying the parsing is\nfine in itself but since we copy some more data each time\nbefore we parse we can overflow the allocated skb space.\n\nConstructing a scenario in which we\u0027re under pressure without\nenough data in the socket to parse the length upfront is quite\nhard. syzbot figured out a way to do this by serving us the header\nin small OOB sends, and then filling in the recvbuf with a large\nnormal send.\n\nMake sure that tls_rx_msg_size() aborts strp, if we reach\nan invalid record there\u0027s really no way to recover.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39946",
"url": "https://www.suse.com/security/cve/CVE-2025-39946"
},
{
"category": "external",
"summary": "SUSE Bug 1251114 for CVE-2025-39946",
"url": "https://bugzilla.suse.com/1251114"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39946"
},
{
"cve": "CVE-2025-39952",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39952"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wilc1000: avoid buffer overflow in WID string configuration\n\nFix the following copy overflow warning identified by Smatch checker.\n\n drivers/net/wireless/microchip/wilc1000/wlan_cfg.c:184 wilc_wlan_parse_response_frame()\n error: \u0027__memcpy()\u0027 \u0027cfg-\u003es[i]-\u003estr\u0027 copy overflow (512 vs 65537)\n\nThis patch introduces size check before accessing the memory buffer.\nThe checks are base on the WID type of received data from the firmware.\nFor WID string configuration, the size limit is determined by individual\nelement size in \u0027struct wilc_cfg_str_vals\u0027 that is maintained in \u0027len\u0027 field\nof \u0027struct wilc_cfg_str\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39952",
"url": "https://www.suse.com/security/cve/CVE-2025-39952"
},
{
"category": "external",
"summary": "SUSE Bug 1251216 for CVE-2025-39952",
"url": "https://bugzilla.suse.com/1251216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39952"
},
{
"cve": "CVE-2025-39957",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39957"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: increase scan_ies_len for S1G\n\nCurrently the S1G capability element is not taken into account\nfor the scan_ies_len, which leads to a buffer length validation\nfailure in ieee80211_prep_hw_scan() and subsequent WARN in\n__ieee80211_start_scan(). This prevents hw scanning from functioning.\nTo fix ensure we accommodate for the S1G capability length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39957",
"url": "https://www.suse.com/security/cve/CVE-2025-39957"
},
{
"category": "external",
"summary": "SUSE Bug 1251810 for CVE-2025-39957",
"url": "https://bugzilla.suse.com/1251810"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "low"
}
],
"title": "CVE-2025-39957"
},
{
"cve": "CVE-2025-40300",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40300"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/vmscape: Add conditional IBPB mitigation\n\nVMSCAPE is a vulnerability that exploits insufficient branch predictor\nisolation between a guest and a userspace hypervisor (like QEMU). Existing\nmitigations already protect kernel/KVM from a malicious guest. Userspace\ncan additionally be protected by flushing the branch predictors after a\nVMexit.\n\nSince it is the userspace that consumes the poisoned branch predictors,\nconditionally issue an IBPB after a VMexit and before returning to\nuserspace. Workloads that frequently switch between hypervisor and\nuserspace will incur the most overhead from the new IBPB.\n\nThis new IBPB is not integrated with the existing IBPB sites. For\ninstance, a task can use the existing speculation control prctl() to\nget an IBPB at context switch time. With this implementation, the\nIBPB is doubled up: one at context switch and another before running\nuserspace.\n\nThe intent is to integrate and optimize these cases post-embargo.\n\n[ dhansen: elaborate on suboptimal IBPB solution ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40300",
"url": "https://www.suse.com/security/cve/CVE-2025-40300"
},
{
"category": "external",
"summary": "SUSE Bug 1249561 for CVE-2025-40300",
"url": "https://bugzilla.suse.com/1249561"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40300"
},
{
"cve": "CVE-2026-38264",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-38264"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-38264",
"url": "https://www.suse.com/security/cve/CVE-2026-38264"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:cluster-md-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:dlm-kmp-default-6.12.0-160000.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:gfs2-kmp-default-6.12.0-160000.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T07:34:55Z",
"details": "not set"
}
],
"title": "CVE-2026-38264"
}
]
}
SUSE-SU-2025:21139-1
Vulnerability from csaf_suse - Published: 2025-11-25 07:34 - Updated: 2025-11-25 07:34Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise Server 16.0 and SUSE Linux Micro 6.2 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863).
- CVE-2024-57891: sched_ext: Fix invalid irq restore in scx_ops_bypass() (bsc#1235953).
- CVE-2024-57951: hrtimers: Handle CPU state correctly on hotplug (bsc#1237108).
- CVE-2024-57952: Revert "libfs: fix infinite directory reads for offset dir" (bsc#1237131).
- CVE-2024-58090: sched/core: Prevent rescheduling when interrupts are disabled (bsc#1240324).
- CVE-2025-22034: mm/rmap: avoid -EBUSY from make_device_exclusive() (bsc#1241435).
- CVE-2025-22077: Revert "smb: client: fix TCP timers deadlock after rmmod" (bsc#1241403).
- CVE-2025-23141: KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses (bsc#1242782).
- CVE-2025-37821: sched/eevdf: Fix se->slice being set to U64_MAX and resulting (bsc#1242864).
- CVE-2025-37849: KVM: arm64: Tear down vGIC on failed vCPU creation (bsc#1243000).
- CVE-2025-37856: btrfs: harden block_group::bg_list against list_del() races (bsc#1243068).
- CVE-2025-37861: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue (bsc#1243055).
- CVE-2025-37864: net: dsa: clean up FDB, MDB, VLAN entries on unbind (bsc#1242965).
- CVE-2025-38006: net: mctp: Do not access ifa_index when missing (bsc#1244930).
- CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939).
- CVE-2025-38019: mlxsw: spectrum_router: Fix use-after-free when deleting GRE net devices (bsc#1245000).
- CVE-2025-38034: btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref (bsc#1244792).
- CVE-2025-38038: cpufreq: amd-pstate: Remove unnecessary driver_lock in set_boost (bsc#1244812).
- CVE-2025-38058: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock (bsc#1245151).
- CVE-2025-38062: kABI: restore layout of struct msi_desc (bsc#1245216).
- CVE-2025-38075: scsi: target: iscsi: Fix timeout on deleted connection (bsc#1244734).
- CVE-2025-38101: ring-buffer: Fix buffer locking in ring_buffer_subbuf_order_set() (bsc#1245659).
- CVE-2025-38103: HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() (bsc#1245663).
- CVE-2025-38106: io_uring/sqpoll: do not put task_struct on tctx setup failure (bsc#1245664).
- CVE-2025-38117: hci_dev centralize extra lock (bsc#1245695).
- CVE-2025-38119: scsi: core: ufs: Fix a hang in the error handler (bsc#1245700).
- CVE-2025-38125: net: stmmac: make sure that ptp_rate is not 0 before configuring EST (bsc#1245710).
- CVE-2025-38146: net: openvswitch: Fix the dead loop of MPLS parse (bsc#1245767).
- CVE-2025-38160: clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() (bsc#1245780).
- CVE-2025-38168: perf: arm-ni: Unregister PMUs on probe failure (bsc#1245763).
- CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970).
- CVE-2025-38182: ublk: santizize the arguments from userspace when adding a device (bsc#1245937).
- CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956).
- CVE-2025-38185: atm: atmtcp: Free invalid length skb in atmtcp_c_send() (bsc#1246012).
- CVE-2025-38190: atm: Revert atm_account_tx() if copy_from_iter_full() fails (bsc#1245973).
- CVE-2025-38201: netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX (bsc#1245977).
- CVE-2025-38205: drm/amd/display: Avoid divide by zero by initializing dummy pitch to 1 (bsc#1246005).
- CVE-2025-38208: smb: client: add NULL check in automount_fullpath (bsc#1245815).
- CVE-2025-38216: iommu/vt-d: Restore context entry setup order for aliased devices (bsc#1245963).
- CVE-2025-38220: ext4: only dirty folios when data journaling regular files (bsc#1245966).
- CVE-2025-38222: ext4: inline: fix len overflow in ext4_prepare_inline_data (bsc#1245976).
- CVE-2025-38242: mm: userfaultfd: fix race of userfaultfd_move and swap cache (bsc#1246176).
- CVE-2025-38244: smb: client: fix potential deadlock when reconnecting channels (bsc#1246183).
- CVE-2025-38245: atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister() (bsc#1246193).
- CVE-2025-38251: atm: clip: prevent NULL deref in clip_push() (bsc#1246181).
- CVE-2025-38256: io_uring/rsrc: fix folio unpinning (bsc#1246188).
- CVE-2025-38258: mm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter->memcg_path on write (bsc#1246185).
- CVE-2025-38263: bcache: fix NULL pointer in cache_set_flush() (bsc#1246248).
- CVE-2025-38267: ring-buffer: Do not trigger WARN_ON() due to a commit_overrun (bsc#1246245).
- CVE-2025-38270: net: drv: netdevsim: do not napi_complete() from netpoll (bsc#1246252).
- CVE-2025-38272: net: dsa: b53: do not enable EEE on bcm63xx (bsc#1246268).
- CVE-2025-38301: nvmem: zynqmp_nvmem: unbreak driver after cleanup (bsc#1246351).
- CVE-2025-38306: fs/fhandle.c: fix a race in call of has_locked_children() (bsc#1246366).
- CVE-2025-38311: iavf: get rid of the crit lock (bsc#1246376).
- CVE-2025-38318: perf: arm-ni: Fix missing platform_set_drvdata() (bsc#1246444).
- CVE-2025-38322: perf/x86/intel: Fix crash in icl_update_topdown_event() (bsc#1246447).
- CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473).
- CVE-2025-38337: jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() (bsc#1246253).
- CVE-2025-38341: eth: fbnic: avoid double free when failing to DMA-map FW msg (bsc#1246260).
- CVE-2025-38349: eventpoll: do not decrement ep refcount while still holding the ep mutex (bsc#1246777).
- CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781).
- CVE-2025-38351: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush (bsc#1246782).
- CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911).
- CVE-2025-38359: s390/mm: Fix in_atomic() handling in do_secure_storage_access() (bsc#1247076).
- CVE-2025-38360: drm/amd/display: Add more checks for DSC / HUBP ONO guarantees (bsc#1247078).
- CVE-2025-38365: btrfs: fix a race between renames and directory logging (bsc#1247023).
- CVE-2025-38374: optee: ffa: fix sleep in atomic context (bsc#1247024).
- CVE-2025-38382: btrfs: fix iteration of extrefs during log replay (bsc#1247031).
- CVE-2025-38383: mm/vmalloc: fix data race in show_numa_info() (bsc#1247250).
- CVE-2025-38392: idpf: convert control queue mutex to a spinlock (bsc#1247169).
- CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (bsc#1247156).
- CVE-2025-38399: scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() (bsc#1247097).
- CVE-2025-38402: idpf: return 0 size for RSS key if not supported (bsc#1247262).
- CVE-2025-38408: genirq/irq_sim: Initialize work context pointers properly (bsc#1247126).
- CVE-2025-38418: remoteproc: core: Release rproc->clean_table after rproc_attach() fails (bsc#1247137).
- CVE-2025-38419: remoteproc: core: Cleanup acquired resources when
rproc_handle_resources() fails in rproc_attach() (bsc#1247136).
- CVE-2025-38426: drm/amdgpu: Add basic validation for RAS header (bsc#1247252).
- CVE-2025-38439: bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT (bsc#1247155).
- CVE-2025-38440: net/mlx5e: Fix race between DIM disable and net_dim() (bsc#1247290).
- CVE-2025-38441: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() (bsc#1247167).
- CVE-2025-38444: raid10: cleanup memleak at raid10_make_request (bsc#1247162).
- CVE-2025-38445: md/raid1: Fix stack memory use after return in raid1_reshape (bsc#1247229).
- CVE-2025-38451: md/md-bitmap: fix GPF in bitmap_get_stats() (bsc#1247102).
- CVE-2025-38453: kABI: io_uring: msg_ring ensure io_kiocb freeing is deferred (bsc#1247234).
- CVE-2025-38456: ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() (bsc#1247099).
- CVE-2025-38457: net/sched: Abort __tc_modify_qdisc if parent class does not exist (bsc#1247098).
- CVE-2025-38458: atm: clip: Fix NULL pointer dereference in vcc_sendmsg() (bsc#1247116).
- CVE-2025-38459: atm: clip: Fix infinite recursive call of clip_push() (bsc#1247119).
- CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143).
- CVE-2025-38463: tcp: Correct signedness in skb remaining space calculation (bsc#1247113).
- CVE-2025-38464: tipc: Fix use-after-free in tipc_conn_close() (bsc#1247112).
- CVE-2025-38470: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime (bsc#1247288).
- CVE-2025-38472: netfilter: nf_conntrack: fix crash due to removal of uninitialised entry (bsc#1247313).
- CVE-2025-38475: smc: Fix various oops due to inet_sock type confusion (bsc#1247308).
- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239).
- CVE-2025-38490: net: libwx: remove duplicate page_pool_put_full_page() (bsc#1247243).
- CVE-2025-38491: mptcp: make fallback action and fallback decision atomic (bsc#1247280).
- CVE-2025-38493: tracing/osnoise: Fix crash in timerlat_dump_stack() (bsc#1247283).
- CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347).
- CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976).
- CVE-2025-38500: xfrm: interface: fix use-after-free after changing collect_md xfrm interface (bsc#1248088).
- CVE-2025-38508: x86/sev: Use TSC_FACTOR for Secure TSC frequency calculation (bsc#1248190).
- CVE-2025-38514: rxrpc: Fix oops due to non-existence of prealloc backlog struct (bsc#1248202).
- CVE-2025-38524: rxrpc: Fix recv-recv race of completed call (bsc#1248194).
- CVE-2025-38526: ice: add NULL check in eswitch lag check (bsc#1248192).
- CVE-2025-38527: smb: client: fix use-after-free in cifs_oplock_break (bsc#1248199).
- CVE-2025-38533: net: libwx: fix the using of Rx buffer DMA (bsc#1248200).
- CVE-2025-38539: tracing: Add down_write(trace_event_sem) when adding trace event (bsc#1248211).
- CVE-2025-38544: rxrpc: Fix bug due to prealloc collision (bsc#1248225).
- CVE-2025-38545: net: ethernet: ti: am65-cpsw-nuss: Fix skb size by accounting for skb_shared_info (bsc#1248224).
- CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223).
- CVE-2025-38549: efivarfs: Fix memory leak of efivarfs_fs_info in fs_context error paths (bsc#1248235).
- CVE-2025-38554: mm: fix a UAF when vma->mm is freed after vma->vm_refcnt got dropped (bsc#1248299).
- CVE-2025-38556: HID: core: Harden s32ton() against conversion to 0 bits (bsc#1248296).
- CVE-2025-38560: x86/sev: Evict cache lines during SNP memory validation (bsc#1248312).
- CVE-2025-38566: sunrpc: fix handling of server side tls alerts (bsc#1248374).
- CVE-2025-38571: sunrpc: fix client side handling of tls alerts (bsc#1248401).
- CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248399).
- CVE-2025-38574: pptp: ensure minimal skb length in pptp_xmit() (bsc#1248365).
- CVE-2025-38584: padata: Fix pd UAF once and for all (bsc1248343).
- CVE-2025-38588: ipv6: prevent infinite loop in rt6_nlmsg_size() (bsc#1248368).
- CVE-2025-38593: kABI workaround for bluetooth discovery_state change (bsc#1248357).
- CVE-2025-38597: drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port (bsc#1248378).
- CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338).
- CVE-2025-38614: eventpoll: Fix semi-unbounded recursion (bsc#1248392).
- CVE-2025-38616: tls: handle data disappearing from under the TLS ULP (bsc#1248512).
- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511).
- CVE-2025-38622: net: drop UFO packets in udp_rcv_segment() (bsc#1248619).
- CVE-2025-38623: PCI: pnv_php: Fix surprise plug detection and recovery (bsc#1248610).
- CVE-2025-38628: vdpa/mlx5: Fix release of uninitialized resources on error path (bsc#1248616).
- CVE-2025-38639: netfilter: xt_nfacct: do not assume acct name is null-terminated (bsc#1248674).
- CVE-2025-38640: bpf: Disable migration in nf_hook_run_bpf() (bsc#1248622).
- CVE-2025-38643: wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() (bsc#1248681).
- CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248748).
- CVE-2025-38659: gfs2: No more self recovery (bsc#1248639).
- CVE-2025-38660: [ceph] parse_longname(): strrchr() expects NUL-terminated string (bsc#1248634).
- CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628).
- CVE-2025-38676: iommu/amd: Avoid stack buffer overflow from kernel cmdline (bsc#1248775).
- CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249126).
- CVE-2025-38684: net/sched: ets: use old 'nbands' while purging unused classes (bsc#1249156).
- CVE-2025-38686: userfaultfd: fix a crash in UFFDIO_MOVE when PMD is a migration entry (bsc#1249160).
- CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (bsc#1249182).
- CVE-2025-38701: ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr (bsc#1249258).
- CVE-2025-38709: loop: Avoid updating block size under exclusive owner (bsc#1249199).
- CVE-2025-38710: gfs2: Validate i_depth for exhash directories (bsc#1249201).
- CVE-2025-38730: io_uring/net: commit partial buffers on retry (bsc#1249172).
- CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324).
- CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320).
- CVE-2025-39677: net/sched: Fix backlog accounting in qdisc_dequeue_internal (bsc#1249300).
- CVE-2025-39681: x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper (bsc#1249303).
- CVE-2025-39682: tls: fix handling of zero-length records on the rx_list (bsc#1249284).
- CVE-2025-39683: tracing: Limit access to parser->buffer when trace_get_user failed (bsc#1249286).
- CVE-2025-39691: fs/buffer: fix use-after-free when call bh_read() helper (bsc#1249374).
- CVE-2025-39698: io_uring/futex: ensure io_futex_wait() cleans up properly on failure (bsc#1249322).
- CVE-2025-39703: net, hsr: reject HSR frame if skb can't hold tag (bsc#1249315).
- CVE-2025-39723: kABI: netfs: handle new netfs_io_stream flag (bsc#1249314).
- CVE-2025-39744: rcu: Fix rcu_read_unlock() deadloop due to IRQ work (bsc#1249494).
- CVE-2025-39749: rcu: Protect ->defer_qs_iw_pending from data race (bsc#1249533).
- CVE-2025-39754: mm/smaps: fix race between smaps_hugetlb_range and migration (bsc#1249524).
- CVE-2025-39766: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit (bsc#1249510).
- CVE-2025-39770: net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM (bsc#1249508).
- CVE-2025-39773: net: bridge: fix soft lockup in br_multicast_query_expired() (bsc#1249504).
- CVE-2025-39775: mm/mremap: fix WARN with uffd that has remap events disabled (bsc#1249500).
- CVE-2025-39782: jbd2: prevent softlockup in jbd2_log_do_checkpoint() (bsc#1249526).
- CVE-2025-39791: dm: dm-crypt: Do not partially accept write BIOs with zoned targets (bsc#1249550).
- CVE-2025-39792: dm: Always split write BIOs to zoned device limits (bsc#1249618).
- CVE-2025-39797: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI (bsc#1249608).
- CVE-2025-39813: ftrace: Also allocate and copy hash for reading of filter files (bsc#1250032).
- CVE-2025-39816: io_uring/kbuf: always use READ_ONCE() to read ring provided buffer lengths (bsc#1249906).
- CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002).
- CVE-2025-39825: smb: client: fix race with concurrent opens in rename(2) (bsc#1250179).
- CVE-2025-39828: kABI workaround for struct atmdev_ops extension (bsc#1250205).
- CVE-2025-39830: net/mlx5: HWS, Fix memory leak in hws_pool_buddy_init error path (bsc#1249974).
- CVE-2025-39838: cifs: prevent NULL pointer dereference in UTF16 conversion (bsc#1250365).
- CVE-2025-39842: ocfs2: prevent release journal inode after journal shutdown (bsc#1250267).
- CVE-2025-39847: ppp: fix memory leak in pad_compress_skb (bsc#1250292).
- CVE-2025-39850: vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects (bsc#1250276).
- CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296).
- CVE-2025-39852: net/tcp: Fix socket memory leak in TCP-AO failure handling for IPv6 (bsc#1250258).
- CVE-2025-39853: i40e: Fix potential invalid access when MAC list is empty (bsc#1250275).
- CVE-2025-39854: ice: fix NULL access of tx->in_use in ice_ll_ts_intr (bsc#1250297).
- CVE-2025-39857: net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync() (bsc#1250251).
- CVE-2025-39865: tee: fix NULL pointer dereference in tee_shm_put (bsc#1250294).
- CVE-2025-39875: igb: Fix NULL pointer dereference in ethtool loopback test (bsc#1250398).
- CVE-2025-39885: ocfs2: fix recursive semaphore deadlock in fiemap call (bsc#1250407).
- CVE-2025-39898: e1000e: fix heap overflow in e1000_set_eeprom (bsc#1250742).
- CVE-2025-39900: net_sched: gen_estimator: fix est_timer() vs CONFIG_PREEMPT_RT=y (bsc#1250758).
- CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702).
- CVE-2025-39922: ixgbe: fix incorrect map used in eee linkmode (bsc#1250722).
- CVE-2025-39926: genetlink: fix genl_bind() invoking bind() after -EPERM (bsc#1250737).
- CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230).
- CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114).
- CVE-2025-40300: x86/vmscape: Warn when STIBP is disabled with SMT (bsc#1247483).
- CVE-2026-38264: nvme-tcp: sanitize request list handling (bsc#1246387).
The following non-security bugs were fixed:
- ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids() (git-fixes).
- ACPI/processor_idle: Add FFH state handling (jsc#PED-13815).
- ACPI/processor_idle: Export acpi_processor_ffh_play_dead() (jsc#PED-13815).
- ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path (stable-fixes).
- ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered (stable-fixes).
- ACPI: EC: Add device to acpi_ec_no_wakeup[] qurik list (stable-fixes).
- ACPI: LPSS: Remove AudioDSP related ID (git-fixes).
- ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message (git-fixes).
- ACPI: RISC-V: Fix FFH_CPPC_CSR error handling (git-fixes).
- ACPI: Return -ENODEV from acpi_parse_spcr() when SPCR support is disabled (stable-fixes).
- ACPI: Suppress misleading SPCR console message when SPCR table is absent (stable-fixes).
- ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT (git-fixes).
- ACPI: battery: Add synchronization between interface updates (git-fixes).
- ACPI: debug: fix signedness issues in read/write helpers (git-fixes).
- ACPI: pfr_update: Fix the driver update version check (git-fixes).
- ACPI: processor: Rescan "dead" SMT siblings during initialization (jsc#PED-13815).
- ACPI: processor: fix acpi_object initialization (stable-fixes).
- ACPI: processor: idle: Fix memory leak when register cpuidle device failed (git-fixes).
- ACPI: processor: perflib: Fix initial _PPC limit application (git-fixes).
- ACPI: processor: perflib: Move problematic pr->performance check (git-fixes).
- ACPI: property: Fix buffer properties extraction for subnodes (git-fixes).
- ACPICA: Fix largest possible resource descriptor index (git-fixes).
- ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported (stable-fixes).
- ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (stable-fixes).
- ALSA: hda/ca0132: Fix missing error handling in ca0132_alt_select_out() (git-fixes).
- ALSA: hda/cs35l56: Workaround bad dev-index on Lenovo Yoga Book 9i GenX (stable-fixes).
- ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model (stable-fixes).
- ALSA: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx (stable-fixes).
- ALSA: hda/realtek - Add mute LED support for HP Victus 15-fa0xxx (stable-fixes).
- ALSA: hda/realtek - Fix mute LED for HP Victus 16-d1xxx (MB 8A26) (stable-fixes).
- ALSA: hda/realtek - Fix mute LED for HP Victus 16-r0xxx (stable-fixes).
- ALSA: hda/realtek - Fix mute LED for HP Victus 16-r1xxx (stable-fixes).
- ALSA: hda/realtek - Fix mute LED for HP Victus 16-s0xxx (stable-fixes).
- ALSA: hda/realtek: Add ALC295 Dell TAS2781 I2C fixup (git-fixes).
- ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks (stable-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG Strix G712LWS (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS NUC using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6 (stable-fixes).
- ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again (git-fixes).
- ALSA: hda/realtek: Fix headset mic for TongFang X6[AF]R5xxY (stable-fixes).
- ALSA: hda/realtek: Fix headset mic on ASUS Zenbook 14 (git-fixes).
- ALSA: hda/realtek: Fix headset mic on HONOR BRB-X (stable-fixes).
- ALSA: hda/realtek: Fix mute LED mask on HP OMEN 16 laptop (git-fixes).
- ALSA: hda/realtek: Fix mute led for HP Laptop 15-dw4xx (stable-fixes).
- ALSA: hda/realtek: add LG gram 16Z90R-A to alc269 fixup table (stable-fixes).
- ALSA: hda: Disable jack polling at shutdown (stable-fixes).
- ALSA: hda: Handle the jack polling always via a work (stable-fixes).
- ALSA: hda: intel-dsp-config: Prevent SEGFAULT if ACPI_HANDLE() is NULL (git-fixes).
- ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 (stable-fixes).
- ALSA: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe() (git-fixes).
- ALSA: lx_core: use int type to store negative error codes (git-fixes).
- ALSA: pcm: Disable bottom softirqs as part of spin_lock_irq() on PREEMPT_RT (git-fixes).
- ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop (stable-fixes).
- ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() (git-fixes).
- ALSA: timer: fix ida_free call while not allocated (git-fixes).
- ALSA: usb-audio: Add DSD support for Comtrue USB Audio device (stable-fixes).
- ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 (stable-fixes).
- ALSA: usb-audio: Add mute TLV for playback volumes on more devices (stable-fixes).
- ALSA: usb-audio: Add mute TLV for playback volumes on some devices (stable-fixes).
- ALSA: usb-audio: Allow Focusrite devices to use low samplerates (git-fixes).
- ALSA: usb-audio: Avoid multiple assignments in mixer_quirks (stable-fixes).
- ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros (stable-fixes).
- ALSA: usb-audio: Convert comma to semicolon (git-fixes).
- ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks (stable-fixes).
- ALSA: usb-audio: Fix block comments in mixer_quirks (stable-fixes).
- ALSA: usb-audio: Fix build with CONFIG_INPUT=n (git-fixes).
- ALSA: usb-audio: Fix code alignment in mixer_quirks (stable-fixes).
- ALSA: usb-audio: Fix size validation in convert_chmap_v3() (git-fixes).
- ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks (stable-fixes).
- ALSA: usb-audio: Simplify NULL comparison in mixer_quirks (stable-fixes).
- ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation (git-fixes).
- ALSA: usb-audio: Validate UAC3 cluster segment descriptors (git-fixes).
- ALSA: usb-audio: Validate UAC3 power domain descriptors, too (git-fixes).
- ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free (git-fixes).
- ALSA: usb-audio: move mixer_quirks' min_mute into common quirk (stable-fixes).
- ASoC: Intel: avs: Fix uninitialized pointer error in probe() (stable-fixes).
- ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping (git-fixes).
- ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (git-fixes).
- ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (git-fixes).
- ASoC: Intel: catpt: Expose correct bit depth to userspace (git-fixes).
- ASoC: Intel: fix SND_SOC_SOF dependencies (stable-fixes).
- ASoC: Intel: sof_sdw: Prevent jump to NULL add_sidecar callback (git-fixes).
- ASoC: SOF: Intel: Read the LLP via the associated Link DMA channel (git-fixes).
- ASoC: SOF: Intel: hda-pcm: Place the constraint on period time instead of buffer time (git-fixes).
- ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message (git-fixes).
- ASoC: SOF: amd: acp-loader: Use GFP_KERNEL for DMA allocations in resume context (git-fixes).
- ASoC: SOF: ipc3-topology: Fix multi-core and static pipelines tear down (git-fixes).
- ASoC: SOF: ipc4-topology: Account for different ChainDMA host buffer size (git-fixes).
- ASoC: SOF: ipc4-topology: Correct the minimum host DMA buffer size (git-fixes).
- ASoC: SOF: topology: Parse the dapm_widget_tokens in case of DSPless mode (stable-fixes).
- ASoC: amd: acp: Adjust pdm gain value (stable-fixes).
- ASoC: amd: yc: Add DMI entries to support HP 15-fb1xxx (stable-fixes).
- ASoC: amd: yc: Add DMI quirk for HP Laptop 17 cp-2033dx (stable-fixes).
- ASoC: amd: yc: add DMI quirk for ASUS M6501RM (stable-fixes).
- ASoC: codecs: rt5640: Retry DEVICE_ID verification (stable-fixes).
- ASoC: codecs: tx-macro: correct tx_macro_component_drv name (stable-fixes).
- ASoC: codecs: wcd9375: Fix double free of regulator supplies (git-fixes).
- ASoC: codecs: wcd937x: Drop unused buck_supply (git-fixes).
- ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() (stable-fixes).
- ASoC: fsl_sai: replace regmap_write with regmap_update_bits (git-fixes).
- ASoC: fsl_xcvr: get channel status data when PHY is not exists (git-fixes).
- ASoC: hdac_hdmi: Rate limit logging on connection and disconnection (stable-fixes).
- ASoC: imx-hdmi: remove cpu_pdev related code (git-fixes).
- ASoC: mediatek: mt8365-dai-i2s: pass correct size to mt8365_dai_set_priv (git-fixes).
- ASoC: mediatek: use reserved memory or enable buffer pre-allocation (git-fixes).
- ASoC: ops: dynamically allocate struct snd_ctl_elem_value (git-fixes).
- ASoC: qcom: audioreach: Fix lpaif_type configuration for the I2S interface (git-fixes).
- ASoC: qcom: audioreach: fix potential null pointer dereference (git-fixes).
- ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed (git-fixes).
- ASoC: qcom: q6apm-lpass-dais: Fix missing set_fmt DAI op for I2S (git-fixes).
- ASoC: qcom: use drvdata instead of component to keep id (stable-fixes).
- ASoC: rt5682s: Adjust SAR ADC button mode to fix noise issue (stable-fixes).
- ASoC: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask() (git-fixes).
- ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed (stable-fixes).
- ASoC: tas2781: Fix the wrong step for TLV on tas2781 (git-fixes).
- ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() (git-fixes).
- ASoC: wm8940: Correct PLL rate rounding (git-fixes).
- ASoC: wm8940: Correct typo in control name (git-fixes).
- ASoC: wm8974: Correct PLL rate rounding (git-fixes).
- Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (git-fixes).
- Bluetooth: ISO: Fix possible UAF on iso_conn_free (git-fixes).
- Bluetooth: ISO: do not leak skb in ISO_CONT RX (git-fixes).
- Bluetooth: ISO: free rx_skb if not consumed (git-fixes).
- Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO (git-fixes).
- Bluetooth: MGMT: Fix possible UAFs (git-fixes).
- Bluetooth: btmtk: Fix wait_on_bit_timeout interruption during shutdown (git-fixes).
- Bluetooth: btusb: Add USB ID 2001:332a for D-Link AX9U rev. A1 (stable-fixes).
- Bluetooth: btusb: Add USB ID 3625:010b for TP-LINK Archer TX10UB Nano (stable-fixes).
- Bluetooth: btusb: Add new VID/PID 0489/e14e for MT7925 (stable-fixes).
- Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync() (git-fixes).
- Bluetooth: hci_core: Fix using {cis,bis}_capable for current settings (git-fixes).
- Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced (git-fixes).
- Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync (git-fixes).
- Bluetooth: hci_event: Mark connection as closed during suspend disconnect (git-fixes).
- Bluetooth: hci_event: Mask data status from LE ext adv reports (git-fixes).
- Bluetooth: hci_event: Treat UNKNOWN_CONN_ID on disconnect as success (git-fixes).
- Bluetooth: hci_event: fix MTU for BN == 0 in CIS Established (git-fixes).
- Bluetooth: hci_sock: Reset cookie to zero in hci_sock_free_cookie() (stable-fixes).
- Bluetooth: hci_sync: Avoid adding default advertising on startup (stable-fixes).
- Bluetooth: hci_sync: Fix hci_resume_advertising_sync (git-fixes).
- Bluetooth: hci_sync: Fix scan state after PA Sync has been established (git-fixes).
- Bluetooth: hci_sync: Fix using random address for BIG/PA advertisements (git-fixes).
- Bluetooth: hci_sync: Prevent unintended PA sync when SID is 0xFF (git-fixes).
- Bluetooth: hci_sync: fix set_local_name race condition (git-fixes).
- Bluetooth: vhci: Prevent use-after-free by removing debugfs files early (git-fixes).
- CONFIG & no reference -> OK temporarily, must be resolved eventually
- Disable CET before shutdown by tboot (bsc#1247950).
- Docs/ABI: Fix sysfs-kernel-address_bits path (git-fixes).
- Documentation/x86: Document new attack vector controls (git-fixes).
- Documentation: ACPI: Fix parent device references (git-fixes).
- Documentation: KVM: Fix unexpected unindent warning (git-fixes).
- Documentation: KVM: Fix unexpected unindent warnings (git-fixes).
- Documentation: usb: gadget: Wrap remaining usage snippets in literal code block (git-fixes).
- Drop ath12k patch that was reverted in the upstream (git-fixes)
- EDAC/{i10nm,skx,skx_common}: Support UV systems (bsc#1234693).
- Enable CONFIG_CMA_SYSFS This is a generally useful feature for anyone
using CMA or investigating CMA issues, with a small and simple code base
and no runtime overhead.
- Enable MT7925 WiFi drivers for openSUSE Leap 16.0 (bsc#1247325)
- Enable SMC_LO (a.k.a SMC-D) (jsc#PED-13256).
- Fix bogus i915 patch backport (bsc#1238972) It's been already cherry-picked in 6.12 kernel itself.
- Fix dma_unmap_sg() nents value (git-fixes)
- HID: amd_sfh: Add sync across amd sfh work functions (git-fixes).
- HID: apple: avoid setting up battery timer for devices without battery (git-fixes).
- HID: apple: validate feature-report field count to prevent NULL pointer dereference (git-fixes).
- HID: asus: add support for missing PX series fn keys (stable-fixes).
- HID: asus: fix UAF via HID_CLAIMED_INPUT validation (git-fixes).
- HID: core: do not bypass hid_hw_raw_request (stable-fixes).
- HID: core: ensure the allocated report buffer can contain the reserved report ID (stable-fixes).
- HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() (stable-fixes).
- HID: hidraw: tighten ioctl command parsing (git-fixes).
- HID: input: rename hidinput_set_battery_charge_status() (stable-fixes).
- HID: input: report battery status changes immediately (git-fixes).
- HID: intel-ish-ipc: Remove redundant ready check after timeout function (git-fixes).
- HID: logitech: Add ids for G PRO 2 LIGHTSPEED (stable-fixes).
- HID: magicmouse: avoid setting up battery timer when not needed (git-fixes).
- HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() (git-fixes).
- HID: quirks: add support for Legion Go dual dinput modes (stable-fixes).
- HID: wacom: Add a new Art Pen 2 (stable-fixes).
- IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions (git-fixes)
- IB/sa: Fix sa_local_svc_timeout_ms read race (git-fixes)
- Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table (stable-fixes).
- Input: iqs7222 - avoid enabling unused interrupts (stable-fixes).
- Input: psxpad-spi - add a check for the return value of spi_setup() (git-fixes).
- Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak (git-fixes).
- KEYS: X.509: Fix Basic Constraints CA flag parsing (git-fixes).
- KEYS: trusted_tpm1: Compare HMAC values in constant time (git-fixes).
- KVM: Allow CPU to reschedule while setting per-page memory attributes (git-fixes).
- KVM: Bail from the dirty ring reset flow if a signal is pending (git-fixes).
- KVM: Bound the number of dirty ring entries in a single reset at INT_MAX (git-fixes).
- KVM: Conditionally reschedule when resetting the dirty ring (git-fixes).
- KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199).
- KVM: SVM: Disable interception of SPEC_CTRL iff the MSR exists for the guest (git-fixes).
- KVM: SVM: Fix SNP AP destroy race with VMRUN (git-fixes).
- KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight (git-fixes).
- KVM: TDX: Add new TDVMCALL status code for unsupported subfuncs (jsc#PED-13302).
- KVM: TDX: Do not report base TDVMCALLs (git-fixes).
- KVM: TDX: Exit to userspace for GetTdVmCallInfo (jsc#PED-13302).
- KVM: TDX: Exit to userspace for SetupEventNotifyInterrupt (jsc#PED-13302).
- KVM: TDX: Handle TDG.VP.VMCALL<GetQuote> (jsc#PED-13302).
- KVM: TDX: Report supported optional TDVMCALLs in TDX capabilities (jsc#PED-13302).
- KVM: TDX: Use kvm_arch_vcpu.host_debugctl to restore the host's DEBUGCTL (git-fixes).
- KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest (git-fixes).
- KVM: VMX: Ensure unused kvm_tdx_capabilities fields are zeroed out (jsc#PED-13302).
- KVM: arm64: Adjust range correctly during host stage-2 faults (git-fixes).
- KVM: arm64: Do not free hyp pages with pKVM on GICv2 (git-fixes).
- KVM: arm64: Fix error path in init_hyp_mode() (git-fixes).
- KVM: arm64: Mark freed S2 MMUs as invalid (git-fixes).
- KVM: arm64: vgic: fix incorrect spinlock API usage (git-fixes).
- KVM: s390: Fix access to unavailable adapter indicator pages during postcopy (git-fixes bsc#1250124).
- KVM: s390: Fix incorrect usage of mmu_notifier_register() (git-fixes bsc#1250123).
- KVM: x86/mmu: Locally cache whether a PFN is host MMIO when making a SPTE (git-fixes).
- KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table (git-fixes).
- KVM: x86: Avoid calling kvm_is_mmio_pfn() when kvm_x86_ops.get_mt_mask is NULL (git-fixes).
- KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap (git-fixes).
- KVM: x86: Drop pending_smi vs. INIT_RECEIVED check when setting MP_STATE (git-fixes).
- KVM: x86: Reject KVM_SET_TSC_KHZ vCPU ioctl for TSC protected guest (git-fixes).
- KVM: x86: avoid underflow when scaling TSC frequency (git-fixes).
- Limit patch filenames to 100 characters (bsc#1249604).
- Move upstreamed SPI patch into sorted section
- NFS: Fix a race when updating an existing write (git-fixes).
- NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (git-fixes).
- NFS: Fix the setting of capabilities when automounting a new filesystem (git-fixes).
- NFS: Fix wakeup of __nfs_lookup_revalidate() in unblock_revalidate() (git-fixes).
- NFS: Fixup allocation flags for nfsiod's __GFP_NORETRY (git-fixes).
- NFS: nfs_invalidate_folio() must observe the offset and size arguments (git-fixes).
- NFSD: Define a proc_layoutcommit for the FlexFiles layout type (git-fixes).
- NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() (git-fixes).
- NFSD: detect mismatch of file handle and delegation stateid in OPEN op (git-fixes).
- NFSv4.1: fix backchannel max_resp_sz verification check (git-fixes).
- NFSv4.2: another fix for listxattr (git-fixes).
- NFSv4/flexfiles: Fix layout merge mirror check (git-fixes).
- NFSv4: Clear NFS_CAP_OPEN_XOR and NFS_CAP_DELEGTIME if not supported (git-fixes).
- NFSv4: Clear the NFS_CAP_FS_LOCATIONS flag if it is not set (git-fixes).
- NFSv4: Clear the NFS_CAP_XATTR flag if not supported by the server (git-fixes).
- NFSv4: Do not clear capabilities that won't be reset (git-fixes).
- Octeontx2-af: Skip overlap check for SPI field (git-fixes).
- PCI/ACPI: Fix pci_acpi_preserve_config() memory leak (git-fixes).
- PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (git-fixes).
- PCI/AER: Fix missing uevent on recovery when a reset is requested (git-fixes).
- PCI/ERR: Fix uevent on failure to recover (git-fixes).
- PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV (git-fixes).
- PCI/MSI: Export pci_msix_prepare_desc() for dynamic MSI-X allocations (bsc#1245457).
- PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge (git-fixes).
- PCI/pwrctrl: Fix device leak at registration (git-fixes).
- PCI/sysfs: Ensure devices are powered for config reads (git-fixes).
- PCI: Extend isolated function probing to LoongArch (git-fixes).
- PCI: Rename PCIE_RESET_CONFIG_DEVICE_WAIT_MS to PCIE_RESET_CONFIG_WAIT_MS (git-fixes).
- PCI: Support Immediate Readiness on devices without PM capabilities (git-fixes).
- PCI: dw-rockchip: Replace PERST# sleep time with proper macro (git-fixes).
- PCI: dw-rockchip: Wait PCIE_RESET_CONFIG_WAIT_MS after link-up IRQ (git-fixes).
- PCI: dwc: Ensure that dw_pcie_wait_for_link() waits 100 ms after link up (stable-fixes).
- PCI: endpoint: Fix configfs group list head handling (git-fixes).
- PCI: endpoint: Fix configfs group removal on driver teardown (git-fixes).
- PCI: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem attribute (git-fixes).
- PCI: endpoint: pci-epf-vntb: Return -ENOENT if pci_epc_get_next_free_bar() fails (git-fixes).
- PCI: hv: Allow dynamic MSI-X vector allocation (bsc#1245457).
- PCI: imx6: Add IMX8MM_EP and IMX8MP_EP fixed 256-byte BAR 4 in epc_features (git-fixes).
- PCI: imx6: Add IMX8MQ_EP third 64-bit BAR in epc_features (git-fixes).
- PCI: imx6: Add i.MX8Q PCIe Endpoint (EP) support (git-fixes).
- PCI: imx6: Delay link start until configfs 'start' written (git-fixes).
- PCI: imx6: Remove apps_reset toggling from imx_pcie_{assert/deassert}_core_reset (git-fixes).
- PCI: j721e: Fix incorrect error message in probe() (git-fixes).
- PCI: j721e: Fix programming sequence of "strap" settings (git-fixes).
- PCI: keystone: Use devm_request_irq() to free "ks-pcie-error-irq" on exit (git-fixes).
- PCI: pnv_php: Clean up allocated IRQs on unplug (bsc#1215199).
- PCI: pnv_php: Work around switches with broken presence detection (bsc#1215199).
- PCI: qcom: Wait PCIE_RESET_CONFIG_WAIT_MS after link-up IRQ (git-fixes).
- PCI: rcar-gen4: Add missing 1ms delay after PWR reset assertion (git-fixes).
- PCI: rcar-gen4: Assure reset occurs before DBI access (git-fixes).
- PCI: rcar-gen4: Fix PHY initialization (git-fixes).
- PCI: rcar-gen4: Fix inverted break condition in PHY initialization (git-fixes).
- PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock (git-fixes).
- PCI: rcar-host: Drop PMSR spinlock (git-fixes).
- PCI: rockchip-host: Fix "Unexpected Completion" log message (git-fixes).
- PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining (git-fixes).
- PCI: rockchip: Use standard PCIe definitions (git-fixes).
- PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq() (git-fixes).
- PCI: tegra194: Fix duplicate PLL disable in pex_ep_event_pex_rst_assert() (git-fixes).
- PCI: tegra194: Handle errors in BPMP response (git-fixes).
- PCI: tegra194: Reset BARs when running in PCIe endpoint mode (git-fixes).
- PCI: tegra: Convert struct tegra_msi mask_lock into raw spinlock (git-fixes).
- PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation (git-fixes).
- PCI: xilinx-nwl: Fix ECAM programming (git-fixes).
- PM / devfreq: Check governor before using governor->name (git-fixes).
- PM / devfreq: Fix a index typo in trans_stat (git-fixes).
- PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() (stable-fixes).
- PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() (git-fixes).
- PM / devfreq: rockchip-dfi: double count on RK3588 (git-fixes).
- PM: EM: use kfree_rcu() to simplify the code (stable-fixes).
- PM: cpufreq: powernv/tracing: Move powernv_throttle trace event (git-fixes).
- PM: hibernate: Add pm_hibernation_mode_is_suspend() (bsc#1243112).
- PM: hibernate: Add stub for pm_hibernate_is_recovering() (bsc#1243112).
- PM: hibernate: Fix pm_hibernation_mode_is_suspend() build breakage (bsc#1243112).
- PM: hibernate: add new api pm_hibernate_is_recovering() (bsc#1243112).
- PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() (stable-fixes).
- PM: runtime: Take active children into account in pm_runtime_get_if_in_use() (git-fixes).
- PM: sleep: console: Fix the black screen issue (stable-fixes).
- PM: sleep: core: Clear power.must_resume in noirq suspend error path (git-fixes).
- RAS/AMD/ATL: Include row bit in row retirement (bsc#1242034).
- RAS/AMD/FMPM: Get masked address (bsc#1242034).
- RDMA/bnxt_re: Fix a possible memory leak in the driver (git-fixes)
- RDMA/bnxt_re: Fix size of uverbs_copy_to() in BNXT_RE_METHOD_GET_TOGGLE_MEM (git-fixes)
- RDMA/bnxt_re: Fix to do SRQ armena by default (git-fixes)
- RDMA/bnxt_re: Fix to initialize the PBL array (git-fixes)
- RDMA/bnxt_re: Fix to remove workload check in SRQ limit path (git-fixes)
- RDMA/cm: Rate limit destroy CM ID timeout error message (git-fixes)
- RDMA/core: Rate limit GID cache warning messages (git-fixes)
- RDMA/core: Resolve MAC of next-hop device without ARP support (git-fixes)
- RDMA/core: reduce stack using in nldev_stat_get_doit() (git-fixes)
- RDMA/counter: Check CAP_NET_RAW check in user namespace for RDMA counters (git-fixes)
- RDMA/erdma: Fix ignored return value of init_kernel_qp (git-fixes)
- RDMA/hns: Drop GFP_NOWARN (git-fixes)
- RDMA/hns: Fix -Wframe-larger-than issue (git-fixes)
- RDMA/hns: Fix HW configurations not cleared in error flow (git-fixes)
- RDMA/hns: Fix accessing uninitialized resources (git-fixes)
- RDMA/hns: Fix dip entries leak on devices newer than hip09 (git-fixes)
- RDMA/hns: Fix double destruction of rsv_qp (git-fixes)
- RDMA/hns: Fix querying wrong SCC context for DIP algorithm (git-fixes)
- RDMA/hns: Get message length of ack_req from FW (git-fixes)
- RDMA/mana_ib: Add device statistics support (bsc#1246651).
- RDMA/mana_ib: Drain send wrs of GSI QP (bsc#1251135).
- RDMA/mana_ib: Extend modify QP (bsc#1251135).
- RDMA/mana_ib: Fix DSCP value in modify QP (git-fixes).
- RDMA/mana_ib: add additional port counters (git-fixes).
- RDMA/mana_ib: add support of multiple ports (git-fixes).
- RDMA/mlx5: Better estimate max_qp_wr to reflect WQE count (git-fixes)
- RDMA/mlx5: Check CAP_NET_RAW in user namespace for anchor create (git-fixes)
- RDMA/mlx5: Check CAP_NET_RAW in user namespace for devx create (git-fixes)
- RDMA/mlx5: Check CAP_NET_RAW in user namespace for flow create (git-fixes)
- RDMA/mlx5: Fix UMR modifying of mkey page size (git-fixes)
- RDMA/mlx5: Fix compilation warning when USER_ACCESS isn't set (git-fixes)
- RDMA/mlx5: Fix vport loopback forcing for MPV device (git-fixes)
- RDMA/nldev: Check CAP_NET_RAW in user namespace for QP modify (git-fixes)
- RDMA/rxe: Fix race in do_task() when draining (git-fixes)
- RDMA/rxe: Flush delayed SKBs while releasing RXE resources (git-fixes)
- RDMA/siw: Always report immediate post SQ errors (git-fixes)
- RDMA/siw: Fix the sendmsg byte count in siw_tcp_sendpages (git-fixes)
- RDMA/uverbs: Add empty rdma_uattrs_has_raw_cap() declaration (git-fixes)
- RDMA/uverbs: Check CAP_NET_RAW in user namespace for QP create (git-fixes)
- RDMA/uverbs: Check CAP_NET_RAW in user namespace for RAW QP create (git-fixes)
- RDMA/uverbs: Check CAP_NET_RAW in user namespace for flow create (git-fixes)
- RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (git-fixes)
- README.BRANCH: mfranc@suse.cz leaving SUSE
- RISC-V: Add defines for the SBI nested acceleration extension (jsc#PED-348).
- Reapply "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" (git-fixes).
- Reapply "x86/smp: Eliminate mwait_play_dead_cpuid_hint()" (jsc#PED-13815).
- Revert "SUNRPC: Do not allow waiting for exiting tasks" (git-fixes).
- Revert "drm/amdgpu: fix incorrect vm flags to map bo" (stable-fixes).
- Revert "drm/nouveau: check ioctl command codes better" (git-fixes).
- Revert "gpio: mlxbf3: only get IRQ for device instance 0" (git-fixes).
- Revert "leds: trigger: netdev: Configure LED blink interval for HW offload" (git-fixes).
- Revert "mac80211: Dynamically set CoDel parameters per station" (stable-fixes).
- Revert "usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running" (git-fixes).
- Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()" (stable-fixes).
- Revert "wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO" (git-fixes).
- SUNRPC: call xs_sock_process_cmsg for all cmsg (git-fixes).
- Squashfs: add additional inode sanity checking (git-fixes).
- Squashfs: fix uninit-value in squashfs_get_parent (git-fixes).
- Squashfs: reject negative file sizes in squashfs_read_inode() (git-fixes).
- USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels (git-fixes).
- USB: gadget: f_hid: Fix memory leak in hidg_bind error path (git-fixes).
- USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI (stable-fixes).
- USB: serial: option: add Foxconn T99W640 (stable-fixes).
- USB: serial: option: add Foxconn T99W709 (stable-fixes).
- USB: serial: option: add SIMCom 8230C compositions (stable-fixes).
- USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition (stable-fixes).
- USB: serial: option: add Telit Cinterion FN990A w/audio compositions (stable-fixes).
- USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions (stable-fixes).
- USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera (stable-fixes).
- USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles (stable-fixes).
- Update config files. (bsc#1249186) Enable where we define KABI refs + rely on Kconfig deps.
- Update config files: revive pwc driver for Leap (bsc#1249060)
- accel/habanalabs/gaudi2: Use kvfree() for memory allocated with kvcalloc() (git-fixes).
- accel/ivpu: Correct DCT interrupt handling (git-fixes).
- accel/ivpu: Fix reset_engine debugfs file logic (stable-fixes).
- accel/ivpu: Fix warning in ivpu_gem_bo_free() (git-fixes).
- accel/ivpu: Prevent recovery work from being queued during device removal (git-fixes).
- amdgpu/amdgpu_discovery: increase timeout limit for IFWI init (stable-fixes).
- aoe: defer rexmit timer downdev work to workqueue (git-fixes).
- arch/powerpc: Remove .interp section in vmlinux (bsc#1215199).
- arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() (git-fixes)
- arm64/mm: Check PUD_TYPE_TABLE in pud_bad() (git-fixes)
- arm64/mm: Check pmd_table() in pmd_trans_huge() (git-fixes)
- arm64/mm: Close theoretical race where stale TLB entry remains valid (git-fixes)
- arm64/mm: Drop wrong writes into TCR2_EL1 (git-fixes)
- arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes)
- arm64/sysreg: Add register fields for HDFGRTR2_EL2 (git-fixes)
- arm64/sysreg: Add register fields for HDFGWTR2_EL2 (git-fixes)
- arm64/sysreg: Add register fields for HFGITR2_EL2 (git-fixes)
- arm64/sysreg: Add register fields for HFGRTR2_EL2 (git-fixes)
- arm64/sysreg: Add register fields for HFGWTR2_EL2 (git-fixes)
- arm64/sysreg: Update register fields for ID_AA64MMFR0_EL1 (git-fixes)
- arm64: Filter out SME hwcaps when FEAT_SME isn't implemented (git-fixes)
- arm64: Handle KCOV __init vs inline mismatches (git-fixes)
- arm64: Mark kernel as tainted on SAE and SError panic (git-fixes)
- arm64: Restrict pagetable teardown to avoid false warning (git-fixes)
- arm64: config: Make tpm_tis_spi module build-in (bsc#1246896)
- arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD (git-fixes)
- arm64: dts: add big-endian property back into watchdog node (git-fixes)
- arm64: dts: apple: Add ethernet0 alias for J375 template (git-fixes)
- arm64: dts: apple: t8103-j457: Fix PCIe ethernet iommu-map (git-fixes)
- arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename (git-fixes)
- arm64: dts: exynos: gs101: Add 'local-timer-stop' to cpuidle nodes (git-fixes)
- arm64: dts: exynos: gs101: ufs: add dma-coherent property (git-fixes)
- arm64: dts: freescale: imx8mm-verdin: Keep LDO5 always on (git-fixes)
- arm64: dts: freescale: imx93-tqma9352: Limit BUCK2 to 600mV (git-fixes)
- arm64: dts: imx8mm-beacon: Fix HS400 USDHC clock speed (git-fixes)
- arm64: dts: imx8mm-beacon: Fix RTC capacitive load (git-fixes)
- arm64: dts: imx8mm-beacon: Set SAI5 MCLK direction to output for HDMI (git-fixes)
- arm64: dts: imx8mm-venice-gw700x: Increase HS400 USDHC clock speed (git-fixes)
- arm64: dts: imx8mm-venice-gw7901: Increase HS400 USDHC clock speed (git-fixes)
- arm64: dts: imx8mm-venice-gw7902: Increase HS400 USDHC clock speed (git-fixes)
- arm64: dts: imx8mm-venice-gw7903: Increase HS400 USDHC clock speed (git-fixes)
- arm64: dts: imx8mm-venice-gw7904: Increase HS400 USDHC clock speed (git-fixes)
- arm64: dts: imx8mn-beacon: Fix HS400 USDHC clock speed (git-fixes)
- arm64: dts: imx8mn-beacon: Fix RTC capacitive load (git-fixes)
- arm64: dts: imx8mn-beacon: Set SAI5 MCLK direction to output for HDMI (git-fixes)
- arm64: dts: imx8mn-venice-gw7902: Increase HS400 USDHC clock speed (git-fixes)
- arm64: dts: imx8mp-beacon: Fix RTC capacitive load (git-fixes)
- arm64: dts: imx8mp-tqma8mpql: fix LDO5 power off (git-fixes)
- arm64: dts: imx8mp-venice-gw702x: Increase HS400 USDHC clock speed (git-fixes)
- arm64: dts: imx8mp-venice-gw71xx: fix TPM SPI frequency (git-fixes)
- arm64: dts: imx8mp-venice-gw72xx: fix TPM SPI frequency (git-fixes)
- arm64: dts: imx8mp-venice-gw73xx: fix TPM SPI frequency (git-fixes)
- arm64: dts: imx8mp-venice-gw74xx: fix TPM SPI frequency (git-fixes)
- arm64: dts: imx8mp: Correct thermal sensor index (git-fixes)
- arm64: dts: imx8mp: Fix missing microSD slot vqmmc on DH electronics (git-fixes)
- arm64: dts: imx8mp: Fix missing microSD slot vqmmc on Data Modul (git-fixes)
- arm64: dts: imx93-kontron: Fix GPIO for panel regulator (git-fixes)
- arm64: dts: imx93-kontron: Fix USB port assignment (git-fixes)
- arm64: dts: imx95: Correct the DMA interrupter number of pcie0_ep (git-fixes)
- arm64: dts: imx95: Correct the lpuart7 and lpuart8 srcid (git-fixes)
- arm64: dts: marvell: cn9132-clearfog: disable eMMC high-speed modes (git-fixes)
- arm64: dts: marvell: cn9132-clearfog: fix multi-lane pci x2 and x4 (git-fixes)
- arm64: dts: rockchip: Add cd-gpios for sdcard detect on Cool Pi 4B (git-fixes).
- arm64: dts: rockchip: Add cd-gpios for sdcard detect on Cool Pi CM5 (git-fixes)
- arm64: dts: rockchip: Add vcc-supply to SPI flash on (git-fixes)
- arm64: dts: rockchip: Add vcc-supply to SPI flash on rk3566-rock3c (git-fixes)
- arm64: dts: rockchip: Fix Bluetooth interrupts flag on Neardi LBA3368 (git-fixes)
- arm64: dts: rockchip: Fix the headphone detection on the orangepi 5 (git-fixes)
- arm64: dts: rockchip: Move SHMEM memory to reserved memory on rk3588 (git-fixes)
- arm64: dts: rockchip: Update eMMC for NanoPi R5 series (git-fixes)
- arm64: dts: rockchip: disable unrouted USB controllers and PHY on (git-fixes)
- arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma (git-fixes)
- arm64: dts: rockchip: fix endpoint dtc warning for PX30 ISP (git-fixes)
- arm64: dts: rockchip: fix internal USB hub instability on RK3399 Puma (git-fixes)
- arm64: dts: rockchip: use cs-gpios for spi1 on ringneck (git-fixes)
- arm64: dts: st: fix timer used for ticks (git-fixes)
- arm64: ftrace: fix unreachable PLT for ftrace_caller in init_module (git-fixes)
- arm64: map [_text, _stext) virtual address range (git-fixes)
- arm64: mte: Do not flag the zero page as PG_mte_tagged (git-fixes)
- arm64: poe: Handle spurious Overlay faults (git-fixes)
- arm64: rust: clean Rust 1.85.0 warning using softfloat target (git-fixes)
- arm64: stacktrace: Check kretprobe_find_ret_addr() return value (git-fixes)
- arm64: tegra: Add uartd serial alias for Jetson TX1 module (git-fixes)
- arm64: tegra: Drop remaining serial clock-names and reset-names (git-fixes)
- arm64: tegra: Resize aperture for the IGX PCIe C5 slot (git-fixes)
- arm64: tegra: p2597: Fix gpio for vdd-1v8-dis regulator (git-fixes)
- arm64: zynqmp: add clock-output-names property in clock nodes (git-fixes)
- ata: ahci: Disable DIPM if host lacks support (stable-fixes).
- ata: ahci: Disallow LPM policy control if not supported (stable-fixes).
- ata: libata-sata: Add link_power_management_supported sysfs attribute (git-fixes).
- ata: libata-sata: Disallow changing LPM state if not supported (stable-fixes).
- ata: libata-scsi: Fix CDL control (git-fixes).
- audit,module: restore audit logging in load failure case (git-fixes).
- ax25: properly unshare skbs in ax25_kiss_rcv() (git-fixes).
- batman-adv: fix OOB read/write in network-coding decode (git-fixes).
- benet: fix BUG when creating VFs (git-fixes).
- block: Introduce bio_needs_zone_write_plugging() (git-fixes).
- block: Make REQ_OP_ZONE_FINISH a write operation (git-fixes, bsc#1249552).
- block: ensure discard_granularity is zero when discard is not supported (git-fixes).
- block: fix kobject leak in blk_unregister_queue (git-fixes).
- block: mtip32xx: Fix usage of dma_map_sg() (git-fixes).
- block: sanitize chunk_sectors for atomic write limits (git-fixes).
- bnxt_en: Add a helper function to configure MRU and RSS (git-fixes).
- bnxt_en: Adjust TX rings if reservation is less than requested (git-fixes).
- bnxt_en: Fix DCB ETS validation (git-fixes).
- bnxt_en: Fix memory corruption when FW resources change during ifdown (git-fixes).
- bnxt_en: Fix stats context reservation logic (git-fixes).
- bnxt_en: Flush FW trace before copying to the coredump (git-fixes).
- bnxt_en: Update MRU and RSS table of RSS contexts on queue reset (git-fixes).
- bnxt_en: eliminate the compile warning in bnxt_request_irq due to CONFIG_RFS_ACCEL (git-fixes).
- bpf, arm64: Call bpf_jit_binary_pack_finalize() in bpf_jit_free() (git-fixes)
- bpf, arm64: Fix fp initialization for exception boundary (git-fixes)
- bpf, docs: Fix broken link to renamed bpf_iter_task_vmas.c (git-fixes).
- bpf, sockmap: Fix psock incorrectly pointing to sk (git-fixes).
- bpf: Adjust free target to avoid global starvation of LRU map (git-fixes).
- bpf: Allow XDP dev-bound programs to perform XDP_REDIRECT into maps (git-fixes).
- bpf: Avoid RCU context warning when unpinning htab with internal structs (git-fixes).
- bpf: Check link_create.flags parameter for multi_kprobe (git-fixes).
- bpf: Check link_create.flags parameter for multi_uprobe (git-fixes).
- bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} (git-fixes).
- bpf: Fix uninitialized values in BPF_{CORE,PROBE}_READ (git-fixes).
- bpf: Forget ranges when refining tnum after JSET (git-fixes).
- bpf: Make reg_not_null() true for CONST_PTR_TO_MAP (git-fixes).
- bpf: Only fails the busy counter check in bpf_cgrp_storage_get if it creates storage (git-fixes).
- bpf: Reject %p% format string in bprintf-like helpers (git-fixes).
- bpf: Reject attaching fexit/fmod_ret to __noreturn functions (git-fixes).
- bpf: Reject narrower access to pointer ctx fields (git-fixes).
- bpf: Return prog btf_id without capable check (git-fixes).
- bpf: Use preempt_count() directly in bpf_send_signal_common() (git-fixes).
- bpf: Use proper type to calculate bpf_raw_tp_null_args.mask index (git-fixes).
- bpf: fix possible endless loop in BPF map iteration (git-fixes).
- btrfs: abort transaction during log replay if walk_log_tree() failed (git-fixes).
- btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() (git-fixes).
- btrfs: add assertions and comment about path expectations to btrfs_cross_ref_exist() (git-fixes).
- btrfs: add debug build only WARN (bsc#1249038).
- btrfs: add function comment for check_committed_ref() (git-fixes).
- btrfs: always abort transaction on failure to add block group to free space tree (git-fixes).
- btrfs: avoid load/store tearing races when checking if an inode was logged (git-fixes).
- btrfs: avoid redundant call to get inline ref type at check_committed_ref() (git-fixes).
- btrfs: avoid starting new transaction when cleaning qgroup during subvolume drop (git-fixes).
- btrfs: clear dirty status from extent buffer on error at insert_new_root() (git-fixes).
- btrfs: codify pattern for adding block_group to bg_list (git-fixes).
- btrfs: convert ASSERT(0) with handled errors to DEBUG_WARN() (bsc#1249038).
- btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling (git-fixes).
- btrfs: correctly escape subvol in btrfs_show_options() (git-fixes).
- btrfs: do not allow relocation of partially dropped subvolumes (bsc#1249540).
- btrfs: do not ignore inode missing when replaying log tree (git-fixes).
- btrfs: do not output error message if a qgroup has been already cleaned up (git-fixes).
- btrfs: do not return VM_FAULT_SIGBUS on failure to set delalloc for mmap write (bsc#1247949).
- btrfs: do not silently ignore unexpected extent type when replaying log (git-fixes).
- btrfs: do not skip remaining extrefs if dir not found during log replay (git-fixes).
- btrfs: enhance ASSERT() to take optional format string (bsc#1249038).
- btrfs: error on missing block group when unaccounting log tree extent buffers (git-fixes).
- btrfs: exit after state split error at set_extent_bit() (git-fixes).
- btrfs: explicitly ref count block_group on new_bgs list (bsc#1243068)
- btrfs: fix -ENOSPC mmap write failure on NOCOW files/extents (bsc#1247949).
- btrfs: fix assertion when building free space tree (git-fixes).
- btrfs: fix corruption reading compressed range when block size is smaller than page size (git-fixes).
- btrfs: fix data overwriting bug during buffered write when block size < page size (git-fixes).
- btrfs: fix data race when accessing the inode's disk_i_size at btrfs_drop_extents() (git-fixes).
- btrfs: fix incorrect log message for nobarrier mount option (git-fixes).
- btrfs: fix inode lookup error handling during log replay (git-fixes).
- btrfs: fix invalid extref key setup when replaying dentry (git-fixes).
- btrfs: fix invalid inode pointer after failure to create reloc inode (git-fixes).
- btrfs: fix invalid inode pointer dereferences during log replay (git-fixes).
- btrfs: fix iteration bug in __qgroup_excl_accounting() (git-fixes).
- btrfs: fix log tree replay failure due to file with 0 links and extents (git-fixes).
- btrfs: fix missing error handling when searching for inode refs during log replay (git-fixes).
- btrfs: fix non-empty delayed iputs list on unmount due to async workers (git-fixes).
- btrfs: fix printing of mount info messages for NODATACOW/NODATASUM (git-fixes).
- btrfs: fix race between logging inode and checking if it was logged before (git-fixes).
- btrfs: fix race between setting last_dir_index_offset and inode logging (git-fixes).
- btrfs: fix squota compressed stats leak (git-fixes).
- btrfs: fix ssd_spread overallocation (git-fixes).
- btrfs: fix subvolume deletion lockup caused by inodes xarray race (git-fixes).
- btrfs: fix the inode leak in btrfs_iget() (git-fixes).
- btrfs: fix two misuses of folio_shift() (git-fixes).
- btrfs: fix wrong length parameter for btrfs_cleanup_ordered_extents() (git-fixes).
- btrfs: handle unaligned EOF truncation correctly for subpage cases (bsc#1249038).
- btrfs: initialize inode::file_extent_tree after i_mode has been set (git-fixes).
- btrfs: make btrfs_discard_workfn() block_group ref explicit (bsc#1243068)
- btrfs: make btrfs_iget() return a btrfs inode instead (git-fixes).
- btrfs: make btrfs_iget_path() return a btrfs inode instead (git-fixes).
- btrfs: move transaction aborts to the error site in add_block_group_free_space() (git-fixes).
- btrfs: pass a btrfs_inode to fixup_inode_link_count() (git-fixes).
- btrfs: pass struct btrfs_inode to btrfs_defrag_file() (git-fixes).
- btrfs: pass struct btrfs_inode to btrfs_double_mmap_lock() (git-fixes).
- btrfs: pass struct btrfs_inode to btrfs_double_mmap_unlock() (git-fixes).
- btrfs: pass struct btrfs_inode to btrfs_extent_same_range() (git-fixes).
- btrfs: pass struct btrfs_inode to btrfs_fill_inode() (git-fixes).
- btrfs: pass struct btrfs_inode to btrfs_iget_locked() (git-fixes).
- btrfs: pass struct btrfs_inode to btrfs_inode_inherit_props() (git-fixes).
- btrfs: pass struct btrfs_inode to btrfs_inode_type() (git-fixes).
- btrfs: pass struct btrfs_inode to btrfs_load_inode_props() (git-fixes).
- btrfs: pass struct btrfs_inode to btrfs_read_locked_inode() (git-fixes).
- btrfs: pass struct btrfs_inode to can_nocow_extent() (git-fixes).
- btrfs: pass struct btrfs_inode to clone_copy_inline_extent() (git-fixes).
- btrfs: pass struct btrfs_inode to extent_range_clear_dirty_for_io() (git-fixes).
- btrfs: pass struct btrfs_inode to fill_stack_inode_item() (git-fixes).
- btrfs: pass struct btrfs_inode to new_simple_dir() (git-fixes).
- btrfs: pass true to btrfs_delalloc_release_space() at btrfs_page_mkwrite() (bsc#1247949).
- btrfs: propagate last_unlink_trans earlier when doing a rmdir (git-fixes).
- btrfs: props: switch prop_handler::apply to struct btrfs_inode (git-fixes).
- btrfs: props: switch prop_handler::extract to struct btrfs_inode (git-fixes).
- btrfs: push cleanup into btrfs_read_locked_inode() (git-fixes).
- btrfs: qgroup: fix qgroup create ioctl returning success after quotas disabled (git-fixes).
- btrfs: qgroup: fix race between quota disable and quota rescan ioctl (git-fixes).
- btrfs: qgroup: remove no longer used fs_info->qgroup_ulist (git-fixes).
- btrfs: qgroup: set quota enabled bit if quota disable fails flushing reservations (git-fixes).
- btrfs: record new subvolume in parent dir earlier to avoid dir logging races (git-fixes).
- btrfs: remove conditional path allocation in btrfs_read_locked_inode() (git-fixes).
- btrfs: remove no longer needed strict argument from can_nocow_extent() (git-fixes).
- btrfs: remove redundant path release when replaying a log tree (git-fixes).
- btrfs: remove the snapshot check from check_committed_ref() (git-fixes).
- btrfs: restore mount option info messages during mount (git-fixes).
- btrfs: return a btrfs_inode from btrfs_iget_logging() (git-fixes).
- btrfs: return a btrfs_inode from read_one_inode() (git-fixes).
- btrfs: return any hit error from extent_writepage_io() (git-fixes).
- btrfs: send: remove unnecessary inode lookup at send_encoded_inline_extent() (git-fixes).
- btrfs: simplify arguments for btrfs_cross_ref_exist() (git-fixes).
- btrfs: simplify early error checking in btrfs_page_mkwrite() (bsc#1247949).
- btrfs: simplify error detection flow during log replay (git-fixes).
- btrfs: simplify return logic at check_committed_ref() (git-fixes).
- btrfs: subpage: fix the bitmap dump of the locked flags (git-fixes).
- btrfs: tests: fix chunk map leak after failure to add it to the tree (git-fixes).
- btrfs: tree-checker: fix the incorrect inode ref size check (git-fixes).
- btrfs: unfold transaction aborts when replaying log trees (git-fixes).
- btrfs: unify ordering of btrfs_key initializations (git-fixes).
- btrfs: update superblock's device bytes_used when dropping chunk (git-fixes).
- btrfs: use a single variable to track return value at btrfs_page_mkwrite() (bsc#1247949).
- btrfs: use btrfs_record_snapshot_destroy() during rmdir (git-fixes).
- btrfs: use filemap_get_folio() helper (git-fixes).
- btrfs: use struct btrfs_inode inside btrfs_get_name() (git-fixes).
- btrfs: use struct btrfs_inode inside btrfs_get_parent() (git-fixes).
- btrfs: use struct btrfs_inode inside btrfs_remap_file_range() (git-fixes).
- btrfs: use struct btrfs_inode inside btrfs_remap_file_range_prep() (git-fixes).
- btrfs: use struct btrfs_inode inside create_pending_snapshot() (git-fixes).
- btrfs: use verbose ASSERT() in volumes.c (bsc#1249038).
- build_bug.h: Add KABI assert (bsc#1249186).
- bus: firewall: Fix missing static inline annotations for stubs (git-fixes).
- bus: fsl-mc: Check return value of platform_get_resource() (git-fixes).
- bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint() (git-fixes).
- bus: mhi: ep: Fix chained transfer handling in read path (git-fixes).
- bus: mhi: host: Detect events pointing to unexpected TREs (git-fixes).
- bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() (git-fixes).
- bus: mhi: host: pci_generic: Fix the modem name of Foxconn T99W640 (git-fixes).
- can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes).
- can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled (stable-fixes).
- can: hi311x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes).
- can: j1939: implement NETDEV_UNREGISTER notification handler (git-fixes).
- can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails (git-fixes).
- can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed (git-fixes).
- can: kvaser_pciefd: Store device channel index (git-fixes).
- can: kvaser_usb: Assign netdev.dev_port based on device channel index (git-fixes).
- can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow (git-fixes).
- can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode (git-fixes).
- can: peak_usb: fix USB FD devices potential malfunction (git-fixes).
- can: peak_usb: fix shift-out-of-bounds issue (git-fixes).
- can: rcar_can: rcar_can_resume(): fix s2ram with PSCI (stable-fixes).
- can: rcar_canfd: Fix controller mode setting (stable-fixes).
- can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow (git-fixes).
- can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB (git-fixes).
- cdc-acm: fix race between initial clearing halt and open (git-fixes).
- cdc_ncm: Flag Intel OEM version of Fibocom L850-GL as WWAN (stable-fixes).
- cdx: Fix off-by-one error in cdx_rpmsg_probe() (git-fixes).
- cgroup/cpuset: Fix a partition error with CPU hotplug (bsc#1241166).
- cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key (bsc#1241166).
- cgroup: Add compatibility option for content of /proc/cgroups (jsc#PED-12405).
- cgroup: Print message when /proc/cgroups is read on v2-only system (jsc#PED-12405).
- cgroup: llist: avoid memory tears for llist_node (bsc#1247963).
- cgroup: make css_rstat_updated nmi safe (bsc#1247963).
- cgroup: remove per-cpu per-subsystem locks (bsc#1247963).
- cgroup: support to enable nmi-safe css_rstat_updated (bsc#1247963).
- char: misc: Fix improper and inaccurate error code returned by misc_init() (stable-fixes).
- clk: at91: peripheral: fix return value (git-fixes).
- clk: at91: sam9x7: update pll clk ranges (git-fixes).
- clk: clk-axi-clkgen: fix fpfd_max frequency for zynq (git-fixes).
- clk: davinci: Add NULL check in davinci_lpsc_clk_register() (git-fixes).
- clk: imx95-blk-ctl: Fix synchronous abort (git-fixes).
- clk: mediatek: clk-mux: Do not pass flags to clk_mux_determine_rate_flags() (git-fixes).
- clk: mediatek: mt8195-infra_ao: Fix parent for infra_ao_hdmi_26m (git-fixes).
- clk: qcom: common: Fix NULL vs IS_ERR() check in qcom_cc_icc_register() (git-fixes).
- clk: qcom: gcc-ipq8074: fix broken freq table for nss_port6_tx_clk_src (git-fixes).
- clk: qcom: tcsrcc-x1e80100: Set the bi_tcxo as parent to eDP refclk (git-fixes).
- clk: renesas: cpg-mssr: Fix memory leak in cpg_mssr_reserved_init() (git-fixes).
- clk: renesas: rzv2h: Fix missing CLK_SET_RATE_PARENT flag for ddiv clocks (git-fixes).
- clk: samsung: exynos850: fix a comment (git-fixes).
- clk: samsung: gs101: fix CLK_DOUT_CMU_G3D_BUSD (git-fixes).
- clk: samsung: gs101: fix alternate mout_hsi0_usb20_ref parent clock (git-fixes).
- clk: sunxi-ng: v3s: Fix de clock definition (git-fixes).
- clk: tegra: do not overallocate memory for bpmp clocks (git-fixes).
- clk: thead: th1520-ap: Correctly refer the parent of osc_12m (git-fixes).
- clk: xilinx: vcu: unregister pll_post only if registered correctly (git-fixes).
- comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() (git-fixes).
- comedi: Make insn_rw_emulate_bits() do insn->n samples (git-fixes).
- comedi: fix race between polling and detaching (git-fixes).
- comedi: pcl726: Prevent invalid irq number (git-fixes).
- compiler-clang.h: define __SANITIZE_*__ macros only when undefined (stable-fixes).
- compiler: remove __ADDRESSABLE_ASM{_STR,}() again (git-fixes).
- config.sh: SLFO 1.2 branched in IBS
- config: arm64: default: enable mtu3 dual-role support for MediaTek platforms (bsc#1245206)
- coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes).
- cpu: Define attack vectors (git-fixes).
- cpufreq/amd-pstate: Fix a regression leading to EPP 0 after resume (git-fixes).
- cpufreq/amd-pstate: Fix setting of CPPC.min_perf in active mode for performance governor (git-fixes).
- cpufreq/sched: Explicitly synchronize limits_changed flag (git-fixes)
- cpufreq/sched: Fix the usage of CPUFREQ_NEED_UPDATE_LIMITS (git-fixes)
- cpufreq: Add SM8650 to cpufreq-dt-platdev blocklist (stable-fixes).
- cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay (stable-fixes).
- cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag (stable-fixes).
- cpufreq: Exit governor when failed to start old governor (stable-fixes).
- cpufreq: Init policy->rwsem before it may be possibly used (git-fixes).
- cpufreq: Initialize cpufreq-based frequency-invariance later (git-fixes).
- cpufreq: Initialize cpufreq-based invariance before subsys (git-fixes).
- cpufreq: Make drivers using CPUFREQ_ETERNAL specify transition latency (stable-fixes git-fixes).
- cpufreq: Reference count policy in cpufreq_update_limits() (git-fixes).
- cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() (stable-fixes).
- cpufreq: armada-8k: make both cpu masks static (git-fixes).
- cpufreq: cppc: Fix invalid return value in .get() callback (git-fixes).
- cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() (git-fixes).
- cpufreq: intel_pstate: Add Granite Rapids support in no-HWP mode (stable-fixes).
- cpufreq: intel_pstate: Always use HWP_DESIRED_PERF in passive mode (git-fixes).
- cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (git-fixes).
- cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode (git-fixes).
- cpufreq: mediatek: fix device leak on probe failure (git-fixes).
- cpufreq: scmi: Account for malformed DT in scmi_dev_used_by_cpus() (git-fixes).
- cpufreq: scmi: Skip SCMI devices that are not used by the CPUs (stable-fixes).
- cpufreq: scpi: compare kHz instead of Hz (git-fixes).
- cpufreq: sun50i: prevent out-of-bounds access (git-fixes).
- cpufreq: tegra186: Set target frequency for all cpus in policy (git-fixes).
- cpufreq: tegra186: Share policy per cluster (stable-fixes).
- cpupower: Fix a bug where the -t option of the set subcommand was not working (stable-fixes).
- crypto: af_alg - Set merge to zero early in af_alg_sendmsg (git-fixes).
- crypto: arm/aes-neonbs - work around gcc-15 warning (git-fixes).
- crypto: aspeed - Fix dma_unmap_sg() direction (git-fixes).
- crypto: atmel - Fix dma_unmap_sg() direction (git-fixes).
- crypto: caam - Prevent crash on suspend with iMX8QM / iMX8ULP (git-fixes).
- crypto: ccp - Add missing bootloader info reg for pspv6 (stable-fixes).
- crypto: ccp - Fix crash when rebind ccp device for ccp.ko (git-fixes).
- crypto: ccp - Fix locking on alloc failure handling (git-fixes).
- crypto: essiv - Check ssize for decryption and in-place encryption (git-fixes).
- crypto: hisilicon - re-enable address prefetch after device resuming (git-fixes).
- crypto: hisilicon/hpre - fix dma unmap sequence (stable-fixes).
- crypto: hisilicon/qm - check whether the input function and PF are on the same device (git-fixes).
- crypto: hisilicon/qm - set NULL to qm->debug.qm_diff_regs (git-fixes).
- crypto: hisilicon/zip - remove unnecessary validation for high-performance mode configurations (git-fixes).
- crypto: img-hash - Fix dma_unmap_sg() nents value (git-fixes).
- crypto: inside-secure - Fix `dma_unmap_sg()` nents value (git-fixes).
- crypto: jitter - fix intermediary handling (stable-fixes).
- crypto: keembay - Add missing check after sg_nents_for_len() (git-fixes).
- crypto: keembay - Fix dma_unmap_sg() nents value (git-fixes).
- crypto: marvell/cesa - Fix engine load inaccuracy (git-fixes).
- crypto: octeontx2 - Call strscpy() with correct size argument (git-fixes).
- crypto: octeontx2 - Fix address alignment issue on ucode loading (stable-fixes).
- crypto: octeontx2 - Fix address alignment on CN10K A0/A1 and OcteonTX2 (stable-fixes).
- crypto: octeontx2 - Fix address alignment on CN10KB and CN10KA-B0 (stable-fixes).
- crypto: octeontx2 - add timeout for load_fvc completion poll (stable-fixes).
- crypto: qat - allow enabling VFs in the absence of IOMMU (git-fixes).
- crypto: qat - disable ZUC-256 capability for QAT GEN5 (git-fixes).
- crypto: qat - fix DMA direction for compression on GEN2 devices (git-fixes).
- crypto: qat - fix seq_file position update in adf_ring_next() (git-fixes).
- crypto: qat - fix state restore for banks with exceptions (git-fixes).
- crypto: qat - flush misc workqueue during device shutdown (git-fixes).
- crypto: qat - lower priority for skcipher and aead algorithms (stable-fixes).
- crypto: qat - use unmanaged allocation for dc_data (git-fixes).
- crypto: rng - Ensure set_ent is always present (git-fixes).
- crypto: rockchip - Fix dma_unmap_sg() nents value (git-fixes).
- crypto: sun8i-ce - fix nents passed to dma_unmap_sg() (git-fixes).
- devlink: Add support for u64 parameters (jsc#PED-13331).
- devlink: avoid param type value translations (jsc#PED-13331).
- devlink: define enum for attr types of dynamic attributes (jsc#PED-13331).
- devlink: introduce devlink_nl_put_u64() (jsc#PED-13331).
- devlink: let driver opt out of automatic phys_port_name generation (git-fixes).
- dm-mpath: do not print the "loaded" message if registering fails (git-fixes).
- dm-stripe: limit chunk_sectors to the stripe size (git-fixes).
- dm-table: fix checking for rq stackable devices (git-fixes).
- dm: Check for forbidden splitting of zone write operations (git-fixes).
- dm: split write BIOs on zone boundaries when zone append is not emulated (git-fixes).
- dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted (stable-fixes).
- dmaengine: Fix dma_async_tx_descriptor->tx_submit documentation (git-fixes).
- dmaengine: dw-edma: Drop unused dchan2dev() and chan2dev() (git-fixes).
- dmaengine: dw: dmamux: Fix device reference leak in rzn1_dmamux_route_allocate (git-fixes).
- dmaengine: fsl-dpaa2-qdma: Drop unused mc_enc() (git-fixes).
- dmaengine: idxd: Fix double free in idxd_setup_wqs() (git-fixes).
- dmaengine: idxd: Fix refcount underflow on module unload (git-fixes).
- dmaengine: idxd: Remove improper idxd_free (git-fixes).
- dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status() (git-fixes).
- dmaengine: mmp: Fix again Wvoid-pointer-to-enum-cast warning (git-fixes).
- dmaengine: mv_xor: Fix missing check after DMA map and missing unmap (git-fixes).
- dmaengine: nbpfaxi: Add missing check after DMA map (git-fixes).
- dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees (git-fixes).
- dmaengine: qcom: gpi: Drop unused gpi_write_reg_field() (git-fixes).
- dmaengine: stm32-dma: configure next sg only if there are more than 2 sgs (stable-fixes).
- dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (git-fixes).
- docs: admin-guide: update to current minimum pipe size default (git-fixes).
- dpll: Add basic Microchip ZL3073x support (jsc#PED-13331).
- dpll: Make ZL3073X invisible (jsc#PED-13331).
- dpll: zl3073x: Add support to get/set frequency on pins (jsc#PED-13331).
- dpll: zl3073x: Add support to get/set priority on input pins (jsc#PED-13331).
- dpll: zl3073x: Fetch invariants during probe (jsc#PED-13331).
- dpll: zl3073x: Fix build failure (jsc#PED-13331).
- dpll: zl3073x: Implement input pin selection in manual mode (jsc#PED-13331).
- dpll: zl3073x: Implement input pin state setting in automatic mode (jsc#PED-13331).
- dpll: zl3073x: Read DPLL types and pin properties from system firmware (jsc#PED-13331).
- dpll: zl3073x: Register DPLL devices and pins (jsc#PED-13331).
- dpll: zl3073x: ZL3073X_I2C and ZL3073X_SPI should depend on NET (jsc#PED-13331).
- driver core/PM: Set power.no_callbacks along with power.no_pm (stable-fixes).
- drivers/base/node: fix double free in register_one_node() (git-fixes).
- drivers/base/node: handle error properly in register_one_node() (git-fixes).
- drivers: base: handle module_kobject creation (git-fixes).
- drm/amd : Update MES API header file for v11 & v12 (stable-fixes).
- drm/amd/amdgpu: Declare isp firmware binary file (stable-fixes).
- drm/amd/amdgpu: Fix missing error return on kzalloc failure (git-fixes).
- drm/amd/amdgpu: Implement MES suspend/resume gang functionality for v12 (bsc#1243112).
- drm/amd/amdgpu: disable hwmon power1_cap* for gfx 11.0.3 on vf mode (stable-fixes).
- drm/amd/display: Add NULL check for stream before dereference in 'dm_vupdate_high_irq' (bsc#1243112).
- drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs (git-fixes).
- drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() (git-fixes).
- drm/amd/display: Add primary plane to commits for correct VRR handling (stable-fixes).
- drm/amd/display: Adjust DCE 8-10 clock, do not overclock by 15% (git-fixes).
- drm/amd/display: Allow DCN301 to clear update flags (git-fixes).
- drm/amd/display: Allow RX6xxx & RX7700 to invoke amdgpu_irq_get/put (git-fixes).
- drm/amd/display: Avoid a NULL pointer dereference (stable-fixes).
- drm/amd/display: Avoid configuring PSR granularity if PSR-SU not supported (stable-fixes).
- drm/amd/display: Avoid trying AUX transactions on disconnected ports (stable-fixes).
- drm/amd/display: Clear the CUR_ENABLE register on DCN314 w/out DPP PG (stable-fixes).
- drm/amd/display: Default IPS to RCG_IN_ACTIVE_IPS2_IN_OFF (git-fixes).
- drm/amd/display: Disable CRTC degamma LUT for DCN401 (stable-fixes).
- drm/amd/display: Disable DPCD Probe Quirk (bsc#1248121).
- drm/amd/display: Disable dsc_power_gate for dcn314 by default (stable-fixes).
- drm/amd/display: Disable scaling on DCE6 for now (git-fixes).
- drm/amd/display: Do not check for NULL divisor in fixpt code (git-fixes).
- drm/amd/display: Do not overclock DCE 6 by 15% (git-fixes).
- drm/amd/display: Do not overwrite dce60_clk_mgr (git-fixes).
- drm/amd/display: Do not print errors for nonexistent connectors (git-fixes).
- drm/amd/display: Do not warn when missing DCE encoder caps (stable-fixes).
- drm/amd/display: Enable Dynamic DTBCLK Switch (bsc#1243112).
- drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs (stable-fixes).
- drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs (stable-fixes).
- drm/amd/display: Fix 'failed to blank crtc!' (stable-fixes).
- drm/amd/display: Fix DP audio DTO1 clock source on DCE 6 (stable-fixes).
- drm/amd/display: Fix Xorg desktop unresponsive on Replay panel (stable-fixes).
- drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 (git-fixes).
- drm/amd/display: Fix mismatch type comparison (stable-fixes).
- drm/amd/display: Fix vupdate_offload_work doc (bsc#1243112).
- drm/amd/display: Free memory allocation (stable-fixes).
- drm/amd/display: Init DCN35 clocks from pre-os HW values (git-fixes).
- drm/amd/display: Initialize mode_select to 0 (stable-fixes).
- drm/amd/display: Only finalize atomic_obj if it was initialized (stable-fixes).
- drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 (git-fixes).
- drm/amd/display: Properly disable scaling on DCE6 (git-fixes).
- drm/amd/display: Remove redundant semicolons (git-fixes).
- drm/amd/display: Separate set_gsl from set_gsl_source_select (stable-fixes).
- drm/amd/display: Update DMCUB loading sequence for DCN3.5 (stable-fixes).
- drm/amd/display: add workaround flag to link to force FFE preset (stable-fixes).
- drm/amd/display: fix a Null pointer dereference vulnerability (stable-fixes).
- drm/amd/display: fix dmub access race condition (bsc#1243112).
- drm/amd/display: fix initial backlight brightness calculation (git-fixes).
- drm/amd/display: limit clear_update_flags to dcn32 and above (stable-fixes).
- drm/amd/display: more liberal vmin/vmax update for freesync (bsc#1243112).
- drm/amd/display: remove output_tf_change flag (git-fixes).
- drm/amd/display: use udelay rather than fsleep (git-fixes).
- drm/amd/include : MES v11 and v12 API header update (stable-fixes).
- drm/amd/include : Update MES v12 API for fence update (stable-fixes).
- drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value (git-fixes).
- drm/amd/pm: Adjust si_upload_smc_data register programming (v3) (git-fixes).
- drm/amd/pm: Disable MCLK switching with non-DC at 120 Hz+ (v2) (git-fixes).
- drm/amd/pm: Disable SCLK switching on Oland with high pixel clocks (v3) (git-fixes).
- drm/amd/pm: Disable ULV even if unsupported (v3) (git-fixes).
- drm/amd/pm: Fix si_upload_smc_data (v3) (git-fixes).
- drm/amd/pm: Treat zero vblank time as too short in si_dpm (v3) (git-fixes).
- drm/amd/pm: fix null pointer access (stable-fixes).
- drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual (stable-fixes).
- drm/amd: Avoid evicting resources at S5 (bsc#1243112).
- drm/amd: Check whether secure display TA loaded successfully (bsc#1243112).
- drm/amd: Fix hybrid sleep (bsc#1243112).
- drm/amd: Only restore cached manual clock settings in restore if OD enabled (bsc#1243112).
- drm/amd: Restore cached manual clock settings during resume (bsc#1243112).
- drm/amd: Restore cached power limit during resume (stable-fixes).
- drm/amdgpu/discovery: fix fw based ip discovery (git-fixes).
- drm/amdgpu/discovery: optionally use fw based ip discovery (stable-fixes).
- drm/amdgpu/gfx10: fix KGQ reset sequence (git-fixes).
- drm/amdgpu/gfx10: fix kiq locking in KCQ reset (git-fixes).
- drm/amdgpu/gfx9.4.3: fix kiq locking in KCQ reset (git-fixes).
- drm/amdgpu/gfx9: fix kiq locking in KCQ reset (git-fixes).
- drm/amdgpu/mes11: implement detect and reset callback (bsc#1243112).
- drm/amdgpu/mes12: implement detect and reset callback (bsc#1243112).
- drm/amdgpu/mes: add front end for detect and reset hung queue (bsc#1243112).
- drm/amdgpu/mes: add missing locking in helper functions (stable-fixes).
- drm/amdgpu/mes: enable compute pipes across all MEC (git-fixes).
- drm/amdgpu/mes: optimize compute loop handling (stable-fixes).
- drm/amdgpu/swm14: Update power limit logic (stable-fixes).
- drm/amdgpu/vcn4: Fix IB parsing with multiple engine info packages (stable-fixes).
- drm/amdgpu/vcn: Allow limiting ctx to instance 0 for AV1 at any time (stable-fixes).
- drm/amdgpu/vcn: fix ref counting for ring based profile handling (git-fixes).
- drm/amdgpu/vpe: cancel delayed work in hw_fini (bsc#1243112).
- drm/amdgpu: Add additional DCE6 SCL registers (git-fixes).
- drm/amdgpu: Avoid extra evict-restore process (stable-fixes).
- drm/amdgpu: Avoid rma causes GPU duplicate reset (bsc#1243112).
- drm/amdgpu: Enable MES lr_compute_wa by default (stable-fixes).
- drm/amdgpu: Fix allocating extra dwords for rings (v2) (git-fixes).
- drm/amdgpu: Fix for GPU reset being blocked by KIQ I/O (bsc#1243112).
- drm/amdgpu: Increase reset counter only on success (stable-fixes).
- drm/amdgpu: Initialize data to NULL in imu_v12_0_program_rlc_ram() (git-fixes).
- drm/amdgpu: Power up UVD 3 for FW validation (v2) (git-fixes).
- drm/amdgpu: Remove nbiov7.9 replay count reporting (git-fixes).
- drm/amdgpu: Report individual reset error (bsc#1243112).
- drm/amdgpu: Reset the clear flag in buddy during resume (git-fixes).
- drm/amdgpu: Update external revid for GC v9.5.0 (stable-fixes).
- drm/amdgpu: VCN v5_0_1 to prevent FW checking RB during DPG pause (stable-fixes).
- drm/amdgpu: add kicker fws loading for gfx11/smu13/psp13 (stable-fixes).
- drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities (stable-fixes).
- drm/amdgpu: do not resume device in thaw for normal hibernation (bsc#1243112).
- drm/amdgpu: drop hw access in non-DC audio fini (stable-fixes).
- drm/amdgpu: fix a memory leak in fence cleanup when unloading (git-fixes).
- drm/amdgpu: fix incorrect vm flags to map bo (git-fixes).
- drm/amdgpu: fix link error for !PM_SLEEP (bsc#1243112).
- drm/amdgpu: fix task hang from failed job submission during process kill (git-fixes).
- drm/amdgpu: fix vram reservation issue (git-fixes).
- drm/amdgpu: remove the redeclaration of variable i (git-fixes).
- drm/amdgpu: update mmhub 3.0.1 client id mappings (stable-fixes).
- drm/amdgpu: update mmhub 4.1.0 client id mappings (stable-fixes).
- drm/amdkfd: Destroy KFD debugfs after destroy KFD wq (stable-fixes).
- drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl() (git-fixes).
- drm/amdkfd: Fix mmap write lock not release (bsc#1243112).
- drm/ast: Use msleep instead of mdelay for edid read (git-fixes).
- drm/bridge: fix OF node leak (git-fixes).
- drm/bridge: it6505: select REGMAP_I2C (git-fixes).
- drm/bridge: ti-sn65dsi86: Remove extra semicolon in ti_sn_bridge_probe() (git-fixes).
- drm/bridge: ti-sn65dsi86: fix REFCLK setting (git-fixes).
- drm/cirrus-qemu: Fix pitch programming (git-fixes).
- drm/connector: hdmi: Evaluate limited range after computing format (git-fixes).
- drm/dp: Add an EDID quirk for the DPCD register access probe (bsc#1248121).
- drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS (stable-fixes).
- drm/dp: Change AUX DPCD probe address from LANE0_1_STATUS to TRAINING_PATTERN_SET (bsc#1248121).
- drm/edid: Add support for quirks visible to DRM core and drivers (bsc#1248121).
- drm/edid: Define the quirks in an enum list (bsc#1248121).
- drm/format-helper: Add conversion from XRGB8888 to BGR888 (stable-fixes).
- drm/gem: Internally test import_attach for imported objects (git-fixes).
- drm/gem: Test for imported GEM buffers with helper (stable-fixes).
- drm/gma500: Fix null dereference in hdmi teardown (git-fixes).
- drm/hisilicon/hibmc: fix the hibmc loaded failed bug (git-fixes).
- drm/hisilicon/hibmc: fix the i2c device resource leak when vdac init failed (git-fixes).
- drm/hisilicon/hibmc: refactored struct hibmc_drm_private (stable-fixes).
- drm/i915/backlight: Return immediately when scale() finds invalid parameters (stable-fixes).
- drm/i915/ddi: change intel_ddi_init_{dp, hdmi}_connector() return type (stable-fixes).
- drm/i915/ddi: gracefully handle errors from intel_ddi_init_hdmi_connector() (stable-fixes).
- drm/i915/ddi: only call shutdown hooks for valid encoders (stable-fixes).
- drm/i915/display: Fix dma_fence_wait_timeout() return value handling (git-fixes).
- drm/i915/display: add intel_encoder_is_hdmi() (stable-fixes).
- drm/i915/dp: Fix 2.7 Gbps DP_LINK_BW value on g4x (git-fixes).
- drm/i915/dp_mst: Work around Thunderbolt sink disconnect after SINK_COUNT_ESI read (stable-fixes).
- drm/i915/hdmi: add error handling in g4x_hdmi_init() (stable-fixes).
- drm/i915/hdmi: propagate errors from intel_hdmi_init_connector() (stable-fixes).
- drm/i915/icl+/tc: Cache the max lane count value (stable-fixes).
- drm/i915/icl+/tc: Convert AUX powered WARN to a debug message (stable-fixes).
- drm/i915/power: fix size for for_each_set_bit() in abox iteration (git-fixes).
- drm/imagination: Clear runtime PM errors while resetting the GPU (stable-fixes).
- drm/mediatek: Add error handling for old state CRTC in atomic_disable (git-fixes).
- drm/mediatek: Fix device/node reference count leaks in mtk_drm_get_all_drm_priv (git-fixes).
- drm/mediatek: fix potential OF node use-after-free (git-fixes).
- drm/msm/dp: account for widebus and yuv420 during mode validation (git-fixes).
- drm/msm/dpu: Fill in min_prefill_lines for SC8180X (git-fixes).
- drm/msm/dpu: fix incorrect type for ret (git-fixes).
- drm/msm/kms: move snapshot init earlier in KMS init (git-fixes).
- drm/msm: Add error handling for krealloc in metadata setup (stable-fixes).
- drm/msm: Defer fd_install in SUBMIT ioctl (git-fixes).
- drm/msm: update the high bitfield of certain DSI registers (git-fixes).
- drm/msm: use trylock for debugfs (stable-fixes).
- drm/nouveau/disp: Always accept linear modifier (git-fixes).
- drm/nouveau/gsp: fix potential leak of memory used during acpi init (git-fixes).
- drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor() (git-fixes).
- drm/nouveau: fix bad ret code in nouveau_bo_move_prep (git-fixes).
- drm/nouveau: fix error path in nvkm_gsp_fwsec_v2 (git-fixes).
- drm/nouveau: fix typos in comments (git-fixes).
- drm/nouveau: remove unused increment in gm200_flcn_pio_imem_wr (git-fixes).
- drm/nouveau: remove unused memory target test (git-fixes).
- drm/panel: novatek-nt35560: Fix invalid return value (git-fixes).
- drm/panfrost: Fix panfrost device variable name in devfreq (git-fixes).
- drm/panthor: Add missing explicit padding in drm_panthor_gpu_info (git-fixes).
- drm/panthor: Defer scheduler entitiy destruction to queue release (git-fixes).
- drm/panthor: Fix memory leak in panthor_ioctl_group_create() (git-fixes).
- drm/panthor: validate group queue count (git-fixes).
- drm/radeon/r600_cs: clean up of dead code in r600_cs (git-fixes).
- drm/rcar-du: dsi: Fix 1/2/3 lane support (git-fixes).
- drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed (git-fixes).
- drm/sched: Remove optimization that causes hang when killing dependent jobs (git-fixes).
- drm/simpledrm: Do not upcast in release helpers (git-fixes).
- drm/tests: Fix endian warning (git-fixes).
- drm/ttm: Respect the shrinker core free target (stable-fixes).
- drm/ttm: Should to return the evict error (stable-fixes).
- drm/vmwgfx: Fix Host-Backed userspace on Guest-Backed kernel (git-fixes).
- drm/vmwgfx: Fix Use-after-free in validation (git-fixes).
- drm/vmwgfx: Fix a null-ptr access in the cursor snooper (git-fixes).
- drm/vmwgfx: Fix copy-paste typo in validation (git-fixes).
- drm/xe/bmg: Add new PCI IDs (stable-fixes).
- drm/xe/bmg: Add one additional PCI ID (stable-fixes).
- drm/xe/bmg: Update Wa_22019338487 (git-fixes).
- drm/xe/gsc: do not flush the GSC worker from the reset path (git-fixes).
- drm/xe/hw_engine_group: Fix double write lock release in error path (git-fixes).
- drm/xe/mocs: Initialize MOCS index early (stable-fixes).
- drm/xe/pf: Move VFs reprovisioning to worker (stable-fixes).
- drm/xe/pf: Prepare to stop SR-IOV support prior GT reset (git-fixes).
- drm/xe/pf: Sanitize VF scratch registers on FLR (stable-fixes).
- drm/xe/tile: Release kobject for the failure path (git-fixes).
- drm/xe/uapi: Correct sync type definition in comments (git-fixes).
- drm/xe/uapi: loosen used tracking restriction (git-fixes).
- drm/xe/vf: Disable CSC support on VF (git-fixes).
- drm/xe/vm: Clear the scratch_pt pointer on error (git-fixes).
- drm/xe/xe_query: Use separate iterator while filling GT list (stable-fixes).
- drm/xe/xe_sync: avoid race during ufence signaling (git-fixes).
- drm/xe: Allow dropping kunit dependency as built-in (git-fixes).
- drm/xe: Attempt to bring bos back to VRAM after eviction (git-fixes).
- drm/xe: Carve out wopcm portion from the stolen memory (git-fixes).
- drm/xe: Do not trigger rebind on initial dma-buf validation (git-fixes).
- drm/xe: Ensure fixed_slice_mode gets set after ccs_mode change (git-fixes).
- drm/xe: Fix a NULL vs IS_ERR() in xe_vm_add_compute_exec_queue() (git-fixes).
- drm/xe: Fix build without debugfs (git-fixes).
- drm/xe: Make dma-fences compliant with the safe access rules (stable-fixes).
- drm/xe: Move page fault init after topology init (git-fixes).
- drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ (git-fixes).
- drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path (git-fixes).
- drm: renesas: rz-du: mipi_dsi: Add min check for VCLK range (stable-fixes).
- dt-bindings: dpll: Add DPLL device and pin (jsc#PED-13331).
- dt-bindings: dpll: Add support for Microchip Azurite chip family (jsc#PED-13331).
- e1000e: disregard NVM checksum on tgp when valid checksum bit is not set (git-fixes).
- e1000e: ignore uninitialized checksum word on tgp (git-fixes).
- efi: stmm: Fix incorrect buffer allocation method (git-fixes).
- erofs: avoid reading more for fragment maps (git-fixes).
- erofs: fix atomic context detection when !CONFIG_DEBUG_LOCK_ALLOC (git-fixes).
- execmem: enforce allocation size aligment to PAGE_SIZE (git-fixes).
- exfat: add cluster chain loop check for dir (git-fixes).
- exfat: fdatasync flag should be same like generic_write_sync() (git-fixes).
- ext4: fix checks for orphan inodes (bsc#1250119).
- ext4: remove writable userspace mappings before truncating page cache (bsc#1247223).
- fbcon: Fix OOB access in font allocation (git-fixes).
- fbcon: Fix outdated registered_fb reference in comment (git-fixes).
- fbcon: fix integer overflow in fbcon_do_set_font (git-fixes).
- fbdev: Fix logic error in "offb" name match (git-fixes).
- fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (stable-fixes).
- fbdev: fix potential buffer overflow in do_register_framebuffer() (stable-fixes).
- fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref (git-fixes).
- fbdev: simplefb: Fix use after free in simplefb_detach_genpds() (git-fixes).
- fgraph: Fix set_graph_notrace with setting TRACE_GRAPH_NOTRACE_BIT (git-fixes).
- firewire: core: fix overlooked update of subsystem ABI version (git-fixes).
- firewire: ohci: correct code comments about bus_reset tasklet (git-fixes).
- firmware: arm_ffa: Change initcall level of ffa_init() to rootfs_initcall (stable-fixes).
- firmware: arm_scmi: Convert to SYSTEM_SLEEP_PM_OPS (git-fixes).
- firmware: arm_scmi: Fix up turbo frequencies selection (git-fixes).
- firmware: arm_scmi: Mark VirtIO ready before registering scmi_virtio_driver (git-fixes).
- firmware: arm_scmi: power_control: Ensure SCMI_SYSPOWER_IDLE is set early during resume (stable-fixes).
- firmware: firmware: meson-sm: fix compile-test default (git-fixes).
- firmware: meson_sm: fix device leak at probe (git-fixes).
- firmware: tegra: Fix IVC dependency problems (stable-fixes).
- flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read (git-fixes).
- fs/nfs/io: make nfs_start_io_*() killable (git-fixes).
- fs/proc/task_mmu: check p->vec_buf for NULL (git-fixes).
- fs/proc: Use inode_get_dev() for device numbers in procmap_query References: bsc#1246450
- ftrace: Fix function profiler's filtering functionality (git-fixes).
- ftrace: fix incorrect hash size in register_ftrace_direct() (git-fixes).
- gfs2: Call gfs2_queue_verify_delete from gfs2_evict_inode (bsc#1247220).
- gfs2: Clean up delete work processing (bsc#1247220).
- gfs2: Faster gfs2_upgrade_iopen_glock wakeups (bsc#1247220).
- gfs2: Initialize gl_no_formal_ino earlier (bsc#1247220).
- gfs2: Minor delete_work_func cleanup (bsc#1247220).
- gfs2: Only defer deletes when we have an iopen glock (bsc#1247220).
- gfs2: Prevent inode creation race (2) (bsc#1247220).
- gfs2: Prevent inode creation race (bsc#1247220).
- gfs2: Randomize GLF_VERIFY_DELETE work delay (bsc#1247220).
- gfs2: Rename GIF_{DEFERRED -> DEFER}_DELETE (bsc#1247220).
- gfs2: Rename dinode_demise to evict_behavior (bsc#1247220).
- gfs2: Replace GIF_DEFER_DELETE with GLF_DEFER_DELETE (bsc#1247220).
- gfs2: Return enum evict_behavior from gfs2_upgrade_iopen_glock (bsc#1247220).
- gfs2: Simplify DLM_LKF_QUECVT use (bsc#1247220).
- gfs2: Update to the evict / remote delete documentation (bsc#1247220).
- gfs2: Use mod_delayed_work in gfs2_queue_try_to_evict (bsc#1247220).
- gfs2: gfs2_evict_inode clarification (bsc#1247220).
- gfs2: minor evict fix (bsc#1247220).
- gfs2: skip if we cannot defer delete (bsc#1247220).
- gpio: mlxbf2: use platform_get_irq_optional() (git-fixes).
- gpio: mlxbf3: use platform_get_irq_optional() (git-fixes).
- gpio: tps65912: check the return value of regmap_update_bits() (stable-fixes).
- gpio: virtio: Fix config space reading (git-fixes).
- gpio: wcd934x: check the return value of regmap_update_bits() (stable-fixes).
- gpio: wcd934x: mark the GPIO controller as sleeping (git-fixes).
- gpiolib: Extend software-node support to support secondary software-nodes (git-fixes).
- gve: Fix stuck TX queue for DQ queue format (git-fixes).
- gve: prevent ethtool ops after shutdown (git-fixes).
- habanalabs: fix UAF in export_dmabuf() (git-fixes).
- hid: fix I2C read buffer overflow in raw_event() for mcp2221 (stable-fixes).
- hv_netvsc: Fix panic during namespace deletion with VF (bsc#1248111).
- hv_netvsc: Link queues to NAPIs (git-fixes).
- hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state (stable-fixes).
- hwmon: (gsc-hwmon) fix fan pwm setpoint show functions (git-fixes).
- hwmon: (mlxreg-fan) Separate methods of fan setting coming from different subsystems (git-fixes).
- hwmon: mlxreg-fan: Prevent fans from getting stuck at 0 RPM (git-fixes).
- hwrng: ks-sa - fix division by zero in ks_sa_rng_init (git-fixes).
- hwrng: mtk - handle devm_pm_runtime_enable errors (git-fixes).
- hwrng: nomadik - add ARM_AMBA dependency (git-fixes).
- i2c: Force DLL0945 touchpad i2c freq to 100khz (stable-fixes).
- i2c: designware: Add disabling clocks when probe fails (git-fixes).
- i2c: designware: Add quirk for Intel Xe (stable-fixes).
- i2c: designware: Fix clock issue when PM is disabled (git-fixes).
- i2c: designware: Use temporary variable for struct device (stable-fixes).
- i2c: i801: Hide Intel Birch Stream SoC TCO WDT (git-fixes).
- i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD (git-fixes).
- i2c: muxes: mule: Fix an error handling path in mule_i2c_mux_probe() (git-fixes).
- i2c: omap: Add support for setting mux (stable-fixes).
- i2c: omap: Fix an error handling path in omap_i2c_probe() (git-fixes).
- i2c: omap: Handle omap_i2c_init() errors in omap_i2c_probe() (git-fixes).
- i2c: omap: fix deprecated of_property_read_bool() use (git-fixes).
- i2c: qup: jump out of the loop in case of timeout (git-fixes).
- i2c: riic: Allow setting frequencies lower than 50KHz (git-fixes).
- i2c: tegra: Fix reset error handling with ACPI (git-fixes).
- i2c: tegra: Use internal reset when reset property is not available (bsc#1249143)
- i2c: virtio: Avoid hang by using interruptible completion wait (git-fixes).
- i3c: Fix default I2C adapter timeout value (git-fixes).
- i3c: add missing include to internal header (stable-fixes).
- i3c: do not fail if GETHDRCAP is unsupported (stable-fixes).
- i3c: fix module_i3c_i2c_driver() with I3C=n (git-fixes).
- i3c: master: Initialize ret in i3c_i2c_notifier_call() (stable-fixes).
- i3c: master: svc: Recycle unused IBI slot (git-fixes).
- i3c: master: svc: Use manual response for IBI events (git-fixes).
- i40e: When removing VF MAC filters, only check PF-set MAC (git-fixes).
- i40e: report VF tx_dropped with tx_errors instead of tx_discards (git-fixes).
- ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof (git-fixes).
- ice, irdma: fix an off by one in error handling code (bsc#1247712).
- ice, irdma: move interrupts code to irdma (bsc#1247712).
- ice/ptp: fix crosstimestamp reporting (git-fixes).
- ice: Fix signedness bug in ice_init_interrupt_scheme() (bsc#1247712).
- ice: Replace ice specific DSCP mapping num with a kernel define (jsc#PED-13728 jsc#PED-13762).
- ice: check correct pointer in fwlog debugfs (git-fixes).
- ice: count combined queues using Rx/Tx count (bsc#1247712).
- ice: devlink PF MSI-X max and min parameter (bsc#1247712).
- ice: do not leave device non-functional if Tx scheduler config fails (git-fixes).
- ice: enable_rdma devlink param (bsc#1247712).
- ice: fix NULL pointer dereference in ice_unplug_aux_dev() on reset (jsc#PED-13728).
- ice: fix incorrect counter for buffer allocation failures (git-fixes).
- ice: get rid of num_lan_msix field (bsc#1247712).
- ice: init flow director before RDMA (bsc#1247712).
- ice: remove splitting MSI-X between features (bsc#1247712).
- ice: simplify VF MSI-X managing (bsc#1247712).
- ice: treat dyn_allowed only as suggestion (bsc#1247712).
- ice: use fixed adapter index for E825C embedded devices (git-fixes).
- idpf: add PTP clock configuration (jsc#PED-13728 jsc#PED-13762).
- idpf: add Tx timestamp capabilities negotiation (jsc#PED-13728 jsc#PED-13762).
- idpf: add Tx timestamp flows (jsc#PED-13728 jsc#PED-13762).
- idpf: add cross timestamping (jsc#PED-13728).
- idpf: add flow steering support (jsc#PED-13728).
- idpf: add initial PTP support (jsc#PED-13728 jsc#PED-13762).
- idpf: add mailbox access to read PTP clock time (jsc#PED-13728 jsc#PED-13762).
- idpf: add support for Rx timestamping (jsc#PED-13728 jsc#PED-13762).
- idpf: add support for Tx refillqs in flow scheduling mode (jsc#PED-13728).
- idpf: assign extracted ptype to struct libeth_rqe_info field (jsc#PED-13728 jsc#PED-13762).
- idpf: change the method for mailbox workqueue allocation (jsc#PED-13728 jsc#PED-13762).
- idpf: fix UAF in RDMA core aux dev deinitialization (jsc#PED-13728).
- idpf: implement IDC vport aux driver MTU change handler (jsc#PED-13728 jsc#PED-13762).
- idpf: implement RDMA vport auxiliary dev create, init, and destroy (jsc#PED-13728 jsc#PED-13762).
- idpf: implement core RDMA auxiliary dev create, init, and destroy (jsc#PED-13728 jsc#PED-13762).
- idpf: implement get LAN MMIO memory regions (jsc#PED-13728 jsc#PED-13762).
- idpf: implement remaining IDC RDMA core callbacks and handlers (jsc#PED-13728 jsc#PED-13762).
- idpf: improve when to set RE bit logic (jsc#PED-13728).
- idpf: move virtchnl structures to the header file (jsc#PED-13728 jsc#PED-13762).
- idpf: negotiate PTP capabilities and get PTP clock (jsc#PED-13728 jsc#PED-13762).
- idpf: preserve coalescing settings across resets (jsc#PED-13728).
- idpf: remove obsolete stashing code (jsc#PED-13728).
- idpf: remove unreachable code from setting mailbox (jsc#PED-13728 jsc#PED-13762).
- idpf: replace flow scheduling buffer ring with buffer pool (jsc#PED-13728).
- idpf: set mac type when adding and removing MAC filters (jsc#PED-13728).
- idpf: simplify and fix splitq Tx packet rollback error path (jsc#PED-13728).
- idpf: stop Tx if there are insufficient buffer resources (jsc#PED-13728).
- idpf: use reserved RDMA vectors from control plane (jsc#PED-13728 jsc#PED-13762).
- igb: xsk: solve negative overflow of nb_pkts in zerocopy mode (git-fixes).
- igc: disable L1.2 PCI-E link substate to avoid performance issue (git-fixes).
- igc: fix disabling L1.2 PCI-E link substate on I226 on init (git-fixes).
- iidc/ice/irdma: Break iidc.h into two headers (jsc#PED-13728 jsc#PED-13762).
- iidc/ice/irdma: Rename IDC header file (jsc#PED-13728 jsc#PED-13762).
- iidc/ice/irdma: Rename to iidc_* convention (jsc#PED-13728 jsc#PED-13762).
- iidc/ice/irdma: Update IDC to support multiple consumers (jsc#PED-13728 jsc#PED-13762).
- iio/adc/pac1934: fix channel disable configuration (git-fixes).
- iio: accel: adxl355: Make timestamp 64-bit aligned using aligned_s64 (git-fixes).
- iio: accel: fxls8962af: Fix temperature calculation (git-fixes).
- iio: adc: ad7173: fix setting ODR in probe (git-fixes).
- iio: adc: ad7266: Fix potential timestamp alignment issue (git-fixes).
- iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement (stable-fixes).
- iio: adc: ad7768-1: Fix insufficient alignment of timestamp (git-fixes).
- iio: adc: ad_sigma_delta: change to buffer predisable (git-fixes).
- iio: adc: ad_sigma_delta: do not overallocate scan buffer (stable-fixes).
- iio: adc: dln2: Use aligned_s64 for timestamp (git-fixes).
- iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] (stable-fixes).
- iio: adc: max1363: Reorder mode_list[] entries (stable-fixes).
- iio: chemical: pms7003: use aligned_s64 for timestamp (git-fixes).
- iio: chemical: sps30: use aligned_s64 for timestamp (git-fixes).
- iio: common: st_sensors: Fix use of uninitialize device structs (stable-fixes).
- iio: consumers: Fix handling of negative channel scale in iio_convert_raw_to_processed() (git-fixes).
- iio: consumers: Fix offset handling in iio_convert_raw_to_processed() (git-fixes).
- iio: dac: ad5360: use int type to store negative error codes (git-fixes).
- iio: dac: ad5421: use int type to store negative error codes (git-fixes).
- iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE (git-fixes).
- iio: frequency: adf4350: Fix prescaler usage (git-fixes).
- iio: hid-sensor-prox: Fix incorrect OFFSET calculation (git-fixes).
- iio: hid-sensor-prox: Restore lost scale assignments (git-fixes).
- iio: imu: bno055: fix OOB access of hw_xlate array (git-fixes).
- iio: imu: inv_icm42600: Convert to uXX and sXX integer types (stable-fixes).
- iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume (git-fixes).
- iio: imu: inv_icm42600: change invalid data error to -EBUSY (git-fixes).
- iio: imu: inv_icm42600: fix spi burst write not supported (git-fixes).
- iio: imu: inv_icm42600: switch timestamp type from int64_t __aligned(8) to aligned_s64 (stable-fixes).
- iio: imu: inv_icm42600: use = { } instead of memset() (stable-fixes).
- iio: light: Use aligned_s64 instead of open coding alignment (stable-fixes).
- iio: light: as73211: Ensure buffer holes are zeroed (git-fixes).
- iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe() (git-fixes).
- iio: pressure: mprls0025pa: use aligned_s64 for timestamp (git-fixes).
- iio: proximity: isl29501: fix buffered read on big-endian systems (git-fixes).
- iio: temperature: maxim_thermocouple: use DMA-safe buffer for spi_read() (git-fixes).
- iio: xilinx-ams: Fix AMS_ALARM_THR_DIRECT_MASK (git-fixes).
- iio: xilinx-ams: Unmask interrupts after updating alarms (git-fixes).
- integrity/platform_certs: Allow loading of keys in the static key management mode (jsc#PED-13345 jsc#PED-13343).
- intel_idle: Provide the default enter_dead() handler (jsc#PED-13815).
- intel_idle: Rescan "dead" SMT siblings during initialization (jsc#PED-13815).
- intel_idle: Use subsys_initcall_sync() for initialization (jsc#PED-13815).
- interconnect: qcom: sc8180x: specify num_nodes (git-fixes).
- interconnect: qcom: sc8280xp: specify num_links for qnm_a1noc_cfg (git-fixes).
- io_uring/rw: do not mask in f_iocb_flags (jsc#PED-12882 bsc#1237542). Drop blacklisting.
- io_uring: expose read/write attribute capability (jsc#PED-12882 bsc#1237542).
- io_uring: fix potential page leak in io_sqe_buffer_register() (git-fixes).
- iommu/amd: Enable PASID and ATS capabilities in the correct order (git-fixes).
- iommu/amd: Fix alias device DTE setting (git-fixes).
- iommu/amd: Fix geometry.aperture_end for V2 tables (git-fixes).
- iommu/arm-smmu-qcom: Add SM6115 MDSS compatible (git-fixes).
- iommu/arm-smmu-v3: Fix smmu_domain->nr_ats_masters decrement (git-fixes).
- iommu/tegra241-cmdqv: Read SMMU IDR1.CMDQS instead of hardcoding (git-fixes).
- iommu/vt-d: Disallow dirty tracking if incoherent page walk (git-fixes).
- iommu/vt-d: Fix __domain_mapping()'s usage of switch_to_super_page() (git-fixes).
- iommu/vt-d: Fix missing PASID in dev TLB flush with cache_tag_flush_all (git-fixes).
- iommu/vt-d: Fix possible circular locking dependency (git-fixes).
- iommu/vt-d: Fix system hang on reboot -f (git-fixes).
- iommu/vt-d: PRS isn't usable if PDS isn't supported (git-fixes).
- iommu: Handle race with default domain setup (git-fixes).
- iosys-map: Fix undefined behavior in iosys_map_clear() (git-fixes).
- ipmi: Fix strcpy source and destination the same (stable-fixes).
- ipmi: Use dev_warn_ratelimited() for incorrect message warnings (stable-fixes).
- ipv6: annotate data-races around rt->fib6_nsiblings (git-fixes).
- ipv6: fix possible infinite loop in fib6_info_uses_dev() (git-fixes).
- ipv6: prevent infinite loop in rt6_nlmsg_size() (git-fixes).
- ipv6: reject malicious packets in ipv6_gso_segment() (git-fixes).
- ipvs: Fix clamp() of ip_vs_conn_tab on small memory systems (git-fixes).
- irdma: free iwdev->rf after removing MSI-X (bsc#1247712).
- isolcpus: add missing hunk back (bsc#1236897 bsc#1249206).
- iwlwifi: Add missing check for alloc_ordered_workqueue (git-fixes).
- ixgbe: fix ixgbe_orom_civd_info struct layout (bsc#1245410).
- ixgbe: prevent from unwanted interface name changes (git-fixes).
- ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc (git-fixes).
- kABI fix after Add TDX support for vSphere (jsc#PED-13302).
- kABI fix after KVM: SVM: Fix SNP AP destroy race with VMRUN (git-fixes).
- kABI fix after KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest (git-fixes).
- kABI fix after KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap (git-fixes).
- kABI fix after vhost: Reintroduce kthread API and add mode selection (git-fixes).
- kABI workaround for "drm/dp: Add an EDID quirk for the DPCD register access probe" (bsc#1248121).
- kABI workaround for amd_sfh (git-fixes).
- kABI workaround for drm_gem.h (git-fixes).
- kABI workaround for struct mtk_base_afe changes (git-fixes).
- kABI: Fix the module::name type in audit_context (git-fixes).
- kABI: PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (git-fixes).
- kABI: arm64: ftrace: Restore struct mod_arch_specific layout (git-fixes).
- kABI: fix for struct devlink_port_attrs: move new member to the end (git-fixes).
- kABI: netfilter: supress warnings for nft_set_ops (git-fixes).
- kABI: x86/sev: Use TSC_FACTOR for Secure TSC frequency calculation (git-fixes).
- kabi/severities: ignore kABI compatibility in iio inv_icm42600 drivers They are used only locally
- kabi/severities: ignore two unused/dropped symbols from MEI
- kabi: Hide adding of u64 to devlink_param_type (jsc#PED-12745).
- kabi: Restore layout of parallel_data (bsc1248343).
- kabi: restore layout of struct cgroup_rstat_cpu (bsc#1247963).
- kasan: use vmalloc_dump_obj() for vmalloc error reports (git-fixes).
- kbuild/modpost: Continue processing all unresolved symbols when KLP_SYM_RELA is found (bsc#1218644, bsc#1250655).
- kbuild: rust: add rustc-min-version support function (git-fixes)
- kernel-binary: Another installation ordering fix (bsc#1241353).
- kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346)
- kernel: globalize lookup_or_create_module_kobject() (stable-fixes).
- kernel: param: rename locate_module_kobject (stable-fixes).
- leds: flash: leds-qcom-flash: Fix registry access after re-bind (git-fixes).
- leds: flash: leds-qcom-flash: Update torch current clamp setting (git-fixes).
- leds: leds-lp50xx: Handle reg to get correct multi_index (stable-fixes).
- leds: leds-lp55xx: Use correct address for memory programming (git-fixes).
- lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() (bsc#1236897).
- libbpf: Add identical pointer detection to btf_dedup_is_equiv() (git-fixes).
- libeth: move idpf_rx_csum_decoded and idpf_rx_extracted (jsc#PED-13728 jsc#PED-13762).
- livepatch: Add stack_order sysfs attribute (poo#187320).
- loop: use kiocb helpers to fix lockdep warning (git-fixes).
- lpfc: do not use file->f_path.dentry for comparisons (bsc#1250519).
- mISDN: Fix memory leak in dsp_hwec_enable() (git-fixes).
- mISDN: hfcpci: Fix warning when deleting uninitialized timer (git-fixes).
- mailbox: Not protect module_put with spin_lock_irqsave (stable-fixes).
- mailbox: mtk-cmdq: Remove pm_runtime APIs from cmdq_mbox_send_data() (git-fixes).
- mailbox: pcc: Always clear the platform ack interrupt first (stable-fixes).
- mailbox: pcc: Fix the possible race in updation of chan_in_use flag (stable-fixes).
- mailbox: pcc: Use acpi_os_ioremap() instead of ioremap() (stable-fixes).
- mailbox: zynqmp-ipi: Fix SGI cleanup on unbind (git-fixes).
- mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop (git-fixes).
- mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes (git-fixes).
- mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call (git-fixes).
- maple_tree: fix MAPLE_PARENT_RANGE32 and parent pointer docs (git-fixes).
- maple_tree: fix status setup on restore to active (git-fixes).
- maple_tree: fix testing for 32 bit builds (git-fixes).
- mctp: no longer rely on net->dev_index_head (git-fixes).
- md/raid1,raid10: strip REQ_NOWAIT from member bios (git-fixes).
- md: allow removing faulty rdev during resync (git-fixes).
- md: dm-zoned-target: Initialize return variable r to avoid uninitialized use (git-fixes).
- md: make rdev_addable usable for rcu mode (git-fixes).
- media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove (git-fixes).
- media: cec: extron-da-hd-4k-plus: drop external-module make commands (git-fixes).
- media: cx18: Add missing check after DMA map (git-fixes).
- media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() (stable-fixes).
- media: dvb-frontends: w7090p: fix null-ptr-deref in
w7090p_tuner_write_serpar and w7090p_tuner_read_serpar (stable-fixes).
- media: gspca: Add bounds checking to firmware parser (git-fixes).
- media: hi556: Fix reset GPIO timings (stable-fixes).
- media: hi556: correct the test pattern configuration (git-fixes).
- media: i2c: mt9v111: fix incorrect type for ret (git-fixes).
- media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe (git-fixes).
- media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() (git-fixes).
- media: ipu-bridge: Add _HID for OV5670 (stable-fixes).
- media: ipu6: isys: Use correct pads for xlate_streams() (git-fixes).
- media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls (git-fixes).
- media: lirc: Fix error handling in lirc_register() (git-fixes).
- media: mc: Fix MUST_CONNECT handling for pads with no links (git-fixes).
- media: mt9m114: Fix deadlock in get_frame_interval/set_frame_interval (git-fixes).
- media: ov2659: Fix memory leaks in ov2659_probe() (git-fixes).
- media: pci: ivtv: Add missing check after DMA map (git-fixes).
- media: pci: mg4b: fix uninitialized iio scan data (git-fixes).
- media: pisp_be: Fix pm_runtime underrun in probe (git-fixes).
- media: qcom: camss: cleanup media device allocated resource on error path (git-fixes).
- media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() (git-fixes).
- media: rc: fix races with imon_disconnect() (git-fixes).
- media: rj54n1cb0c: Fix memleak in rj54n1_probe() (git-fixes).
- media: s5p-mfc: remove an unused/uninitialized variable (git-fixes).
- media: st-delta: avoid excessive stack usage (git-fixes).
- media: tc358743: Check I2C succeeded during probe (stable-fixes).
- media: tc358743: Increase FIFO trigger level to 374 (stable-fixes).
- media: tc358743: Return an appropriate colorspace from tc358743_set_fmt (stable-fixes).
- media: ti: j721e-csi2rx: Fix source subdev link creation (git-fixes).
- media: ti: j721e-csi2rx: Use devm_of_platform_populate (git-fixes).
- media: ti: j721e-csi2rx: fix list_del corruption (git-fixes).
- media: tuner: xc5000: Fix use-after-free in xc5000_release (git-fixes).
- media: usb: hdpvr: disable zero-length read messages (stable-fixes).
- media: usbtv: Lock resolution while streaming (git-fixes).
- media: uvcvideo: Add quirk for HP Webcam HD 2300 (stable-fixes).
- media: uvcvideo: Do not mark valid metadata as invalid (git-fixes).
- media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() (git-fixes).
- media: uvcvideo: Fix bandwidth issue for Alcor camera (stable-fixes).
- media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID (git-fixes).
- media: uvcvideo: Rollback non processed entities on error (git-fixes).
- media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control (stable-fixes).
- media: v4l2-ctrls: Do not reset handler's error in v4l2_ctrl_handler_free() (git-fixes).
- media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check (git-fixes).
- media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() (git-fixes).
- media: v4l2: Add support for NV12M tiled variants to v4l2_format_info() (git-fixes).
- media: venus: Add a check for packet size after reading from shared memory (git-fixes).
- media: venus: Fix MSM8998 frequency table (git-fixes).
- media: venus: Fix OOB read due to missing payload bound check (git-fixes).
- media: venus: firmware: Use correct reset sequence for IRIS2 (git-fixes).
- media: venus: hfi: explicitly release IRQ during teardown (git-fixes).
- media: venus: protect against spurious interrupts during probe (git-fixes).
- media: venus: vdec: Clamp param smaller than 1fps and bigger than 240 (git-fixes).
- media: venus: venc: Clamp param smaller than 1fps and bigger than 240 (git-fixes).
- media: verisilicon: Fix AV1 decoder clock frequency (git-fixes).
- media: vivid: fix wrong pixel_array control size (git-fixes).
- media: zoran: Remove zoran_fh structure (git-fixes).
- mei: bus: Check for still connected devices in mei_cl_bus_dev_release() (stable-fixes).
- mei: vsc: Destroy mutex after freeing the IRQ (git-fixes).
- mei: vsc: Do not re-init VSC from mei_vsc_hw_reset() on stop (git-fixes).
- mei: vsc: Drop unused vsc_tp_request_irq() and vsc_tp_free_irq() (stable-fixes).
- mei: vsc: Event notifier fixes (git-fixes).
- mei: vsc: Fix "BUG: Invalid wait context" lockdep error (git-fixes).
- mei: vsc: Run event callback from a workqueue (git-fixes).
- mei: vsc: Unset the event callback on remove and probe errors (git-fixes).
- memory: mtk-smi: Add ostd setting for mt8186 (git-fixes).
- memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe (git-fixes).
- memstick: Fix deadlock by moving removing flag earlier (git-fixes).
- mfd: axp20x: Set explicit ID for AXP313 regulator (stable-fixes).
- mfd: cros_ec: Separate charge-control probing from USB-PD (git-fixes).
- mfd: exynos-lpass: Fix another error handling path in exynos_lpass_probe() (git-fixes).
- mfd: rz-mtu3: Fix MTU5 NFCR register offset (git-fixes).
- mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() (git-fixes).
- microchip: lan865x: Fix LAN8651 autoloading (git-fixes).
- microchip: lan865x: Fix module autoloading (git-fixes).
- microchip: lan865x: fix missing Timer Increment config for Rev.B0/B1 (git-fixes).
- microchip: lan865x: fix missing netif_start_queue() call on device open (git-fixes).
- misc: fastrpc: Fix fastrpc_map_lookup operation (git-fixes).
- misc: fastrpc: Save actual DMA size in fastrpc_map structure (git-fixes).
- misc: fastrpc: Skip reference for DMA handles (git-fixes).
- misc: fastrpc: fix possible map leak in fastrpc_put_args (git-fixes).
- misc: genwqe: Fix incorrect cmd field being reported in error (git-fixes).
- misc: pci_endpoint_test: Fix 'irq_type' to convey the correct type (git-fixes).
- misc: pci_endpoint_test: Give disabled BARs a distinct error code (stable-fixes).
- misc: rtsx: usb: Ensure mmc child device is active when card is present (git-fixes).
- mm/damon/core: avoid destroyed target reference from DAMOS quota (git-fixes).
- mm/damon/core: prevent unnecessary overflow in damos_set_effective_quota() (git-fixes).
- mm/damon/core: set quota->charged_from to jiffies at first charge window (git-fixes).
- mm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters() (git-fixes).
- mm/damon/ops-common: ignore migration request to invalid nodes (git-fixes).
- mm/damon/reclaim: avoid divide-by-zero in damon_reclaim_apply_parameters() (git-fixes).
- mm/damon/sysfs: fix use-after-free in state_show() (git-fixes).
- mm/memory-failure: fix redundant updates for already poisoned pages (bsc#1250087).
- mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() (git-fixes)
- mm/userfaultfd: fix kmap_local LIFO ordering for CONFIG_HIGHPTE (git-fixes).
- mm: close theoretical race where stale TLB entries could linger (git-fixes).
- mm: fault in complete folios instead of individual pages for tmpfs (git-fixes).
- mm: fix the inaccurate memory statistics issue for users (bsc#1244723).
- mm: introduce and use {pgd,p4d}_populate_kernel() (git-fixes).
- mm: khugepaged: fix call hpage_collapse_scan_file() for anonymous vma (git-fixes).
- mm: memory-tiering: fix PGPROMOTE_CANDIDATE counting (bsc#1245630).
- mm: memory-tiering: fix PGPROMOTE_CANDIDATE counting - kabi (bsc#1245630).
- mm: move page table sync declarations to linux/pgtable.h (git-fixes).
- mm: swap: fix potential buffer overflow in setup_clusters() (git-fixes).
- mmc: core: Fix variable shadowing in mmc_route_rpmb_frames() (git-fixes).
- mmc: mvsdio: Fix dma_unmap_sg() nents value (git-fixes).
- mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() (stable-fixes).
- mmc: sdhci-cadence: add Mobileye eyeQ support (stable-fixes).
- mmc: sdhci-msm: Ensure SD card power isn't ON when card removed (stable-fixes).
- mmc: sdhci-of-arasan: Ensure CD logic stabilization before power-up (stable-fixes).
- mmc: sdhci-of-arasan: Support for emmc hardware reset (stable-fixes).
- mmc: sdhci-pci-gli: Add a new function to simplify the code (git-fixes).
- mmc: sdhci-pci-gli: GL9763e: Mask the replay timer timeout of AER (git-fixes).
- mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency (git-fixes).
- mmc: sdhci_am654: Disable HS400 for AM62P SR1.0 and SR1.1 (git-fixes).
- module: Fix memory deallocation on error path in move_module() (git-fixes).
- module: Prevent silent truncation of module name in delete_module(2) (git-fixes).
- module: Remove unnecessary +1 from last_unloaded_module::name size (git-fixes).
- module: Restore the moduleparam prefix length check (git-fixes).
- most: core: Drop device reference after usage in get_channel() (git-fixes).
- mptcp: fix spurious wake-up on under memory pressure (git-fixes).
- mtd: fix possible integer overflow in erase_xfer() (git-fixes).
- mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing (git-fixes).
- mtd: rawnand: atmel: Fix dma_mapping_error() address (git-fixes).
- mtd: rawnand: atmel: Fix error handling path in atmel_nand_controller_add_nands (git-fixes).
- mtd: rawnand: atmel: set pmecc data setup time (git-fixes).
- mtd: rawnand: fsmc: Add missing check after DMA map (git-fixes).
- mtd: rawnand: omap2: fix device leak on probe failure (git-fixes).
- mtd: rawnand: qcom: Fix last codeword read in qcom_param_page_type_exec() (git-fixes).
- mtd: rawnand: renesas: Add missing check after DMA map (git-fixes).
- mtd: rawnand: rockchip: Add missing check after DMA map (git-fixes).
- mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer (git-fixes).
- mtd: rawnand: stm32_fmc2: fix ECC overwrite (git-fixes).
- mtd: spi-nor: Fix spi_nor_try_unlock_all() (git-fixes).
- mtd: spi-nor: spansion: Fixup params->set_4byte_addr_mode for SEMPER (git-fixes).
- mtd: spinand: propagate spinand_wait() errors from spinand_write_page() (git-fixes).
- mwl8k: Add missing check after DMA map (git-fixes).
- neighbour: Fix null-ptr-deref in neigh_flush_dev() (git-fixes).
- net/mlx5: Base ECVF devlink port attrs from 0 (git-fixes).
- net/mlx5: CT: Use the correct counter offset (git-fixes).
- net/mlx5: Check device memory pointer before usage (git-fixes).
- net/mlx5: Correctly set gso_segs when LRO is used (git-fixes).
- net/mlx5: Correctly set gso_size when LRO is used (git-fixes).
- net/mlx5: E-Switch, Fix peer miss rules to use peer eswitch (git-fixes).
- net/mlx5: Fix lockdep assertion on sync reset unload event (git-fixes).
- net/mlx5: Fix memory leak in cmd_exec() (git-fixes).
- net/mlx5: HWS, Fix memory leak in hws_action_get_shared_stc_nic error flow (git-fixes).
- net/mlx5: HWS, Fix pattern destruction in mlx5hws_pat_get_pattern error path (git-fixes).
- net/mlx5: HWS, fix bad parameter in CQ creation (git-fixes).
- net/mlx5: Nack sync reset when SFs are present (git-fixes).
- net/mlx5: Prevent flow steering mode changes in switchdev mode (git-fixes).
- net/mlx5: Reload auxiliary drivers on fw_activate (git-fixes).
- net/mlx5e: Add new prio for promiscuous mode (git-fixes).
- net/mlx5e: Clear Read-Only port buffer size in PBMC before update (git-fixes).
- net/mlx5e: Preserve shared buffer capacity during headroom updates (git-fixes).
- net/mlx5e: Remove skb secpath if xfrm state is not found (git-fixes).
- net/mlx5e: Set local Xoff after FW update (git-fixes).
- net/mlx5e: Update and set Xon/Xoff upon MTU set (git-fixes).
- net/mlx5e: Update and set Xon/Xoff upon port speed set (git-fixes).
- net/packet: fix a race in packet_set_ring() and packet_notifier() (git-fixes).
- net/sched: Restrict conditions for adding duplicating netems to qdisc tree (git-fixes).
- net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing (git-fixes).
- net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (git-fixes).
- net/sched: taprio: enforce minimum value for picos_per_byte (git-fixes).
- net/smc: check sndbuf_space again after NOSPACE flag is set in smc_poll (git-fixes).
- net: 802: LLC+SNAP OID:PID lookup on start of skb data (git-fixes).
- net: dsa: restore dsa_software_vlan_untag() ability to operate on VLAN-untagged traffic (git-fixes).
- net: dsa: tag_ocelot_8021q: fix broken reception (git-fixes).
- net: hsr: fix fill_frame_info() regression vs VLAN packets (git-fixes).
- net: hsr: fix hsr_init_sk() vs network/transport headers (git-fixes).
- net: hv_netvsc: fix loss of early receive events from host during channel open (git-fixes).
- net: ieee8021q: fix insufficient table-size assertion (stable-fixes).
- net: llc: reset skb->transport_header (git-fixes).
- net: mana: Add handler for hardware servicing events (bsc#1245730).
- net: mana: Add speed support in mana_get_link_ksettings (bsc#1245726).
- net: mana: Add support for net_shaper_ops (bsc#1245726).
- net: mana: Allocate MSI-X vectors dynamically (bsc#1245457).
- net: mana: Allow irq_setup() to skip cpus for affinity (bsc#1245457).
- net: mana: Expose additional hardware counters for drop and TC via ethtool (bsc#1245729).
- net: mana: Fix build errors when CONFIG_NET_SHAPER is disabled (gix-fixes).
- net: mana: Fix potential deadlocks in mana napi ops (bsc#1245726).
- net: mana: Handle Reset Request from MANA NIC (bsc#1245728).
- net: mana: Handle unsupported HWC commands (bsc#1245726).
- net: mana: Set tx_packets to post gso processing packet count (bsc#1245731).
- net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754).
- net: mana: explain irq_setup() algorithm (bsc#1245457).
- net: mana: fix spelling for mana_gd_deregiser_irq() (git-fixes).
- net: mctp: handle skb cleanup on sock_queue failures (git-fixes).
- net: mdio: mdio-bcm-unimac: Correct rate fallback logic (git-fixes).
- net: nfc: nci: Add parameter validation for packet data (git-fixes).
- net: page_pool: allow enabling recycling late, fix false positive warning (git-fixes).
- net: phy: bcm54811: PHY initialization (stable-fixes).
- net: phy: fix phy_uses_state_machine() (git-fixes).
- net: phy: micrel: Add ksz9131_resume() (stable-fixes).
- net: phy: micrel: fix KSZ8081/KSZ8091 cable test (git-fixes).
- net: phy: smsc: add proper reset flags for LAN8710A (stable-fixes).
- net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer (git-fixes).
- net: rose: convert 'use' field to refcount_t (git-fixes).
- net: rose: fix a typo in rose_clear_routes() (git-fixes).
- net: rose: include node references in rose_neigh refcount (git-fixes).
- net: rose: split remove and free operations in rose_remove_neigh() (stable-fixes).
- net: thunderbolt: Enable end-to-end flow control also in transmit (stable-fixes).
- net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths() (stable-fixes).
- net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast (git-fixes).
- net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock (git-fixes).
- net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization (git-fixes).
- net: usb: asix_devices: add phy_mask for ax88772 mdio bus (git-fixes).
- net: usb: cdc-ncm: check for filtering capability (git-fixes).
- net: usb: qmi_wwan: add Telit Cinterion FN990A w/audio composition (stable-fixes).
- net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions (git-fixes).
- net: usb: qmi_wwan: fix Telit Cinterion FE990A name (stable-fixes).
- net: usb: qmi_wwan: fix Telit Cinterion FN990A name (stable-fixes).
- net: usbnet: Avoid potential RCU stall on LINK_CHANGE event (git-fixes).
- net: usbnet: Fix the wrong netif_carrier_on() call (git-fixes).
- netfilter: ctnetlink: fix refcount leak on table dump (git-fixes).
- netfilter: ctnetlink: remove refcounting in expectation dumpers (git-fixes).
- netfilter: nf_conncount: garbage collection is not skipped when jiffies wrap around (git-fixes).
- netfilter: nf_nat: also check reverse tuple to obtain clashing entry (git-fixes).
- netfilter: nf_reject: do not leak dst refcount for loopback packets (git-fixes).
- netfilter: nf_tables: Drop dead code from fill_*_info routines (git-fixes).
- netfilter: nf_tables: adjust lockdep assertions handling (git-fixes).
- netfilter: nf_tables: fix set size with rbtree backend (git-fixes).
- netfilter: nf_tables: imbalance in flowtable binding (git-fixes).
- netfilter: nft_ct: Use __refcount_inc() for per-CPU nft_ct_pcpu_template (git-fixes).
- netfilter: nft_flow_offload: update tcp state flags under lock (git-fixes).
- netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237).
- netfilter: nft_set_hash: skip duplicated elements pending gc run (git-fixes).
- netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext (git-fixes).
- netfilter: nft_set_pipapo: prefer kvmalloc for scratch maps (git-fixes).
- netfilter: nft_tunnel: fix geneve_opt dump (git-fixes).
- netfilter: xtables: support arpt_mark and ipv6 optstrip for iptables-nft only builds (git-fixes).
- netlink: fix policy dump for int with validation callback (jsc#PED-13331).
- netlink: specs: devlink: replace underscores with dashes in names (jsc#PED-13331).
- netpoll: prevent hanging NAPI when netcons gets enabled (git-fixes).
- nfs/localio: add direct IO enablement with sync and async IO support (git-fixes).
- nfs/localio: remove extra indirect nfs_to call to check {read,write}_iter (git-fixes).
- nfsd: Fix NFSD_MAY_BYPASS_GSS and NFSD_MAY_BYPASS_GSS_ON_ROOT (git-fixes).
- nfsd: fix access checking for NLM under XPRTSEC policies (git-fixes).
- nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (git-fixes).
- nouveau: fix disabling the nonstall irq due to storm code (git-fixes).
- nvme-auth: update bi_directional flag (git-fixes).
- nvme-fc: use lock accessing port_state and rport state (bsc#1245193 bsc#1247500).
- nvme-pci: try function level reset on init failure (git-fixes).
- nvme-tcp: log TLS handshake failures at error level (git-fixes).
- nvme-tcp: send only permitted commands for secure concat (git-fixes).
- nvme: fix PI insert on write (git-fixes).
- nvme: fix endianness of command word prints in nvme_log_err_passthru() (git-fixes).
- nvme: fix inconsistent RCU list manipulation in nvme_ns_add_to_ctrl_list() (git-fixes).
- nvme: fix misaccounting of nvme-mpath inflight I/O (git-fixes).
- nvmet-fc: avoid scheduling association deletion twice (bsc#1245193 bsc#1247500).
- nvmet-fc: move lsop put work to nvmet_fc_ls_req_op (bsc#1245193 bsc#1247500).
- nvmet-fcloop: call done callback even when remote port is gone (bsc#1245193 bsc#1247500).
- nvmet-tcp: fix callback lock for TLS handshake (git-fixes).
- nvmet: exit debugfs after discovery subsystem exits (git-fixes).
- nvmet: initialize discovery subsys after debugfs is initialized (git-fixes).
- nvmet: pci-epf: Do not complete commands twice if nvmet_req_init() fails (git-fixes).
- objtool, ASoC: codecs: wcd934x: Remove potential undefined behavior in wcd934x_slim_irq_handler() (stable-fixes).
- objtool, lkdtm: Obfuscate the do_nothing() pointer (stable-fixes).
- objtool, regulator: rk808: Remove potential undefined behavior in rk806_set_mode_dcdc() (stable-fixes).
- of: dynamic: Fix memleak when of_pci_add_properties() failed (git-fixes).
- of: dynamic: Fix use after free in of_changeset_add_prop_helper() (git-fixes).
- of: resolver: Fix device node refcount leakage in of_resolve_phandles() (git-fixes).
- of: resolver: Simplify of_resolve_phandles() using __free() (stable-fixes).
- of: unittest: Fix device reference count leak in of_unittest_pci_node_verify (git-fixes).
- of: unittest: Unlock on error in unittest_data_add() (git-fixes).
- pNFS/flexfiles: do not attempt pnfs on fatal DS errors (git-fixes).
- pNFS: Fix disk addr range check in block/scsi layout (git-fixes).
- pNFS: Fix stripe mapping in block/scsi layout (git-fixes).
- pNFS: Fix uninited ptr deref in block/scsi layout (git-fixes).
- pNFS: Handle RPC size limit for layoutcommits (git-fixes).
- percpu: fix race on alloc failed warning limit (git-fixes).
- perf bpf-event: Fix use-after-free in synthesis (git-fixes).
- perf bpf-utils: Constify bpil_array_desc (git-fixes).
- perf bpf-utils: Harden get_bpf_prog_info_linear (git-fixes).
- perf dso: Add missed dso__put to dso__load_kcore (git-fixes).
- perf hwmon_pmu: Avoid shortening hwmon PMU name (git-fixes).
- perf parse-events: Set default GH modifier properly (git-fixes).
- perf record: Cache build-ID of hit DSOs only (git-fixes).
- perf sched: Fix memory leaks for evsel->priv in timehist (git-fixes).
- perf sched: Fix memory leaks in 'perf sched latency' (git-fixes).
- perf sched: Fix memory leaks in 'perf sched map' (git-fixes).
- perf sched: Fix thread leaks in 'perf sched timehist' (git-fixes).
- perf sched: Free thread->priv using priv_destructor (git-fixes).
- perf sched: Make sure it frees the usage string (git-fixes).
- perf sched: Use RC_CHK_EQUAL() to compare pointers (git-fixes).
- perf symbol-minimal: Fix ehdr reading in filename__read_build_id (git-fixes).
- perf test: Fix a build error in x86 topdown test (git-fixes).
- perf tests bp_account: Fix leaked file descriptor (git-fixes).
- perf tools: Remove libtraceevent in .gitignore (git-fixes).
- perf topdown: Use attribute to see an event is a topdown metic or slots (git-fixes).
- perf trace: Remove --map-dump documentation (git-fixes).
- phy: fsl-imx8mq-usb: fix phy_tx_vboost_level_from_property() (git-fixes).
- phy: mscc: Fix parsing of unicast frames (git-fixes).
- phy: mscc: Fix timestamping for vsc8584 (git-fixes).
- phy: qcom: phy-qcom-m31: Update IPQ5332 M31 USB phy initialization sequence (git-fixes).
- phy: qualcomm: phy-qcom-eusb2-repeater: Do not zero-out registers (git-fixes).
- phy: qualcomm: phy-qcom-eusb2-repeater: fix override properties (git-fixes).
- phy: rockchip-pcie: Properly disable TEST_WRITE strobe signal (stable-fixes).
- phy: rockchip: naneng-combphy: Enable U3 OTG port for RK3568 (git-fixes).
- phy: rockchip: samsung-hdptx: Do no set rk_hdptx_phy->rate in case of errors (git-fixes).
- phy: rockchip: samsung-hdptx: Fix clock ratio setup (git-fixes).
- phy: tegra: xusb: fix device and OF node leak at probe (git-fixes).
- phy: ti-pipe3: fix device leak at unbind (git-fixes).
- phy: ti: omap-usb2: fix device leak at unbind (git-fixes).
- pidfs: Fix memory leak in pidfd_info() (jsc#PED-13113).
- pidfs: raise SB_I_NODEV and SB_I_NOEXEC (bsc#1249562).
- pinctrl: STMFX: add missing HAS_IOMEM dependency (git-fixes).
- pinctrl: berlin: fix memory leak in berlin_pinctrl_build_state() (git-fixes).
- pinctrl: equilibrium: Remove redundant semicolons (git-fixes).
- pinctrl: meson-gxl: add missing i2c_d pinmux (git-fixes).
- pinctrl: renesas: Use int type to store negative error codes (git-fixes).
- pinctrl: renesas: rzg2l: Fix invalid unsigned return in rzg3s_oen_read() (git-fixes).
- pinctrl: samsung: Drop unused S3C24xx driver data (git-fixes).
- pinctrl: stm32: Manage irq affinity settings (stable-fixes).
- pinctrl: sunxi: Fix memory leak on krealloc failure (git-fixes).
- pinmux: fix race causing mux_owner NULL with active mux_usecount (git-fixes).
- platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() (git-fixes).
- platform/chrome: cros_ec_sensorhub: Retries when a sensor is not ready (stable-fixes).
- platform/chrome: cros_ec_typec: Defer probe on missing EC parent (stable-fixes).
- platform/mellanox: mlxbf-pmc: Remove newline char from event name input (git-fixes).
- platform/mellanox: mlxbf-pmc: Use kstrtobool() to check 0/1 input (git-fixes).
- platform/mellanox: mlxbf-pmc: Validate event/enable input (git-fixes).
- platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL (git-fixes).
- platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042 list (stable-fixes).
- platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious 8042 quirks list (stable-fixes).
- platform/x86/amd/pmc: Add TUXEDO IB Pro Gen10 AMD to spurious 8042 quirks list (stable-fixes).
- platform/x86/amd/pmf: Support new ACPI ID AMDI0108 (stable-fixes).
- platform/x86/amd: pmc: Add Lenovo Yoga 6 13ALC6 to pmc quirk list (stable-fixes).
- platform/x86/intel-uncore-freq: Check write blocked for ELC (git-fixes).
- platform/x86/intel: power-domains: Use topology_logical_package_id() for package ID (git-fixes).
- platform/x86: Fix initialization order for firmware_attributes_class (git-fixes).
- platform/x86: asus-nb-wmi: add DMI quirk for ASUS Zenbook Duo UX8406CA (stable-fixes).
- platform/x86: asus-wmi: Fix ROG button mapping, tablet mode on ASUS ROG Z13 (stable-fixes).
- platform/x86: asus-wmi: Re-add extra keys to ignore_key_wlan quirk (git-fixes).
- platform/x86: asus-wmi: Remove extra keys from ignore_key_wlan quirk (git-fixes).
- platform/x86: ideapad-laptop: Fix FnLock not remembered among boots (git-fixes).
- platform/x86: ideapad-laptop: Fix kbd backlight not remembered among boots (git-fixes).
- platform/x86: lg-laptop: Fix WMAB call in fan_mode_store() (git-fixes).
- pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() (stable-fixes).
- pm: cpupower: bench: Prevent NULL dereference on malloc failure (stable-fixes).
- power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery (git-fixes).
- power: supply: bq27xxx: restrict no-battery detection to bq27000 (git-fixes).
- power: supply: cpcap-charger: Fix null check for power_supply_get_by_name (git-fixes).
- power: supply: cw2015: Fix a alignment coding style issue (git-fixes).
- power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set (git-fixes).
- power: supply: max77976_charger: fix constant current reporting (git-fixes).
- power: supply: qcom_battmgr: Add lithium-polymer entry (stable-fixes).
- powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() (git-fixes).
- powerpc/eeh: Export eeh_unfreeze_pe() (bsc#1215199).
- powerpc/eeh: Make EEH driver device hotplug safe (bsc#1215199).
- powerpc/ftrace: ensure ftrace record ops are always set for NOPs (git-fixes).
- powerpc/ftrace: ensure ftrace record ops are always set for NOPs (jsc#PED-10909 git-fixes).
- powerpc/kernel: Fix ppc_save_regs inclusion in build (bsc#1215199).
- powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199).
- powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199).
- powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199).
- powerpc/pseries: Correct secvar format representation for static key management (jsc#PED-13345 jsc#PED-13343).
- powerpc/secvar: Expose secvars relevant to the key management mode (jsc#PED-13345 jsc#PED-13343).
- powerpc64/modules: correctly iterate over stubs in setup_ftrace_ool_stubs (jsc#PED-10909 git-fixes).
- powerpc: do not build ppc_save_regs.o always (bsc#1215199).
- powerpc: floppy: Add missing checks after DMA map (bsc#1215199).
- pptp: fix pptp_xmit() error path (git-fixes).
- printk: nbcon: Allow reacquire during panic (bsc#1246688).
- psample: adjust size if rate_as_probability is set (git-fixes).
- ptp: fix breakage after ptp_vclock_in_use() rework (git-fixes).
- pwm: berlin: Fix wrong register in suspend/resume (git-fixes).
- pwm: imx-tpm: Reset counter if CMOD is 0 (git-fixes).
- pwm: mediatek: Fix duty and period setting (git-fixes).
- pwm: mediatek: Handle hardware enable and clock enable separately (stable-fixes).
- pwm: rockchip: Round period/duty down on apply, up on get (git-fixes).
- pwm: tiehrpwm: Do not drop runtime PM reference in .free() (git-fixes).
- pwm: tiehrpwm: Fix corner case in clock divisor calculation (git-fixes).
- pwm: tiehrpwm: Fix various off-by-one errors in duty-cycle calculation (git-fixes).
- pwm: tiehrpwm: Make code comment in .free() more useful (git-fixes).
- r8169: add support for RTL8125D (stable-fixes).
- r8169: disable RTL8126 ZRX-DC timeout (stable-fixes).
- r8169: do not scan PHY addresses > 0 (stable-fixes).
- rcu: Fix racy re-initialization of irq_work causing hangs (git-fixes)
- regmap: Remove superfluous check for !config in __regmap_init() (git-fixes).
- regulator: core: fix NULL dereference on unbind due to stale coupling data (stable-fixes).
- regulator: scmi: Use int type to store negative error codes (git-fixes).
- regulator: sy7636a: fix lifecycle of power good gpio (git-fixes).
- reset: brcmstb: Enable reset drivers for ARCH_BCM2835 (stable-fixes).
- reset: eyeq: fix OF node leak (git-fixes).
- resource: Add resource set range and size helpers (jsc#PED-13728 jsc#PED-13762).
- resource: fix false warning in __request_region() (git-fixes).
- ring-buffer: Do not allow events in NMI with generic atomic64 cmpxchg() (git-fixes).
- ring-buffer: Make reading page consistent with the code logic (git-fixes).
- rpm/config.sh: SLFO 1.2 is now synced to OBS as well
- rtc: ds1307: fix incorrect maximum clock rate handling (git-fixes).
- rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 (stable-fixes).
- rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe (stable-fixes).
- rtc: hym8563: fix incorrect maximum clock rate handling (git-fixes).
- rtc: nct3018y: fix incorrect maximum clock rate handling (git-fixes).
- rtc: optee: fix memory leak on driver removal (git-fixes).
- rtc: pcf85063: fix incorrect maximum clock rate handling (git-fixes).
- rtc: pcf8563: fix incorrect maximum clock rate handling (git-fixes).
- rtc: rv3028: fix incorrect maximum clock rate handling (git-fixes).
- rtc: x1205: Fix Xicor X1205 vendor prefix (git-fixes).
- s390/ap: Unmask SLCF bit in card and queue ap functions sysfs (git-fixes bsc#1247837).
- s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again (git-fixes bsc#1246868).
- s390/cpum_cf: Deny all sampling events by counter PMU (git-fixes bsc#1249477).
- s390/early: Copy last breaking event address to pt_regs (git-fixes bsc#1249061).
- s390/hypfs: Avoid unnecessary ioctl registration in debugfs (bsc#1248727 git-fixes).
- s390/hypfs: Enable limited access during lockdown (bsc#1248727 git-fixes).
- s390/ism: fix concurrency management in ism_cmd() (git-fixes bsc#1247372).
- s390/mm: Allocate page table with PAGE_SIZE granularity (git-fixes bsc#1247838).
- s390/mm: Do not map lowcore with identity mapping (git-fixes bsc#1249066).
- s390/mm: Remove possible false-positive warning in pte_free_defer() (git-fixes bsc#1247366).
- s390/pai: Deny all events not handled by this PMU (git-fixes bsc#1249478).
- s390/pci: Allow automatic recovery with minimal driver support (bsc#1248728 git-fixes).
- s390/sclp: Fix SCCB present check (git-fixes bsc#1249065).
- s390/stp: Remove udelay from stp_sync_clock() (git-fixes bsc#1249062).
- s390/time: Use monotonic clock in get_cycles() (git-fixes bsc#1249064).
- samples/bpf: Fix compilation failure for samples/bpf on LoongArch Fedora (git-fixes).
- samples: mei: Fix building on musl libc (git-fixes).
- sched/deadline: Always stop dl-server before changing parameters (bsc#1247936).
- sched/deadline: Do not count nr_running for dl_server proxy tasks (git-fixes, bsc#1247936).
- sched/deadline: Fix RT task potential starvation when expiry time passed (git-fixes, bsc#1247936).
- sched/deadline: Fix dl_server_stopped() (bsc#1247936).
- sched/deadline: Initialize dl_servers after SMP (git-fixes)
- sched_ext, sched/core: Do not call scx_group_set_weight() (git-fixes)
- scsi: Revert "scsi: iscsi: Fix HW conn removal use after free" (git-fixes).
- scsi: core: Fix kernel doc for scsi_track_queue_full() (git-fixes).
- scsi: elx: efct: Fix dma_unmap_sg() nents value (git-fixes).
- scsi: fc: Avoid -Wflex-array-member-not-at-end warnings (bsc#1250519).
- scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value (git-fixes).
- scsi: isci: Fix dma_unmap_sg() nents value (git-fixes).
- scsi: lpfc: Abort outstanding ELS WQEs regardless of if rmmod is in progress (bsc#1250519).
- scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET (bsc#1250519).
- scsi: lpfc: Clean up allocated queues when queue setup mbox commands fail (bsc#1250519).
- scsi: lpfc: Clean up extraneous phba dentries (bsc#1250519).
- scsi: lpfc: Convert debugfs directory counts from atomic to unsigned int (bsc#1250519).
- scsi: lpfc: Copyright updates for 14.4.0.11 patches (bsc#1250519).
- scsi: lpfc: Decrement ndlp kref after FDISC retries exhausted (bsc#1250519).
- scsi: lpfc: Define size of debugfs entry for xri rebalancing (bsc#1250519).
- scsi: lpfc: Ensure PLOGI_ACC is sent prior to PRLI in Point to Point topology (bsc#1250519).
- scsi: lpfc: Fix buffer free/clear order in deferred receive path (bsc#1250519).
- scsi: lpfc: Fix wrong function reference in a comment (bsc#1250519).
- scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup (bsc#1250519).
- scsi: lpfc: Remove redundant assignment to avoid memory leak (bsc#1250519).
- scsi: lpfc: Remove unused member variables in struct lpfc_hba and lpfc_vport (bsc#1250519).
- scsi: lpfc: Update lpfc version to 14.4.0.11 (bsc#1250519).
- scsi: lpfc: Use int type to store negative error codes (bsc#1250519).
- scsi: lpfc: Use switch case statements in DIF debugfs handlers (bsc#1250519).
- scsi: lpfc: use min() to improve code (bsc#1250519).
- scsi: mpi3mr: Event processing debug improvement (bsc#1251186).
- scsi: mpi3mr: Fix I/O failures during controller reset (bsc#1251186).
- scsi: mpi3mr: Fix controller init failure on fault during queue creation (bsc#1251186).
- scsi: mpi3mr: Fix device loss during enclosure reboot due to zero link speed (bsc#1251186).
- scsi: mpi3mr: Fix kernel-doc issues in mpi3mr_app.c (git-fixes).
- scsi: mpi3mr: Fix premature TM timeouts on virtual drives (bsc#1251186).
- scsi: mpi3mr: Fix race between config read submit and interrupt completion (git-fixes).
- scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems (git-fixes).
- scsi: mpi3mr: Update MPI headers to revision 37 (bsc#1251186).
- scsi: mpi3mr: Update driver version to 8.15.0.5.50 (bsc#1251186).
- scsi: mpt3sas: Fix a fw_event memory leak (git-fixes).
- scsi: mvsas: Fix dma_unmap_sg() nents value (git-fixes).
- scsi: qla2xxx: Avoid stack frame size warning in qla_dfs (git-fixes).
- scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES() (git-fixes).
- scsi: qla2xxx: Fix incorrect sign of error code in qla_nvme_xmt_ls_rsp() (git-fixes).
- scsi: qla2xxx: Remove firmware URL (git-fixes).
- scsi: qla2xxx: Use secs_to_jiffies() instead of msecs_to_jiffies() (git-fixes).
- scsi: qla2xxx: edif: Fix incorrect sign of error code (git-fixes).
- scsi: sd: Make sd shutdown issue START STOP UNIT appropriately (git-fixes).
- scsi: smartpqi: Enhance WWID logging logic (bsc#1246631).
- scsi: smartpqi: Take drives offline when controller is offline (bsc#1246631).
- scsi: smartpqi: Update driver version to 2.1.34-035 (bsc#1246631).
- scsi: ufs: Fix toggling of clk_gating.state when clock gating is not allowed (git-fixes).
- scsi: ufs: Introduce quirk to extend PA_HIBERN8TIME for UFS devices (git-fixes).
- scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails (git-fixes).
- scsi: ufs: core: Add missing post notify for power mode change (git-fixes).
- scsi: ufs: core: Add ufshcd_send_bsg_uic_cmd() for UFS BSG (git-fixes).
- scsi: ufs: core: Always initialize the UIC done completion (git-fixes).
- scsi: ufs: core: Do not perform UFS clkscaling during host async scan (git-fixes).
- scsi: ufs: core: Fix clk scaling to be conditional in reset and restore (git-fixes).
- scsi: ufs: core: Fix error return with query response (git-fixes).
- scsi: ufs: core: Fix spelling of a sysfs attribute name (git-fixes).
- scsi: ufs: core: Fix ufshcd_is_ufs_dev_busy() and ufshcd_eh_timed_out() (git-fixes).
- scsi: ufs: core: Honor runtime/system PM levels if set by host controller drivers (git-fixes).
- scsi: ufs: core: Improve ufshcd_mcq_sq_cleanup() (git-fixes).
- scsi: ufs: core: Introduce ufshcd_has_pending_tasks() (git-fixes).
- scsi: ufs: core: Prepare to introduce a new clock_gating lock (git-fixes).
- scsi: ufs: core: Remove redundant query_complete trace (git-fixes).
- scsi: ufs: core: Set default runtime/system PM levels before ufshcd_hba_init() (git-fixes).
- scsi: ufs: core: Update compl_time_stamp_local_clock after completing a cqe (git-fixes).
- scsi: ufs: core: Use link recovery when h8 exit fails during runtime resume (git-fixes).
- scsi: ufs: exynos: Add check inside exynos_ufs_config_smu() (git-fixes).
- scsi: ufs: exynos: Add gs101_ufs_drv_init() hook and enable WriteBooster (git-fixes).
- scsi: ufs: exynos: Enable PRDT pre-fetching with UFSHCD_CAP_CRYPTO (git-fixes).
- scsi: ufs: exynos: Ensure consistent phy reference counts (git-fixes).
- scsi: ufs: exynos: Ensure pre_link() executes before exynos_ufs_phy_init() (git-fixes).
- scsi: ufs: exynos: Fix hibern8 notify callbacks (git-fixes).
- scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE (git-fixes).
- scsi: ufs: exynos: Move UFS shareability value to drvdata (git-fixes).
- scsi: ufs: exynos: Move phy calls to .exit() callback (git-fixes).
- scsi: ufs: exynos: Remove empty drv_init method (git-fixes).
- scsi: ufs: exynos: Remove superfluous function parameter (git-fixes).
- scsi: ufs: exynos: gs101: Put UFS device in reset on .suspend() (git-fixes).
- scsi: ufs: mcq: Delete ufshcd_release_scsi_cmd() in ufshcd_mcq_abort() (git-fixes).
- scsi: ufs: pltfrm: Disable runtime PM during removal of glue drivers (git-fixes).
- scsi: ufs: pltfrm: Drop PM runtime reference count after ufshcd_remove() (git-fixes).
- scsi: ufs: qcom: Fix crypto key eviction (git-fixes).
- scsi: ufs: qcom: fix dev reference leaked through of_qcom_ice_get (git-fixes).
- scsi: ufs: ufs-pci: Fix default runtime and system PM levels (git-fixes).
- scsi: ufs: ufs-pci: Fix hibernate state transition for Intel MTL-like host controllers (git-fixes).
- seccomp: Fix a race with WAIT_KILLABLE_RECV if the tracer replies too fast (git-fixes bsc#1250671).
- selftest/livepatch: Only run test-kprobe with CONFIG_KPROBES_ON_FTRACE (poo#187320).
- selftests/cpufreq: Fix cpufreq basic read and update testcases (bsc#1250344).
- selftests/livepatch: Ignore NO_SUPPORT line in dmesg (poo#187320).
- selftests/livepatch: Replace hardcoded module name with variable in test-callbacks.sh (poo#187320).
- selftests/run_kselftest.sh: Fix help string for --per-test-log (poo#187320).
- selftests/run_kselftest.sh: Use readlink if realpath is not available (poo#187320).
- selftests/tracing: Fix false failure of subsystem event test (git-fixes).
- selftests: ALSA: fix memory leak in utimer test (git-fixes).
- selftests: livepatch: add new ftrace helpers functions (poo#187320).
- selftests: livepatch: add test cases of stack_order sysfs interface (poo#187320).
- selftests: livepatch: handle PRINTK_CALLER in check_result() (poo#187320).
- selftests: livepatch: rename KLP_SYSFS_DIR to SYSFS_KLP_DIR (poo#187320).
- selftests: livepatch: save and restore kprobe state (poo#187320).
- selftests: livepatch: test if ftrace can trace a livepatched function (poo#187320).
- selftests: livepatch: test livepatching a kprobed function (poo#187320).
- selftests: ncdevmem: Move ncdevmem under drivers/net/hw (poo#187443).
- selinux: change security_compute_sid to return the ssid or tsid on match (git-fixes).
- selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len (stable-fixes).
- serial: 8250: Touch watchdogs in write_atomic() (bsc#1246688).
- serial: 8250: fix panic due to PSLVERR (git-fixes).
- serial: max310x: Add error checking in probe() (git-fixes).
- serial: sc16is7xx: fix bug in flow control levels init (git-fixes).
- skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650).
- slab: Decouple slab_debug and no_hash_pointers (bsc#1249022).
- smb: client: fix crypto buffers in non-linear memory (bsc#1250491, boo#1239206).
- smb: client: fix netns refcount leak after net_passive changes (git-fixes).
- soc/tegra: cbb: Clear ERR_FORCE register with ERR_STATUS (git-fixes).
- soc/tegra: pmc: Ensure power-domains are in a known state (git-fixes).
- soc: mediatek: mtk-svs: fix device leaks on mt8183 probe failure (git-fixes).
- soc: mediatek: mtk-svs: fix device leaks on mt8192 probe failure (git-fixes).
- soc: qcom: QMI encoding/decoding for big endian (git-fixes).
- soc: qcom: fix endianness for QMI header (git-fixes).
- soc: qcom: mdt_loader: Actually use the e_phoff (stable-fixes).
- soc: qcom: mdt_loader: Deal with zero e_shentsize (git-fixes).
- soc: qcom: mdt_loader: Ensure we do not read past the ELF header (git-fixes).
- soc: qcom: mdt_loader: Fix error return values in mdt_header_valid() (git-fixes).
- soc: qcom: pmic_glink: fix OF node leak (git-fixes).
- soc: qcom: rpmh-rsc: Add RSC version 4 support (stable-fixes).
- soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS (git-fixes).
- soundwire: Move handle_nested_irq outside of sdw_dev_lock (stable-fixes).
- soundwire: amd: cancel pending slave status handling workqueue during remove sequence (stable-fixes).
- soundwire: amd: fix for handling slave alerts after link is down (git-fixes).
- soundwire: amd: serialize amd manager resume sequence during pm_prepare (stable-fixes).
- soundwire: stream: restore params when prepare ports fail (git-fixes).
- spi: bcm2835: Remove redundant semicolons (git-fixes).
- spi: cadence-quadspi: Fix cqspi_setup_flash() (git-fixes).
- spi: cadence-quadspi: Flush posted register writes before DAC access (git-fixes).
- spi: cadence-quadspi: Flush posted register writes before INDAC access (git-fixes).
- spi: cadence-quadspi: fix cleanup of rx_chan on failure paths (stable-fixes).
- spi: cs42l43: Property entry should be a null-terminated array (bsc#1246979).
- spi: fix return code when spi device has too many chipselects (git-fixes).
- spi: mtk-snfi: Remove redundant semicolons (git-fixes).
- spi: spi-fsl-lpspi: Clamp too high speed_hz (git-fixes).
- spi: spi-fsl-lpspi: Clear status register after disabling the module (git-fixes).
- spi: spi-fsl-lpspi: Fix transmissions when using CONT (git-fixes).
- spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort (git-fixes).
- spi: spi-fsl-lpspi: Set correct chip-select polarity bit (git-fixes).
- spi: stm32: Check for cfg availability in stm32_spi_probe (git-fixes).
- sprintf.h requires stdarg.h (git-fixes).
- sprintf.h: mask additional include (git-fixes).
- squashfs: fix memory leak in squashfs_fill_super (git-fixes).
- staging: axis-fifo: fix TX handling on copy_from_user() failure (git-fixes).
- staging: axis-fifo: fix maximum TX packet length check (git-fixes).
- staging: axis-fifo: flush RX FIFO on read errors (git-fixes).
- staging: axis-fifo: remove sysfs interface (git-fixes).
- staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() (git-fixes).
- staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int() (git-fixes).
- staging: nvec: Fix incorrect null termination of battery manufacturer (git-fixes).
- staging: vchiq_arm: Make vchiq_shutdown never fail (git-fixes).
- struct cdc_ncm_ctx: move new member to end (git-fixes).
- sunrpc: fix client side handling of tls alerts (git-fixes).
- sunrpc: fix handling of server side tls alerts (git-fixes).
- sunrpc: fix null pointer dereference on zero-length checksum (git-fixes).
- sunvdc: Balance device refcount in vdc_port_mpgroup_check (git-fixes).
- supported.conf: Mark ZL3073X modules supported
- supported.conf: mark hyperv_drm as external
- tcp: call tcp_measure_rcv_mss() for ooo packets (git-fixes).
- tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650).
- thermal/drivers/mediatek/lvts_thermal: Add lvts commands and their sizes to driver data (stable-fixes).
- thermal/drivers/mediatek/lvts_thermal: Add mt7988 lvts commands (stable-fixes).
- thermal/drivers/mediatek/lvts_thermal: Change lvts commands array to static const (stable-fixes).
- thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required (stable-fixes).
- thermal/drivers/qcom/lmh: Add missing IRQ includes (git-fixes).
- thermal: sysfs: Return ENODATA instead of EAGAIN for reads (stable-fixes).
- thunderbolt: Compare HMAC values in constant time (git-fixes).
- thunderbolt: Fix copy+paste error in match_service_id() (git-fixes).
- tools/power turbostat: Clustered Uncore MHz counters should honor show/hide options (stable-fixes).
- tools/power turbostat: Fix bogus SysWatt for forked program (git-fixes).
- tools/power turbostat: Fix build with musl (stable-fixes).
- tools/power turbostat: Handle cap_get_proc() ENOSYS (stable-fixes).
- tools/power turbostat: Handle non-root legacy-uncore sysfs permissions (stable-fixes).
- tools/resolve_btfids: Fix build when cross compiling kernel with clang (git-fixes).
- tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single (git-fixes).
- trace/fgraph: Fix error handling (git-fixes).
- trace/ring-buffer: Do not use TP_printk() formatting for boot mapped buffers (git-fixes).
- tracepoint: Print the function symbol when tracepoint_debug is set (jsc#PED-13631).
- tracing/kprobe: Make trace_kprobe's module callback called after jump_label update (git-fixes).
- tracing/kprobes: Fix to free objects when failed to copy a symbol (git-fixes).
- tracing: Correct the refcount if the hist/hist_debug file fails to open (git-fixes).
- tracing: Fix filter string testing (git-fixes).
- tracing: Fix using ret variable in tracing_set_tracer() (git-fixes).
- tracing: Remove unneeded goto out logic (bsc#1249286).
- tracing: Switch trace.c code over to use guard() (git-fixes).
- tracing: Switch trace_events_hist.c code over to use guard() (git-fixes).
- tracing: fprobe events: Fix possible UAF on modules (git-fixes).
- tracing: tprobe-events: Fix leakage of module refcount (git-fixes).
- tty: hvc_console: Call hvc_kick in hvc_write unconditionally (bsc#1230062).
- tty: n_gsm: Do not block input queue by waiting MSC (git-fixes).
- tty: serial: fix print format specifiers (stable-fixes).
- ublk: sanity check add_dev input for underflow (git-fixes).
- ublk: use vmalloc for ublk_device's __queues (git-fixes).
- ucount: fix atomic_long_inc_below() argument type (git-fixes).
- uio: uio_pdrv_genirq: Remove MODULE_DEVICE_TABLE (git-fixes).
- usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() (git-fixes).
- usb: cdns3: cdnsp-pci: remove redundant pci_disable_device() call (git-fixes).
- usb: core: Add 0x prefix to quirks debug output (stable-fixes).
- usb: core: config: Prevent OOB read in SS endpoint companion parsing (stable-fixes).
- usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test (git-fixes).
- usb: core: usb_submit_urb: downgrade type check (stable-fixes).
- usb: dwc3: Ignore late xferNotReady event to prevent halt timeout (git-fixes).
- usb: dwc3: Remove WARN_ON for device endpoint command timeouts (stable-fixes).
- usb: dwc3: imx8mp: fix device leak at unbind (git-fixes).
- usb: dwc3: meson-g12a: fix device leaks at unbind (git-fixes).
- usb: dwc3: pci: add support for the Intel Wildcat Lake (stable-fixes).
- usb: dwc3: qcom: Do not leave BCR asserted (git-fixes).
- usb: early: xhci-dbc: Fix early_ioremap leak (git-fixes).
- usb: gadget : fix use-after-free in composite_dev_cleanup() (git-fixes).
- usb: gadget: configfs: Correctly set use_os_string at bind (git-fixes).
- usb: gadget: midi2: Fix MIDI2 IN EP max packet size (git-fixes).
- usb: gadget: midi2: Fix missing UMP group attributes initialization (git-fixes).
- usb: gadget: udc: renesas_usb3: fix device leak at unbind (git-fixes).
- usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup (git-fixes).
- usb: host: xhci-plat: fix incorrect type for of_match variable in xhci_plat_probe() (git-fixes).
- usb: misc: apple-mfi-fastcharge: Make power supply names unique (git-fixes).
- usb: misc: qcom_eud: Access EUD_MODE_MANAGER2 through secure calls (git-fixes).
- usb: musb: omap2430: fix device leak at unbind (git-fixes).
- usb: phy: twl6030: Fix incorrect type for ret (git-fixes).
- usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive (stable-fixes).
- usb: renesas-xhci: Fix External ROM access timeouts (git-fixes).
- usb: storage: realtek_cr: Use correct byte order for bcs->Residue (git-fixes).
- usb: typec: fusb302: cache PD RX state (git-fixes).
- usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present (stable-fixes).
- usb: typec: maxim_contaminant: disable low power mode when reading comparator values (git-fixes).
- usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean (git-fixes).
- usb: typec: tcpm/tcpci_maxim: fix irq wake usage (stable-fixes).
- usb: typec: tcpm: allow switching to mode accessory to mux properly (stable-fixes).
- usb: typec: tcpm: allow to use sink in accessory mode (stable-fixes).
- usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach (git-fixes).
- usb: typec: tcpm: properly deliver cable vdms to altmode drivers (git-fixes).
- usb: typec: tipd: Clear interrupts first (git-fixes).
- usb: typec: ucsi: Update power_supply on power role change (git-fixes).
- usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default (stable-fixes).
- usb: typec: ucsi: yoga-c630: fix error and remove paths (git-fixes).
- usb: vhci-hcd: Prevent suspending virtually attached devices (git-fixes).
- usb: xhci: Avoid showing errors during surprise removal (stable-fixes).
- usb: xhci: Avoid showing warnings for dying controller (stable-fixes).
- usb: xhci: Fix slot_id resource race conflict (git-fixes).
- usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command (stable-fixes).
- usb: xhci: print xhci->xhc_state when queue_command failed (stable-fixes).
- use uniform permission checks for all mount propagation changes (git-fixes).
- vdpa/mlx5: Fix needs_teardown flag calculation (git-fixes).
- vdpa: Fix IDR memory leak in VDUSE module exit (git-fixes).
- vhost-scsi: Fix log flooding with target does not exist errors (git-fixes).
- vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() (git-fixes).
- vhost/vsock: Avoid allocating arbitrarily-sized SKBs (git-fixes).
- vhost: Fix ioctl # for VHOST_[GS]ET_FORK_FROM_OWNER (git-fixes).
- vhost: Reintroduce kthread API and add mode selection (git-fixes).
- vhost: fail early when __vhost_add_used() fails (git-fixes).
- virtchnl2: add flow steering support (jsc#PED-13728).
- virtchnl2: rename enum virtchnl2_cap_rss (jsc#PED-13728).
- virtchnl: add PTP virtchnl definitions (jsc#PED-13728 jsc#PED-13762).
- virtio_net: Enforce minimum TX ring size for reliability (git-fixes).
- virtio_ring: Fix error reporting in virtqueue_resize (git-fixes).
- vmci: Prevent the dispatching of uninitialized payloads (git-fixes).
- vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page (git-fixes).
- vsock/virtio: Validate length in packet header before skb_put() (git-fixes).
- vt: defkeymap: Map keycodes above 127 to K_HOLE (git-fixes).
- vt: keyboard: Do not process Unicode characters in K_OFF mode (git-fixes).
- watchdog: dw_wdt: Fix default timeout (stable-fixes).
- watchdog: iTCO_wdt: Report error if timeout configuration fails (stable-fixes).
- watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog (git-fixes).
- watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition (stable-fixes).
- watchdog: ziirave_wdt: check record length in ziirave_firm_verify() (git-fixes).
- wifi: ath10k: avoid unnecessary wait for service ready message (git-fixes).
- wifi: ath10k: shutdown driver when hardware is unreliable (stable-fixes).
- wifi: ath11k: HAL SRNG: do not deinitialize and re-initialize again (git-fixes).
- wifi: ath11k: clear initialized flag for deinit-ed srng lists (git-fixes).
- wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() (git-fixes).
- wifi: ath11k: fix dest ring-buffer corruption (git-fixes).
- wifi: ath11k: fix dest ring-buffer corruption when ring is full (git-fixes).
- wifi: ath11k: fix group data packet drops during rekey (git-fixes).
- wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() (git-fixes).
- wifi: ath11k: fix source ring-buffer corruption (git-fixes).
- wifi: ath11k: fix suspend use-after-free after probe failure (git-fixes).
- wifi: ath12k: Add MODULE_FIRMWARE() entries (bsc#1250952).
- wifi: ath12k: Add memset and update default rate value in wmi tx completion (stable-fixes).
- wifi: ath12k: Correct tid cleanup when tid setup fails (stable-fixes).
- wifi: ath12k: Decrement TID on RX peer frag setup error handling (stable-fixes).
- wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0 (stable-fixes).
- wifi: ath12k: Fix station association with MBSSID Non-TX BSS (stable-fixes).
- wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() (git-fixes).
- wifi: ath12k: fix dest ring-buffer corruption (git-fixes).
- wifi: ath12k: fix dest ring-buffer corruption when ring is full (git-fixes).
- wifi: ath12k: fix endianness handling while accessing wmi service bit (git-fixes).
- wifi: ath12k: fix memory leak in ath12k_pci_remove() (stable-fixes).
- wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event (git-fixes).
- wifi: ath12k: fix source ring-buffer corruption (git-fixes).
- wifi: ath12k: fix the fetching of combined rssi (git-fixes).
- wifi: ath12k: fix wrong handling of CCMP256 and GCMP ciphers (git-fixes).
- wifi: ath12k: fix wrong logging ID used for CE (git-fixes).
- wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE (git-fixes).
- wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work (git-fixes).
- wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() (git-fixes).
- wifi: cfg80211: Fix interface type validation (stable-fixes).
- wifi: cfg80211: fix use-after-free in cmp_bss() (git-fixes).
- wifi: cfg80211: reject HTC bit for management frames (stable-fixes).
- wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() (git-fixes).
- wifi: cw1200: cap SSID length in cw1200_do_join() (git-fixes).
- wifi: iwlegacy: Check rate_idx range after addition (stable-fixes).
- wifi: iwlwifi: Add missing firmware info for bz-b0-* models (bsc#1252084).
- wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start() (git-fixes).
- wifi: iwlwifi: Fix memory leak in iwl_mvm_init() (git-fixes).
- wifi: iwlwifi: Remove redundant header files (git-fixes).
- wifi: iwlwifi: config: unify fw/pnvm MODULE_FIRMWARE (bsc#1252084).
- wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() (stable-fixes).
- wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect (stable-fixes).
- wifi: iwlwifi: mvm: avoid outdated reorder buffer head_sn (stable-fixes).
- wifi: iwlwifi: mvm: fix scan request validation (stable-fixes).
- wifi: iwlwifi: mvm: set gtk id also in older FWs (stable-fixes).
- wifi: iwlwifi: return ERR_PTR from opmode start() (stable-fixes).
- wifi: iwlwifi: uefi: check DSM item validity (git-fixes).
- wifi: libertas: cap SSID len in lbs_associate() (git-fixes).
- wifi: mac80211: Check 802.11 encaps offloading in ieee80211_tx_h_select_key() (git-fixes).
- wifi: mac80211: Do not call fq_flow_idx() for management frames (git-fixes).
- wifi: mac80211: Do not schedule stopped TXQs (git-fixes).
- wifi: mac80211: Write cnt before copying in ieee80211_copy_rnr_beacon() (git-fixes).
- wifi: mac80211: avoid weird state in error path (stable-fixes).
- wifi: mac80211: do not complete management TX on SAE commit (stable-fixes).
- wifi: mac80211: do not unreserve never reserved chanctx (stable-fixes).
- wifi: mac80211: fix Rx packet handling when pubsta information is not available (git-fixes).
- wifi: mac80211: fix incorrect type for ret (stable-fixes).
- wifi: mac80211: fix rx link assignment for non-MLO stations (stable-fixes).
- wifi: mac80211: increase scan_ies_len for S1G (stable-fixes).
- wifi: mac80211: reject TDLS operations when station is not associated (git-fixes).
- wifi: mac80211: update radar_required in channel context after channel switch (stable-fixes).
- wifi: mt76: fix linked list corruption (git-fixes).
- wifi: mt76: fix potential memory leak in mt76_wmac_probe() (git-fixes).
- wifi: mt76: free pending offchannel tx frames on wcid cleanup (git-fixes).
- wifi: mt76: mt7915: fix mt7981 pre-calibration (git-fixes).
- wifi: mt76: mt7915: mcu: re-init MCU before loading FW patch (stable-fixes).
- wifi: mt76: mt7925: adjust rm BSS flow to prevent next connection failure (git-fixes).
- wifi: mt76: mt7925: fix locking in mt7925_change_vif_links() (git-fixes).
- wifi: mt76: mt7925: fix the wrong bss cleanup for SAP (git-fixes).
- wifi: mt76: mt7925u: use connac3 tx aggr check in tx complete (git-fixes).
- wifi: mt76: mt7996: Convert mt7996_wed_rro_addr to LE (git-fixes).
- wifi: mt76: mt7996: Fix RX packets configuration for primary WED device (git-fixes).
- wifi: mt76: mt7996: Initialize hdr before passing to skb_put_data() (git-fixes).
- wifi: mt76: prevent non-offchannel mgmt tx during scan/roc (git-fixes).
- wifi: mwifiex: Initialize the chan_stats array to zero (git-fixes).
- wifi: mwifiex: send world regulatory domain to driver (git-fixes).
- wifi: nl80211: Set num_sub_specs before looping through sub_specs (git-fixes).
- wifi: plfxlc: Fix error handling in usb driver probe (git-fixes).
- wifi: rtl818x: Kill URBs before clearing tx status queue (git-fixes).
- wifi: rtl8xxxu: Do not claim USB ID 07b8:8188 (stable-fixes).
- wifi: rtl8xxxu: Fix RX skb size for aggregation disabled (git-fixes).
- wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc() (stable-fixes).
- wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()` (stable-fixes).
- wifi: rtlwifi: rtl8192cu: Do not claim USB ID 07b8:8188 (stable-fixes).
- wifi: rtw88: Fix macid assigned to TDLS station (git-fixes).
- wifi: rtw89: Fix rtw89_mac_power_switch() for USB (stable-fixes).
- wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB (stable-fixes).
- wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band (git-fixes).
- wifi: rtw89: avoid circular locking dependency in ser_state_run() (git-fixes).
- wifi: rtw89: scan abort when assign/unassign_vif (stable-fixes).
- wifi: rtw89: wow: Add Basic Rate IE to probe request in scheduled scan mode (stable-fixes).
- wifi: virt_wifi: Fix page fault on connect (stable-fixes).
- wifi: wilc1000: avoid buffer overflow in WID string configuration (stable-fixes).
- writeback: Avoid contention on wb->list_lock when switching inodes (bsc#1237776).
- writeback: Avoid contention on wb->list_lock when switching inodes (kABI fixup) (bsc#1237776).
- writeback: Avoid excessively long inode switching times (bsc#1237776).
- writeback: Avoid softlockup when switching many inodes (bsc#1237776).
- x86/CPU/AMD: Add CPUID faulting support (jsc#PED-13704).
- x86/Kconfig: Add arch attack vector support (git-fixes).
- x86/Kconfig: Always enable ARCH_SPARSEMEM_ENABLE (git-fixes).
- x86/boot: Sanitize boot params before parsing command line (git-fixes).
- x86/bugs: Add SRSO_MITIGATION_NOSMT (git-fixes).
- x86/bugs: Add attack vector controls for BHI (git-fixes).
- x86/bugs: Add attack vector controls for GDS (git-fixes).
- x86/bugs: Add attack vector controls for ITS (git-fixes).
- x86/bugs: Add attack vector controls for L1TF (git-fixes).
- x86/bugs: Add attack vector controls for MDS (git-fixes).
- x86/bugs: Add attack vector controls for MMIO (git-fixes).
- x86/bugs: Add attack vector controls for RFDS (git-fixes).
- x86/bugs: Add attack vector controls for SRBDS (git-fixes).
- x86/bugs: Add attack vector controls for SRSO (git-fixes).
- x86/bugs: Add attack vector controls for SSB (git-fixes).
- x86/bugs: Add attack vector controls for TAA (git-fixes).
- x86/bugs: Add attack vector controls for TSA (git-fixes).
- x86/bugs: Add attack vector controls for retbleed (git-fixes).
- x86/bugs: Add attack vector controls for spectre_v1 (git-fixes).
- x86/bugs: Add attack vector controls for spectre_v2 (git-fixes).
- x86/bugs: Add attack vector controls for spectre_v2_user (git-fixes).
- x86/bugs: Allow ITS stuffing in eIBRS+retpoline mode also (git-fixes).
- x86/bugs: Avoid AUTO after the select step in the retbleed mitigation (git-fixes).
- x86/bugs: Avoid warning when overriding return thunk (git-fixes).
- x86/bugs: Clean up SRSO microcode handling (git-fixes).
- x86/bugs: Define attack vectors relevant for each bug (git-fixes).
- x86/bugs: Fix GDS mitigation selecting when mitigation is off (git-fixes).
- x86/bugs: Introduce cdt_possible() (git-fixes).
- x86/bugs: Print enabled attack vectors (git-fixes).
- x86/bugs: Remove its=stuff dependency on retbleed (git-fixes).
- x86/bugs: Select best SRSO mitigation (git-fixes).
- x86/bugs: Simplify the retbleed=stuff checks (git-fixes).
- x86/bugs: Use IBPB for retbleed if used by SRSO (git-fixes).
- x86/bugs: Use switch/case in its_apply_mitigation() (git-fixes).
- x86/cacheinfo: Properly parse CPUID(0x80000005) L1d/L1i associativity (git-fixes).
- x86/cacheinfo: Properly parse CPUID(0x80000006) L2/L3 associativity (git-fixes).
- x86/cpu: Sanitize CPUID(0x80000000) output (git-fixes).
- x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 (git-fixes).
- x86/fpu/xstate: Fix inconsistencies in guest FPU xfeatures (git-fixes).
- x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct() (git-fixes).
- x86/fpu: Delay instruction pointer fixup until after warning (git-fixes).
- x86/fpu: Fix guest FPU state buffer allocation size (git-fixes).
- x86/fpu: Fully optimize out WARN_ON_FPU() (git-fixes).
- x86/fpu: Refactor xfeature bitmask update code for sigframe XSAVE (git-fixes).
- x86/fred/signal: Prevent immediate repeat of single step trap on return from SIGTRAP handler (git-fixes).
- x86/headers: Replace __ASSEMBLY__ with __ASSEMBLER__ in UAPI headers (git-fixes).
- x86/locking: Use ALT_OUTPUT_SP() for percpu_{,try_}cmpxchg{64,128}_op() (git-fixes).
- x86/mce/amd: Add default names for MCA banks and blocks (git-fixes).
- x86/mce: Do not remove sysfs if thresholding sysfs init fails (git-fixes).
- x86/mce: Ensure user polling settings are honored when restarting timer (git-fixes).
- x86/mce: Make sure CMCI banks are cleared during shutdown on Intel (git-fixes).
- x86/microcode/AMD: Handle the case of no BIOS microcode (git-fixes).
- x86/microcode: Consolidate the loader enablement checking (git-fixes).
- x86/microcode: Update the Intel processor flag scan check (git-fixes).
- x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() (git-fixes).
- x86/mm/pat: do not collapse pages without PSE set (git-fixes).
- x86/nmi: Add an emergency handler in nmi_desc & use it in nmi_shootdown_cpus() (git-fixes).
- x86/percpu: Disable named address spaces for UBSAN_BOOL with KASAN for GCC < 14.2 (git-fixes).
- x86/pkeys: Simplify PKRU update in signal frame (git-fixes).
- x86/platform/olpc: Remove unused variable 'len' in olpc_dt_compatible_match() (git-fixes).
- x86/pti: Add attack vector controls for PTI (git-fixes).
- x86/rdrand: Disable RDSEED on AMD Cyan Skillfish (git-fixes).
- x86/smp: Allow calling mwait_play_dead with an arbitrary hint (jsc#PED-13815).
- x86/smp: Fix mwait_play_dead() and acpi_processor_ffh_play_dead() noreturn behavior (jsc#PED-13815).
- x86/smp: PM/hibernate: Split arch_resume_nosmt() (jsc#PED-13815).
- x86/smpboot: Fix INIT delay assignment for extended Intel Families (git-fixes).
- x86/topology: Implement topology_is_core_online() to address SMT regression (jsc#PED-13815).
- x86/traps: Initialize DR6 by writing its architectural reset value (git-fixes).
- xen/gntdev: remove struct gntdev_copy_batch from stack (git-fixes).
- xen/netfront: Fix TX response spurious interrupts (git-fixes).
- xen: fix UAF in dmabuf_exp_from_pages() (git-fixes).
- xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO (git-fixes).
- xfs: change xfs_xattr_class from a TRACE_EVENT() to DECLARE_EVENT_CLASS() (git-fixes).
- xfs: do not propagate ENODATA disk errors into xattr code (git-fixes).
- xfs: fix scrub trace with null pointer in quotacheck (git-fixes).
- xfs: only create event xfs_file_compat_ioctl when CONFIG_COMPAT is configure (git-fixes).
- xfs: remove unused event xfs_alloc_near_error (git-fixes).
- xfs: remove unused event xfs_alloc_near_nominleft (git-fixes).
- xfs: remove unused event xfs_attr_node_removename (git-fixes).
- xfs: remove unused event xfs_ioctl_clone (git-fixes).
- xfs: remove unused event xfs_pagecache_inval (git-fixes).
- xfs: remove unused event xlog_iclog_want_sync (git-fixes).
- xfs: remove unused trace event xfs_attr_remove_iter_return (git-fixes).
- xfs: remove unused trace event xfs_attr_rmtval_set (git-fixes).
- xfs: remove unused trace event xfs_discard_rtrelax (git-fixes).
- xfs: remove unused trace event xfs_log_cil_return (git-fixes).
- xfs: remove unused trace event xfs_reflink_cow_enospc (git-fixes).
- xfs: remove unused xfs_attr events (git-fixes).
- xfs: remove unused xfs_reflink_compare_extents events (git-fixes).
- xfs: remove usused xfs_end_io_direct events (git-fixes).
- xhci: dbc: Fix full DbC transfer ring after several reconnects (git-fixes).
- xhci: dbc: decouple endpoint allocation from initialization (git-fixes).
- xhci: fix memory leak regression when freeing xhci vdev devices depth first (git-fixes).
- xirc2ps_cs: fix register access when enabling FullDuplex (git-fixes).
- zram: permit only one post-processing operation at a time (git-fixes).
Patchnames
SUSE-SLES-16.0-50
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).